> ## Documentation Index
> Fetch the complete documentation index at: https://developers.squads.so/llms.txt
> Use this file to discover all available pages before exploring further.
# Verify Account OTP
> Verify OTP for email-based account creation and complete account setup
This endpoint verifies the OTP received via email and completes the account creation process by deploying a Grid Account on the Solana blockchain with TEE-encrypted authorization keys.
Using the Grid API directly requires **advanced configurations**. Grid SDK is
the recommended way to create accounts. It handles account creation, key
management, authentication, automatic failover, and transaction signing. Learn
more about the Grid SDK in the [Grid SDK](/grid/v1/sdk-reference) guide.
This is step 2 of the email-based Grid Account creation flow. You must have
called the [Create
Account](/grid/v1/api-reference/endpoint/account-management/post) endpoint to
initiate account creation before calling this endpoint.
### OTP Limits
* **Attempts**: Maximum 3 verification attempts per OTP
* **Expiration**: 15-minute window from account creation
* **Retry**: Must initiate new account creation if limits exceeded
The decrypted authorization key can be used to sign transactions on behalf of the Grid Account address.
### Required Configuration
When using Privy as the authentication provider (default), you must include a kms\_provider\_config with your HPKE public key to receive encrypted authorization keys. This enables secure transaction signing for your Grid Account.
## Complete Implementation Guide
For comprehensive implementation details including:
* **kms\_provider\_config creation**
* **HPKE keypair generation** with P-256 curve and DER formatting
* **Authorization key decryption** using ECDH + HKDF + ChaCha20-Poly1305
* **Transaction payload signing** with JSON canonicalization
* **Error handling** and security best practices
* **Language-agnostic examples**
See the [Primary Provider Integration](/grid/v1/api-reference/advanced/privy-signing) guide.
## OpenAPI
````yaml POST /api/grid/v1/accounts/verify
openapi: 3.1.0
info:
title: Grid v1 API
description: Grid v1 REST API for Solana-based smart account system
contact:
name: Grid API Support
url: https://squads.so
email: support@squads.so
license:
name: MIT
version: 1.0.0
servers:
- url: https://grid.squads.xyz
description: Production server
security:
- bearer_auth: []
tags:
- name: accounts
description: Smart account management operations
- name: spending-limits
description: Spending limit management
- name: standing-orders
description: Standing order operations
- name: transactions
description: Transaction management
- name: trade
description: Trade operations and management
- name: payments
description: Payment intent operations
- name: passkeys
description: Passkey management
- name: kyc
description: Know Your Customer operations
- name: external-accounts
description: External bank account management
- name: virtual-accounts
description: Virtual account management
- name: auth
description: Authentication operations
- name: proposals
description: Proposal management for multi-sig operations
- name: compliance
description: Compliance entity management and KYB/KYC operations
paths:
/api/grid/v1/accounts/verify:
post:
tags:
- accounts
operationId: handler
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/VerifyOtpRequestPayload'
required: true
responses:
'201':
description: Account verified and created successfully
content:
application/json:
schema:
$ref: '#/components/schemas/GridApiResponse_VerifyOtpResponsePayload'
'400':
description: Invalid request parameters or OTP
'409':
description: Smart account already exists
'500':
description: Internal server error
security:
- bearer_auth: []
components:
schemas:
VerifyOtpRequestPayload:
type: object
required:
- email
- otp_code
- kms_provider_config
properties:
email:
type: string
kms_provider_config:
$ref: '#/components/schemas/PrivyKmsProviderConfig'
otp_code:
type: string
GridApiResponse_VerifyOtpResponsePayload:
type: object
required:
- data
- metadata
properties:
data:
type: object
required:
- address
- status
- policies
- grid_user_id
- authentication
properties:
address:
type: string
authentication:
type: array
items:
$ref: '#/components/schemas/AuthenticationProvider'
grid_user_id:
type: string
policies:
$ref: '#/components/schemas/AccountPolicies'
status:
type: string
metadata:
$ref: '#/components/schemas/Metadata'
PrivyKmsProviderConfig:
type: object
properties:
encryption_public_key:
type:
- string
- 'null'
additionalProperties: false
AuthenticationProvider:
type: object
required:
- provider
- session
properties:
provider:
$ref: '#/components/schemas/GridMPCProvider'
session:
$ref: '#/components/schemas/Session'
AccountPolicies:
type: object
required:
- signers
- threshold
properties:
admin_address:
type:
- string
- 'null'
signers:
type: array
items:
$ref: '#/components/schemas/AccountSigner'
threshold:
type: integer
format: int32
minimum: 0
time_lock:
type:
- integer
- 'null'
format: int32
minimum: 0
Metadata:
type: object
required:
- request_id
- timestamp
properties:
request_id:
type: string
timestamp:
type: string
format: date-time
GridMPCProvider:
type: string
enum:
- privy
- dynamic
- passkey
- turnkey
- external
Session:
oneOf:
- type: object
required:
- Privy
properties:
Privy:
$ref: '#/components/schemas/PrivySession'
- type: object
required:
- Turnkey
properties:
Turnkey:
$ref: '#/components/schemas/TurnkeySession'
- type: object
required:
- Passkey
properties:
Passkey:
$ref: '#/components/schemas/PasskeySession'
AccountSigner:
type: object
required:
- address
- role
- permissions
properties:
address:
type: string
permissions:
type: array
items:
$ref: '#/components/schemas/Permission'
provider:
$ref: '#/components/schemas/GridMPCProvider'
role:
$ref: '#/components/schemas/GridSignerRole'
PrivySession:
type: object
required:
- user_id
- session
- token
- privy_access_token
- refresh_token
properties:
privy_access_token:
type: string
refresh_token:
type: string
session:
$ref: '#/components/schemas/AuthenticateResponse'
token:
type: string
user_id:
type: string
TurnkeySession:
type: object
required:
- user_id
- api_key_id
- credential_bundle
properties:
api_key_id:
type: string
credential_bundle:
type: string
user_id:
type: string
PasskeySession:
type: object
required:
- passkey_account
- pubkey
- relying_party_id
- session_key
properties:
passkey_account:
type: string
pubkey:
type: string
relying_party_id:
type: string
session_key:
$ref: '#/components/schemas/SessionKey'
Permission:
type: string
enum:
- CAN_INITIATE
- CAN_VOTE
- CAN_EXECUTE
GridSignerRole:
type: string
enum:
- primary
- backup
AuthenticateResponse:
type: object
required:
- expires_at
- wallets
properties:
authorization_key:
type:
- string
- 'null'
encrypted_authorization_key:
oneOf:
- type: 'null'
- $ref: '#/components/schemas/EncryptedAuthorizationKey'
expires_at:
type: integer
format: int64
minimum: 0
wallets:
type: array
items:
$ref: '#/components/schemas/Wallet'
SessionKey:
type: object
description: >-
Grid v1 API SessionKey type that supports backward-compatible
deserialization
from both raw bytes array (old format) and base58 string (new format).
Always serializes to base58 string format.
required:
- key
- expiration
properties:
expiration:
type: integer
format: int64
minimum: 0
key:
type: string
example: '11111111111111111111111111111111'
EncryptedAuthorizationKey:
type: object
required:
- encryption_type
- encapsulated_key
- ciphertext
properties:
ciphertext:
type: string
encapsulated_key:
type: string
encryption_type:
type: string
Wallet:
type: object
required:
- id
- address
- created_at
- chain_type
- policy_ids
- additional_signers
properties:
additional_signers:
type: array
items:
$ref: '#/components/schemas/AdditionalSigner'
address:
type: string
chain_type:
$ref: '#/components/schemas/WalletChainType'
created_at:
type: integer
format: int64
minimum: 0
exported_at:
type:
- integer
- 'null'
format: int64
minimum: 0
id:
type: string
imported_at:
type:
- integer
- 'null'
format: int64
minimum: 0
owner_id:
type:
- string
- 'null'
policy_ids:
type: array
items:
type: string
public_key:
type:
- string
- 'null'
AdditionalSigner:
type: object
required:
- signer_id
properties:
override_policy_ids:
type: array
items:
type: string
nullable: true
signer_id:
type: string
WalletChainType:
type: string
enum:
- solana
- ethereum
- cosmos
- stellar
- sui
- tron
- bitcoin-segwit
securitySchemes:
bearer_auth:
type: http
scheme: bearer
description: Your Grid API key from the Grid Dashboard
````