Check Verification Code
Contents
Verify Two-Factor Authentication Code
Base URL
https://apimobile.callproof.com
Endpoint
/api/v1/check-verification-code
Purpose
Validates a six-digit verification code previously sent to a registered email address.
When verification succeeds, the supplied mobile device is recognized as having completed two-factor authentication. This allows the user to access APIs protected by two-factor verification.
The verification code remains valid for three minutes.
HTTP Method
POST
Headers
| Header | Required | Description |
|---|---|---|
| Authorization | Yes | Bearer access token. |
| Content-Type | Yes | application/x-www-form-urlencoded or application/json.
|
Security
- Yes – Requires Bearer Token authentication.
- The access token must be active and unexpired.
- The authenticated user and associated company account must be active.
- Completed two-factor verification is not required because this endpoint performs the verification.
Parameters
Request Body Fields
| Parameter | Type | Required | Description |
|---|---|---|---|
| string | Yes | The registered email address to which the verification code was sent. | |
| verification_code | string | Yes | The six-digit verification code received by email. |
| device_id_app | string | Yes | The mobile device notification token used to associate successful verification with the device. |
Successful Response (200)
Confirms that the verification code is valid and that two-factor authentication was completed successfully for the supplied device.
The verified device may remain recognized for up to one year.
| Response Field | Type | Description |
|---|---|---|
| clientStatusCode | integer | Business-level response status. Successful verification returns 200.
|
| user_id | integer | The authenticated user's unique identifier. |
| company_id | integer | The company associated with the authenticated user. |
| message | string | Confirmation message. The successful value is Code Verified Successfully.
|
| uri | string | The URL of the verification request. |
Error Responses
| HTTP Status Code | Client Status Code | Meaning |
|---|---|---|
| 200 | 401 | The required email field was not supplied.
|
| 200 | 401 | The required verification_code field was not supplied.
|
| 200 | 401 | The required device_id_app field was not supplied.
|
| 200 | 401 | The supplied email address is not registered. |
| 200 | 401 | The verification code does not match the supplied email address. |
| 200 | 400 | The verification code is more than three minutes old. |
| 200 | 400 | The verification result could not be recorded. |
| 401 | 401 | The Bearer token is missing or invalid. |
| 401 | 401 | The access token has expired. |
| 401 | 401 | The authenticated user or company account is disabled. |
| 401 | 401 | A required client application update must be installed. |
Error Response Fields
| Response Field | Type | Description |
|---|---|---|
| clientStatusCode | integer | The business-level error status, commonly 400 or 401.
|
| error.code | integer | The business error code. |
| error.message | string | A plain-language explanation of the verification failure. |
| uri | string | The URL of the request. |
Common Error Messages
| Message | Meaning |
|---|---|
| Email Does Not Exist | The supplied email address is not registered. |
| Invalid code. Please try again. | The supplied code does not match the email address. |
| Verification Code Expired! | The code is more than three minutes old. |
Common Error Codes
| Error Code | Meaning |
|---|---|
| 1500 | Authentication, validation, email lookup, or code verification failed. |
| 1800 | The user or company account is disabled. |
| 8000 | The access token has expired. |
| 9000 | A required client application update is available. |