Skip to main content
POST
/
accounts
/
verify
Verify account OTP
curl --request POST \
  --url https://grid.squads.xyz/api/grid/v1/accounts/verify \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'x-grid-environment: <api-key>' \
  --header 'x-idempotency-key: <x-idempotency-key>' \
  --data '{
  "email": "user@example.com",
  "otp_code": "123456",
  "kms_provider_config": {
    "encryption_public_key": "base64encodedkey..."
  }
}'
{
  "data": {
    "address": "11111111111111111111111111111112",
    "policies": {
      "signers": [
        {
          "address": "11111111111111111111111111111112",
          "role": "primary",
          "permissions": [
            "Initiate"
          ],
          "provider": "privy"
        }
      ],
      "threshold": 5,
      "time_lock": 2,
      "admin_address": "11111111111111111111111111111112"
    },
    "grid_user_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "authentication": [
      {
        "provider": "<string>",
        "session": {
          "user_id": "<string>",
          "session": {}
        }
      }
    ]
  },
  "metadata": {
    "request_id": "123e4567-e89b-12d3-a456-426614174000",
    "timestamp": "2023-07-15T14:30:00.000Z"
  }
}
This endpoint verifies the OTP received via email and completes the account creation process by deploying a Grid Account on the Solana blockchain with TEE-encrypted authorization keys.
Using the Grid API directly requires advanced configurations. Grid SDK is the recommended way to create accounts. It handles account creation, key management, authentication, automatic failover, and transaction signing. Learn more about the Grid SDK in the Grid SDK guide.
This is step 2 of the email-based Grid Account creation flow. You must have called the Create Account endpoint to initiate account creation before calling this endpoint.

OTP Limits

  • Attempts: Maximum 3 verification attempts per OTP
  • Expiration: 15-minute window from account creation
  • Retry: Must initiate new account creation if limits exceeded
The decrypted authorization key can be used to sign transactions on behalf of the Grid Account address.

Required Configuration

When using Privy as the authentication provider (default), you must include a kms_provider_config with your HPKE public key to receive encrypted authorization keys. This enables secure transaction signing for your Grid Account.

Complete Implementation Guide

For comprehensive implementation details including:
  • kms_provider_config creation
  • HPKE keypair generation with P-256 curve and DER formatting
  • Authorization key decryption using ECDH + HKDF + ChaCha20-Poly1305
  • Transaction payload signing with JSON canonicalization
  • Error handling and security best practices
  • Language-agnostic examples
See the Primary Provider Integration guide.

Authorizations

Authorization
string
header
required

API key authentication with Bearer token. Include the API key in the Authorization header as 'Bearer YOUR_API_KEY'

x-grid-environment
string
header
required

Environment identifier for the Grid API. Use 'sandbox' for testing on devnet or 'production' for production on mainnet.

Headers

x-idempotency-key
string<uuid>
required

Unique key to ensure idempotent operations

Body

application/json
email
string<email>
required

Email address for verification

otp_code
string
required

6-digit OTP code

Required string length: 6
kms_provider_config
object
required

Configuration specific to Privy KMS provider

Response

Account verified successfully

data
object
required

The actual response payload

metadata
object
required
I