diff --git a/src/app/api/customer/AuthController.ts b/src/app/api/customer/AuthController.ts
index dc5a40ba..4cbd2578 100644
--- a/src/app/api/customer/AuthController.ts
+++ b/src/app/api/customer/AuthController.ts
@@ -143,4 +143,35 @@ export default class AuthController extends ApiController {
 			return;
 		}
 	}
+
+	@Post("/api/v1/customer/auth/verify-totp-code")
+	protected async verifyTotpCode(req: Request, response: Response) {
+		const totpCode = req.body["totpCode"];
+		const email = req.body["email"];
+		if (!totpCode) {
+			this.httpBadRequest(response, "totpCode is required");
+			return;
+		}
+
+		if (!email) {
+			this.httpBadRequest(response, "email is required");
+			return;
+		}
+
+		try {
+			const customer = await this.customerService.verifyTotpCode(totpCode, email);
+			if (!customer) {
+				this.httpNotFoundRequest(response, "Customer not found");
+				return;
+			}
+			this.httpSuccess(response, { validCode: true });
+		} catch (error) {
+			if (error instanceof InvalidTotpCodeError || error instanceof TotpCodeExpiredError) {
+				this.httpUnauthorized(response, error.message);
+				return;
+			}
+			console.log(error);
+			this.httpInternalError(response);
+		}
+	}
 }
diff --git a/src/services/customer/CustomersService/CustomersService.ts b/src/services/customer/CustomersService/CustomersService.ts
index 63885261..f72ca4af 100644
--- a/src/services/customer/CustomersService/CustomersService.ts
+++ b/src/services/customer/CustomersService/CustomersService.ts
@@ -214,4 +214,25 @@ export default class CustomersService extends BaseService {
 	private async sendSmsCodeToCustomer(totpPin: number, customer: Customer) {
 		console.log(totpPin);
 	}
+
+	public async verifyTotpCode(totpCode: string, email: string): Promise<Customer | null> {
+		// 1: Check if the customer exists
+		// 2: Check if the SMS code is existing and is not expired
+		// 3: Check if the SMS code is valid
+		// 4: Return the customer
+
+		// 1: Check if the customer exists
+		const customer = await this.getByEmail(email);
+		if (!customer) return null;
+
+		// 2: Check if the SMS code is existing and is not expired
+		if (!customer.smsCode || !customer.smsCodeExpire || new Date().getTime() > customer.smsCodeExpire.getTime())
+			throw new TotpCodeExpiredError();
+
+		// 3: Check if the SMS code is valid
+		if (customer.smsCode !== totpCode) throw new InvalidTotpCodeError();
+
+		// 4: Return the customer
+		return customer;
+	}
 }