Documentation version: Latest (v1)
API endpoint
Send backend OTP
Server-to-server OTP send using API key only.
POST/api/v1/backend-otp/send
Auth: Bearer API key with server_otp scope
Required headers
| Header | Required | Value | Description |
|---|---|---|---|
| Authorization | Yes | Bearer <token> | API key, server OTP key, or public OTP token depending on endpoint. |
| Content-Type | Yes | application/json | All POST requests expect JSON payloads. |
Request body
| Field | Type | Required | Description |
|---|---|---|---|
| string | Yes | Recipient email. | |
| subject | string | No | Subject override. |
| verificationLine | string | No | Body intro line. |
| expiresInSeconds | number | No | Expiry window. |
| otpDigits | number | No | Code length. |
Code examples (all supported languages)
Snippets use placeholder tokens. Replace them with real credentials from your dashboard.
curl -X POST "https://risumail.risu.in/api/v1/backend-otp/send" \
-H "Authorization: Bearer YOUR_SERVER_OTP_KEY" \
-H "Content-Type: application/json" \
-d '{"email":"user@example.com","expiresInSeconds":600}'Response schema
Canonical schema inferred from the documented success payload. Copy this block when generating typed clients.
{
"type": "object",
"required": [
"success",
"data"
],
"properties": {
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"required": [
"sessionId",
"expiresAt",
"email",
"sent"
],
"properties": {
"sessionId": {
"type": "string"
},
"expiresAt": {
"type": "string"
},
"email": {
"type": "string"
},
"sent": {
"type": "boolean"
}
}
}
}
}Success response example
{
"success": true,
"data": {
"sessionId": "otp_backend_01J...",
"expiresAt": "2026-04-19T11:53:00.000Z",
"email": "user@example.com",
"sent": true
}
}Common error cases
| Status | Code | When |
|---|---|---|
| 403 | SCOPE_REQUIRED | Key does not include server_otp scope. |
| 429 | RATE_LIMITED | OTP quota exceeded. |
Implementation notes
- Unlike instant-otp public mode, this flow does not enforce public token IP allowlist checks.