Stytch · Arazzo Workflow

Stytch B2B Email OTP Discovery and Exchange

Version 1.0.0

Send a discovery email OTP, authenticate the code, then exchange into an organization.

1 workflow 1 source API 1 provider
View Spec View on GitHub AuthenticationIdentityPasswordlessSecurityB2BConnected AppsMCPAI AgentsDeveloper ToolsArazzoWorkflows

Provider

stytch

Workflows

email-otp-discovery
Send a discovery email OTP, authenticate the code, then exchange into an org.
Dispatches a discovery email OTP, exchanges the entered code for an intermediate session and discovered organizations, then exchanges into the chosen organization for a full member session.
3 steps inputs: code, email_address, organization_id, session_duration_minutes outputs: intermediateSessionToken, memberId, organizationId, sessionToken
1
sendDiscoveryOtp
api_b2b_otp_v1_b2b_otp_email_discovery_Send
Send a discovery email one-time passcode to the address so the user can begin the organization discovery flow.
2
authenticateDiscoveryOtp
api_b2b_otp_v1_b2b_otp_email_discovery_Authenticate
Authenticate the discovery passcode to obtain an intermediate session token and the organizations the email already belongs to.
3
exchangeIntoOrg
api_discovery_v1_discovery_intermediate_sessions_Exchange
Exchange the intermediate session token into the chosen organization to mint a full member session.

Source API Descriptions

openapi
stytchB2bApi https://raw.githubusercontent.com/api-evangelist/stytch/refs/heads/main/openapi/stytch-b2b-openapi.yml

Arazzo Workflow Specification

stytch-b2b-email-otp-discovery-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Stytch B2B Email OTP Discovery and Exchange
  summary: Send a discovery email OTP, authenticate the code, then exchange into an organization.
  description: >-
    An organization-discovery login flow driven by email one-time passcodes for
    B2B apps. The workflow sends a discovery email OTP to an address, authenticates
    the code the user enters to obtain an intermediate session and the list of
    organizations the email belongs to, then exchanges that intermediate session
    into a chosen organization to mint a full member session. Every step spells
    out its request inline so the flow can be read and executed without opening
    the underlying OpenAPI description. All calls authenticate with HTTP Basic
    auth using your Stytch project_id as the username and secret as the password.
  version: 1.0.0
sourceDescriptions:
- name: stytchB2bApi
  url: ../openapi/stytch-b2b-openapi.yml
  type: openapi
workflows:
- workflowId: email-otp-discovery
  summary: Send a discovery email OTP, authenticate the code, then exchange into an org.
  description: >-
    Dispatches a discovery email OTP, exchanges the entered code for an
    intermediate session and discovered organizations, then exchanges into the
    chosen organization for a full member session.
  inputs:
    type: object
    required:
    - email_address
    - code
    - organization_id
    properties:
      email_address:
        type: string
        description: The email address to send the discovery passcode to.
      code:
        type: string
        description: The discovery one-time passcode the user received and entered.
      organization_id:
        type: string
        description: The id of the discovered organization to exchange into.
      session_duration_minutes:
        type: integer
        description: Optional session lifetime in minutes for the resulting member session.
  steps:
  - stepId: sendDiscoveryOtp
    description: >-
      Send a discovery email one-time passcode to the address so the user can
      begin the organization discovery flow.
    operationId: api_b2b_otp_v1_b2b_otp_email_discovery_Send
    requestBody:
      contentType: application/json
      payload:
        email_address: $inputs.email_address
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      requestId: $response.body#/request_id
  - stepId: authenticateDiscoveryOtp
    description: >-
      Authenticate the discovery passcode to obtain an intermediate session token
      and the organizations the email already belongs to.
    operationId: api_b2b_otp_v1_b2b_otp_email_discovery_Authenticate
    requestBody:
      contentType: application/json
      payload:
        email_address: $inputs.email_address
        code: $inputs.code
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      intermediateSessionToken: $response.body#/intermediate_session_token
      discoveredOrganizations: $response.body#/discovered_organizations
  - stepId: exchangeIntoOrg
    description: >-
      Exchange the intermediate session token into the chosen organization to
      mint a full member session.
    operationId: api_discovery_v1_discovery_intermediate_sessions_Exchange
    requestBody:
      contentType: application/json
      payload:
        intermediate_session_token: $steps.authenticateDiscoveryOtp.outputs.intermediateSessionToken
        organization_id: $inputs.organization_id
        session_duration_minutes: $inputs.session_duration_minutes
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      memberId: $response.body#/member_id
      organizationId: $response.body#/organization/organization_id
      sessionToken: $response.body#/session_token
  outputs:
    intermediateSessionToken: $steps.authenticateDiscoveryOtp.outputs.intermediateSessionToken
    memberId: $steps.exchangeIntoOrg.outputs.memberId
    organizationId: $steps.exchangeIntoOrg.outputs.organizationId
    sessionToken: $steps.exchangeIntoOrg.outputs.sessionToken