# Validate reset OTP Email

Validate a reset password OTP. Required permissions: apps:execute, [appId]:execute, auth:execute.

Endpoint: POST /v1/auth/password/reset/email/otp/validate
Security: ClientAccessToken

## Request fields (application/json):

  - `email` (string, required)
    Email address that the OTP was sent to

  - `passcode` (string, required)
    OTP to validate

## Response 200 fields (application/json):

  - `result` (string, required)
    Reset token to be used when sending a reset request (/auth/password/reset)

## Response 400 fields (application/json):

  - `error_code` (string)
    Enum: "auth_invalid_credentials", "user_unknown_identifier_type"

  - `message` (string)

## Response 403 fields (application/json):

  - `error_code` (string)
    Enum: "auth_otp_invalid_request_id", "auth_login_preferences_missing", "auth_locked", "auth_invalid_credentials"

  - `message` (string)

## Response 404 fields (application/json):

  - `error_code` (string)
    Enum: "client_not_exist", "app_not_exist"

  - `message` (string)