Method: verifyOtp
Stay organized with collections
Save and categorize content based on your preferences.
Verifies the user provided OTP to determine if it matches what the issuer sent. If it matches then the authentication is considered successful.
If the endpoint encounters an error while processing the request, the response body from this endpoint should be of type ErrorResponse
An example request looks like:
{
"requestHeader": {
"protocolVersion": {
"major": 1
},
"requestId": "cmVxdWVzdDE",
"requestTimestamp": {
"epochMillis": "1481899949606"
},
"paymentIntegratorAccountId": "SpeedyPaymentsIndia_INR"
},
"authenticateRequestId": "G112YZH4XPDV88J",
"otp": "123456"
}
An example response looks like:
{
"responseHeader": {
"responseTimestamp": {
"epochMillis": "1481899949611"
}
},
"eci": "07",
"result": {
"success": {}
}
}
HTTP request
POST https://www.integratorhost.example.com/integrator-base-path/v1/payment-integrator-authenticated-card-fop-api/verifyOtp
Request body
The request body contains data with the following structure:
| JSON representation |
{
"requestHeader": {
object (RequestHeader)
},
"authenticateRequestId": string,
"otp": string
} |
| Fields |
requestHeader |
object (RequestHeader)
REQUIRED: Common header for all requests.
|
authenticateRequestId |
string
REQUIRED: requestId from the authenticate request that preceded this call.
|
otp |
string
REQUIRED: This is the OTP the user provided, which this call is verifying
|
Response body
This method supports multiple return types. For additional information about what 4XX or 5XX HTTP status code to return with an ErrorResponse, consult the ErrorResponse object and HTTP status codes documentation.
| Possible response messages |
| HTTP 200 Status |
object (VerifyOtpResponse)
|
| HTTP 4XX / 5XX Status |
object (ErrorResponse)
|
VerifyOtpResponse
Response object for the verifyOtp method.
| JSON representation |
{
"responseHeader": {
object (ResponseHeader)
},
"paymentIntegratorVerifyOtpId": string,
"eci": string,
"result": {
object (VerifyOtpResultCode)
}
} |
| Fields |
paymentIntegratorVerifyOtpId |
string
OPTIONAL: Identifier the payment integrator generates and uses to identify this request.
|
eci |
string
OPTIONAL: The Electronic Commerce Indicator returned for the request. It should be returned if available.
|
result |
object (VerifyOtpResultCode)
REQUIRED: Result of this request
|
VerifyOtpResultCode
Result codes for verifyOtp.
| JSON representation |
{
// Union field verify_otp_result_code can be only one of the following:
"success": {
object (Empty)
},
"otpNotMatched": {
object (Empty)
},
"otpAlreadyUsed": {
object (Empty)
}
// End of list of possible types for union field verify_otp_result_code.
} |
| Fields |
Union field verify_otp_result_code. REQUIRED: The result of the verifyOtp request. verify_otp_result_code can be only one of the following: |
success |
object (Empty)
OTP matched what the integrator sent
|
otpNotMatched |
object (Empty)
OTP did not match what the integrator sent.
|
otpAlreadyUsed |
object (Empty)
OTP was already used.
|
All rights reserved. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-07-29 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-29 UTC."],[[["\u003cp\u003eThe \u003ccode\u003everifyOtp\u003c/code\u003e API is used to verify a user's One-Time Password (OTP) against the one sent by the issuer for authentication.\u003c/p\u003e\n"],["\u003cp\u003eThe request body includes the \u003ccode\u003eauthenticateRequestId\u003c/code\u003e from the previous \u003ccode\u003eauthenticate\u003c/code\u003e call and the user-provided OTP.\u003c/p\u003e\n"],["\u003cp\u003eA successful response indicates a matched OTP, while potential error responses include \u003ccode\u003eotpNotMatched\u003c/code\u003e or \u003ccode\u003eotpAlreadyUsed\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe API uses a standard request header and provides a response header with details like the Electronic Commerce Indicator (ECI) if available.\u003c/p\u003e\n"],["\u003cp\u003eIn case of errors during processing, the response will be of type \u003ccode\u003eErrorResponse\u003c/code\u003e with relevant HTTP status codes.\u003c/p\u003e\n"]]],["This documentation details the `verifyOtp` endpoint, which validates a user-provided OTP. The `POST` request requires a `requestHeader`, `authenticateRequestId`, and the `otp` within the request body. Upon success (HTTP 200), the response includes a `responseHeader`, optional `paymentIntegratorVerifyOtpId`, `eci`, and a `result` field with `success`. Errors return an `ErrorResponse` with appropriate HTTP status codes (4XX/5XX). The `result` field in the response indicates `success`, `otpNotMatched`, or `otpAlreadyUsed`.\n"],null,["# Method: verifyOtp\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Request body](#body.request_body)\n - [JSON representation](#body.request_body.SCHEMA_REPRESENTATION)\n- [Response body](#body.response_body)\n- [VerifyOtpResponse](#VerifyOtpResponse)\n - [JSON representation](#VerifyOtpResponse.SCHEMA_REPRESENTATION)\n- [VerifyOtpResultCode](#VerifyOtpResultCode)\n - [JSON representation](#VerifyOtpResultCode.SCHEMA_REPRESENTATION)\n\nVerifies the user provided OTP to determine if it matches what the issuer sent. If it matches then the authentication is considered successful.\n\nIf the endpoint encounters an error while processing the request, the response body from this endpoint should be of type [`ErrorResponse`](/pay/india-cards-v1/payment-integrator-india-cards-api/ErrorResponse).\n\nAn example request looks like: \n\n\n {\n \"requestHeader\": {\n \"protocolVersion\": {\n \"major\": 1\n },\n \"requestId\": \"cmVxdWVzdDE\",\n \"requestTimestamp\": {\n \"epochMillis\": \"1481899949606\"\n },\n \"paymentIntegratorAccountId\": \"SpeedyPaymentsIndia_INR\"\n },\n \"authenticateRequestId\": \"G112YZH4XPDV88J\",\n \"otp\": \"123456\"\n }\n\nAn example response looks like: \n\n\n {\n \"responseHeader\": {\n \"responseTimestamp\": {\n \"epochMillis\": \"1481899949611\"\n }\n },\n \"eci\": \"07\",\n \"result\": {\n \"success\": {}\n }\n }\n\n### HTTP request\n\n`POST https://www.integratorhost.example.com/integrator-base-path/v1/payment-integrator-authenticated-card-fop-api/verifyOtp`\n\n### Request body\n\nThe request body contains data with the following structure:\n\n| JSON representation |\n|----------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| ``` { \"requestHeader\": { object (/pay/india-cards-v1/payment-integrator-india-cards-api/RequestHeader) }, \"authenticateRequestId\": string, \"otp\": string } ``` |\n\n| Fields ||\n|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------|\n| `requestHeader` | `object (`[RequestHeader](/pay/india-cards-v1/payment-integrator-india-cards-api/RequestHeader)`)` **REQUIRED**: Common header for all requests. |\n| `authenticateRequestId` | `string` **REQUIRED** : `requestId` from the `authenticate` request that preceded this call. |\n| `otp` | `string` **REQUIRED**: This is the OTP the user provided, which this call is verifying |\n\n### Response body\n\nThis method supports multiple return types. For additional information about what 4XX or 5XX HTTP status code to return with an `ErrorResponse`, consult the `ErrorResponse` object and [HTTP status codes documentation](/pay/india-cards-v1/guides/connectivity/protocol-standards#http_status_codes).\n\n| Possible response messages ||\n|-----------------------|----------------------------------------------------------------------------------------------------------------------|\n| HTTP 200 Status | `object (`[VerifyOtpResponse](/pay/india-cards-v1/payment-integrator-india-cards-api/verifyOtp#VerifyOtpResponse)`)` |\n| HTTP 4XX / 5XX Status | `object (`[ErrorResponse](/pay/india-cards-v1/payment-integrator-india-cards-api/ErrorResponse)`)` |\n\nVerifyOtpResponse\n-----------------\n\nResponse object for the `verifyOtp` method.\n\n| JSON representation |\n|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| ``` { \"responseHeader\": { object (/pay/india-cards-v1/payment-integrator-india-cards-api/ResponseHeader) }, \"paymentIntegratorVerifyOtpId\": string, \"eci\": string, \"result\": { object (/pay/india-cards-v1/payment-integrator-india-cards-api/verifyOtp#VerifyOtpResultCode) } } ``` |\n\n| Fields ||\n|--------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `responseHeader` | `object (`[ResponseHeader](/pay/india-cards-v1/payment-integrator-india-cards-api/ResponseHeader)`)` **REQUIRED**: Common header for all responses. |\n| `paymentIntegratorVerifyOtpId` | `string` **OPTIONAL**: Identifier the payment integrator generates and uses to identify this request. |\n| `eci` | `string` **OPTIONAL**: The Electronic Commerce Indicator returned for the request. It should be returned if available. |\n| `result` | `object (`[VerifyOtpResultCode](/pay/india-cards-v1/payment-integrator-india-cards-api/verifyOtp#VerifyOtpResultCode)`)` **REQUIRED**: Result of this request |\n\nVerifyOtpResultCode\n-------------------\n\nResult codes for `verifyOtp`.\n\n| JSON representation |\n|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| ``` { // Union field `verify_otp_result_code` can be only one of the following: \"success\": { object (/pay/india-cards-v1/payment-integrator-india-cards-api/Empty) }, \"otpNotMatched\": { object (/pay/india-cards-v1/payment-integrator-india-cards-api/Empty) }, \"otpAlreadyUsed\": { object (/pay/india-cards-v1/payment-integrator-india-cards-api/Empty) } // End of list of possible types for union field `verify_otp_result_code`. } ``` |\n\n| Fields ||\n|------------------|--------------------------------------------------------------------------------------------------------------------------------|\n| Union field `verify_otp_result_code`. **REQUIRED** : The result of the `verifyOtp` request. `verify_otp_result_code` can be only one of the following: ||\n| `success` | `object (`[Empty](/pay/india-cards-v1/payment-integrator-india-cards-api/Empty)`)` OTP matched what the integrator sent |\n| `otpNotMatched` | `object (`[Empty](/pay/india-cards-v1/payment-integrator-india-cards-api/Empty)`)` OTP did not match what the integrator sent. |\n| `otpAlreadyUsed` | `object (`[Empty](/pay/india-cards-v1/payment-integrator-india-cards-api/Empty)`)` OTP was already used. |"]]