> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hanko.io/llms.txt
> Use this file to discover all available pages before exploring further.
> Finalize a passcode login.
# Finalize passcode login
Deprecated. Please use the [Flow API](/api-reference/flow/registration) instead. [What's the Flow API?](/using-the-api/understanding-the-flow-api).
Finalize a passcode login given the `id` of the passcode and the actual `code` provided in the email sent
to the user during initialization.
On success, sets the User's `verified` status to `true`
## OpenAPI
````yaml openapi-public post /passcode/login/finalize
openapi: 3.0.0
info:
version: 1.2.0
title: Hanko Public API
description: >
## Introduction
This is the OpenAPI specification for the [Hanko Public
API](https://github.com/teamhanko/hanko/blob/main/backend/README.md#basic-usage).
## Authentication
The API uses [JSON Web Tokens](https://www.rfc-editor.org/rfc/rfc7519.html)
(JWTs) for authentication.
JWTs are verified using [JSON Web
Keys](https://www.rfc-editor.org/rfc/rfc7517) (JWK).
JWKs can be
[configured](https://github.com/teamhanko/hanko/blob/main/backend/docs/Config.md#all-available-config-options)
through the `secrets.keys` options. The API also publishes public
cryptographic keys as a
[JWK set](https://www.rfc-editor.org/rfc/rfc7517#section-2) through the
`.well-known/jwks.json` endpoint
to enable clients to verify token signatures.
JWTs must be provided on requests to protected endpoints using one of the
following schemes:
### CookieAuth
**Security Scheme Type**: `API Key`
**Cookie parameter name**: `hanko`
The JWT must be provided in a Cookie with the name `hanko`.
### BearerTokenAuth
**Security Scheme Type**: `http`
**HTTP Authorization Scheme**: `Bearer`
**Bearer format**: `JWT`
The JWT must be provided in an HTTP Authorization header with bearer type:
`Authorization: Bearer `.
## Cross-Origin Resource Sharing
Cross-Origin Resource Sharing (CORS) can be currently
[configured](https://github.com/teamhanko/hanko/blob/main/backend/docs/Config.md#all-available-config-options)
for public endpoints via the `server.public.cors` options.
---
contact:
email: developers@hanko.io
license:
name: AGPL-3.0-or-later
url: https://www.gnu.org/licenses/agpl-3.0.txt
servers:
- url: https://{tenant_id}.hanko.io
variables:
tenant_id:
default: ''
description: The (UU)ID of a tenant. Replace the default value with your tenant ID.
security: []
externalDocs:
description: More about Hanko
url: https://github.com/teamhanko/hanko
paths:
/passcode/login/finalize:
post:
tags:
- Passcode
summary: Finalize passcode login
description: >
Finalize a passcode login given the `id` of the passcode and the actual
`code` provided in the the email sent
to the user during initialization.
On success, sets the User's `verified` status to `true`.
operationId: passcodeFinal
requestBody:
content:
application/json:
schema:
type: object
properties:
id:
description: The ID of the passcode
allOf:
- $ref: '#/components/schemas/UUID4'
code:
type: string
minLength: 6
maxLength: 6
description: >
The actual passcode from the email sent to the user during
initialization,
a string of 6 decimal digits
example: '897481'
responses:
'200':
description: Successful passcode login finalization
headers:
X-Auth-Token:
description: >
Present only when enabled via
[configuration](https://github.com/teamhanko/hanko/blob/main/backend/docs/Config.md#hanko-backend-config)
option `session.enable_auth_token_header`
for purposes of cross-domain communication between client and
Hanko API.
schema:
$ref: '#/components/schemas/X-Auth-Token'
X-Session-Lifetime:
description: |
Contains the seconds until the session expires.
schema:
$ref: '#/components/schemas/X-Session-Lifetime'
Set-Cookie:
description: >
Contains the JSON Web Token (JWT) that must be provided to
protected endpoints.
Cookie attributes (e.g. domain) can be set via
[configuration](https://github.com/teamhanko/hanko/blob/main/backend/docs/Config.md#hanko-backend-config)
option `session.cookie`.
schema:
$ref: '#/components/schemas/CookieSession'
content:
application/json:
schema:
$ref: '#/components/schemas/Passcode'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'408':
$ref: '#/components/responses/RequestTimeOut'
'410':
$ref: '#/components/responses/Gone'
'500':
$ref: '#/components/responses/InternalServerError'
deprecated: true
components:
schemas:
UUID4:
type: string
format: uuid4
example: c339547d-e17d-4ba7-8a1d-b3d5a4d17c1c
X-Auth-Token:
description: >
Enable via
[configuration](https://github.com/teamhanko/hanko/blob/main/backend/docs/Config.md#hanko-backend-config)
option `session.enable_auth_token_header`
for purposes of cross-domain communication between client and Hanko API.
type: string
format: JWT
externalDocs:
url: >-
https://github.com/teamhanko/hanko/blob/main/backend/docs/Config.md#hanko-backend-config
X-Session-Lifetime:
description: |
Contains the seconds until the session expires.
type: number
CookieSession:
type: string
description: >-
Value `` is a [JSON Web
Token](https://www.rfc-editor.org/rfc/rfc7519.html)
example: hanko=; Path=/; HttpOnly
Passcode:
description: Representation of a passcode
type: object
properties:
id:
description: The ID of the passcode
allOf:
- $ref: '#/components/schemas/UUID4'
ttl:
type: integer
description: Lifespan of a passcode in seconds
example: 300
created_at:
description: Time of creation of the passcode
type: string
format: date-time
Error:
type: object
required:
- code
- message
properties:
code:
type: integer
format: int32
message:
type: string
responses:
BadRequest:
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
example:
code: 400
message: Bad Request
Unauthorized:
description: Unauthorized
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
example:
code: 401
message: Unauthorized
Forbidden:
description: Forbidden
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
example:
code: 403
message: Forbidden
RequestTimeOut:
description: Request Timeout
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
example:
code: 408
message: Request Timeout
Gone:
description: Gone
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
example:
code: 410
message: Gone
InternalServerError:
description: Internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
example:
code: 500
message: Internal Server Error
````