Skip to main content
GET
My OTP policy

Authorizations

Authorization
string
header
required

Session JWT (from register/login) or API key (pk_...). X-API-Key: <token> is accepted as an alternative header.

Response

Effective policy.

enabled
boolean
phone
string

Masked phone ("" when unset).

phone_verified
boolean
actions
object[]
Last modified on July 18, 2026