QR Code Verification
📌 Overview
QR Code verification is a secure and user-friendly method to activate or authenticate a user without manually entering an OTP. The QR code typically contains an OTP and its associated verification key in JSON format.
📩 QR Code Delivery
- A QR code is sent to the user's email address as part of activation or OTP verification.
- This QR code contains an encrypted payload with the OTP details.
🧾 QR Code Format (Scanned Content)
Below is the format of code received in the user’s registered email id:
The scanned QR code contains the following JSON:
{
"value": "dtm88k",
"key": "jg9ksj",
"expiry": "2021-03-10T12:26:04IST",
"userId": "prit1"
}🔍 Field Descriptions
| Field | Description |
|---|---|
value | The OTP or activation code value |
key | Verification key tied to this code, must match SDK's verificationKey |
expiry | Expiration time of this QR code |
userId | The user ID this QR code belongs to |
🔄 Workflow
- The SDK triggers a challenge like
getActivationCodeorgetEmailOTP. - Your app displays a QR scanner UI to the user.
- User scans the QR code from email.
- The app extracts the
valueandkeyfrom the QR code JSON. - It compares the
keywithverificationKeyreceived from the SDK. - If they match, the app calls the corresponding API:
setActivationCode(value)– for activation flowssetEmailOTP(value)– for email-based OTP verification
🎯 Matching Keys
- Match
verificationKeyfrom SDK payload withkeyfrom QR JSON. - Only submit the
valueif the keys match.
⚠️ Error Scenarios
| Error Code | Meaning |
|---|---|
4 | Invalid arguments (malformed input) |
17 | Service not supported |
52 | Failed to open HTTP connection |
108 | Invalid TOTP credential |
Ensure QR code hasn’t expired and hasn’t been modified.
🧠 Best Practices
- Always check QR code
expirybefore using. - Provide fallback option to manually enter OTP.
- Validate that scanned
keymatches SDK-providedverificationKey.
Updated 3 months ago