# Validate SMS OTP

Validate a one-time passcode (OTP) sent by SMS. This API is used to verify the SMS OTP sent to the user. The phone number will be added to the user profile and marked as verified. The endpoint will not authenticate the user (or create new users), and no tokens are returned. Required permissions: apps:execute, [appId]:execute, auth:execute.

Endpoint: POST /v1/users/{user_id}/phone/verification/verify
Security: ClientAccessToken

## Path parameters:

  - `user_id` (string, required)
    ID of the user

## Request fields (application/json):

  - `phone_number` (string, required)
    Phone number that the SMS OTP was sent to

  - `passcode` (string, required)
    OTP to validate

  - `update_primary` (boolean)
    Allows the request to update the user's current verified primary phone number. If the user profile already has a verified primary phone number, it will override it if true or add it as their secondary phone number if false

## Response 200 fields (application/json):

  - `result` (boolean, required)
    Boolean value indicating if SMS verification succeeded

## Response 404 fields (application/json):

  - `message` (string, required)

  - `error_code` (number, required)
    Example: 404

## Response 409 fields (application/json):

  - `message` (string, required)
    Example: "Phone number is already verified in the tenant"

  - `error_code` (number, required)
    Example: 409


## Response 400 fields