Easy Labs
APIAccount & operationsEasy connect

Verify the OTP and mint a customer-session token

Checks the code against Twilio Verify. On approval, stamps `phone_verified_at` (and `email_verified_at` if not previously set) on the easy.customers row and returns a 15-minute customer-session JWT scoped to the optional embed session_id.

POST
/v1/api/easy-connect/verify

Authorization

apiKey
x-easy-api-key<token>

Merchant API key. Publishable keys (pk_test_* / pk_live_) are safe for browser/frontend use and carry a limited scope set (sessions, payment_instruments, customers, orders writes; products, product_prices, payment_links reads). Secret keys (sk_test_ / sk_live_*) grant full admin access and must only be used server-side.

In: header

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

application/json

application/json

application/json

application/json

curl -X POST "https://loading/v1/api/easy-connect/verify" \  -H "Content-Type: application/json" \  -d '{    "email": "user@example.com",    "code": "string"  }'
{
  "success": true,
  "timestamp": "2019-08-24T14:15:22Z",
  "data": null,
  "message": "string",
  "pagination": {
    "total": 0,
    "limit": 1,
    "offset": 0,
    "has_more": true,
    "cursors": {
      "first": "string",
      "last": "string"
    }
  }
}
{
  "success": false,
  "timestamp": "2019-08-24T14:15:22Z",
  "error": {
    "code": "string",
    "message": "string",
    "details": null
  }
}
{
  "success": false,
  "timestamp": "2019-08-24T14:15:22Z",
  "error": {
    "code": "string",
    "message": "string",
    "details": null
  }
}
{
  "success": false,
  "timestamp": "2019-08-24T14:15:22Z",
  "error": {
    "code": "string",
    "message": "string",
    "details": null
  }
}
{
  "success": false,
  "timestamp": "2019-08-24T14:15:22Z",
  "error": {
    "code": "string",
    "message": "string",
    "details": null
  }
}

Send a verification code to the customer's phone

Triggers Twilio Verify to deliver an SMS OTP. Gated by per-IP / per-email / per-phone rate limits, country eligibility, and the email-must-be-enrolled rule. Returns `{sent: true}` on success and `{sent: false}` for any rejection — never leaks which gate failed.

List cross-merchant saved methods for the authenticated customer

Returns canonical payment methods for the customer encoded in the customer-session JWT (Authorization: Bearer). Display metadata only — the per-merchant Finix PI id is intentionally omitted here; the iframe materializes it on demand at transfer time. Pass ?include_archived=true to include soft-deleted methods.