Skip to main content
GET
/
api
/
sys
/
users
/
sendOtp
{
  "WasSuccessful": true,
  "Value": {},
  "Status": 123,
  "Message": {},
  "Errors": "<any>",
  "400 Bad Request": {},
  "429 Too Many Requests": {}
}

Send OTP

Sends a one-time password to the provided email address for passwordless authentication. The customer enters the OTP in the portal to obtain a bearer token without needing their full password. This supports magic-link and OTP-based sign-in flows.

Authentication

No authentication required. This is a public endpoint.

Query Parameters

email
string
required
The email address of the customer to send the OTP to. URL-encode this value.
businessId
number
required
The numeric identifier of the location. Ensures the OTP email uses the correct branding and is associated with the right space.

Response

Returns an ActionConfirmation envelope. As with the password-reset flow, the response does not reveal whether the email address is registered.
WasSuccessful
boolean
true when the OTP was dispatched (or when no account was found — intentionally the same to prevent enumeration).
Value
string | null
Usually null.
Status
number
HTTP-style status code mirrored in the body. 200 on success.
Message
string | null
Human-readable message. Usually null on success.
Errors
any
Validation errors. null on success.

Example Response

{
  "WasSuccessful": true,
  "Value": null,
  "Status": 200,
  "Message": null,
  "Errors": null
}

TypeScript Integration

import endpoints from '@/api/endpoints'

const url = endpoints.system.users.sendOtp(email, businessId)
// => '/api/sys/users/sendOtp?email=jane.doe%40example.com&businessId=7'

await httpClient.get(url)

Usage in Portal

ContextSource file
OTP / magic-link sign-in flowsrc/views/auth/SignIn/

Error Responses

400 Bad Request
error
The email or businessId parameter is missing or malformed.
429 Too Many Requests
error
OTP requests are rate-limited. The customer must wait before requesting another code.
MethodEndpointDescription
POST/api/sys/users/startPasswordResetTrigger a full password-reset email
POST/api/sys/users/exchangeExchange a JWT (including OTP result) for a token
POST/api/tokenStandard credential-based sign-in