Validate OTP API

This API is used to validate the OTP received by the user when a notification of type OTP is generated using the generateRVN API.In case of msg_type = "OTP", REL-IDverify server generates the OTP and sends a push notification to the user. The user types in the OTP on the transaction web page. The web page then calls the validateOTP API to validate the OTP value provided by the user.

🔗 Endpoint

POST https://REL-ID-VERIFY-SERVER:VERIFY-PORT/validateOTP.htm

🔐 Authentication

Use one of the following in the request headers:

• Basic Auth: Authorization: Basic <base64-encoded-credentials>
• OAuth2 Token: Authorization: Bearer <access_token>

📤 Request Headers

📨 Request Body

{
  "notification_uuid": "<UUID from generateRVN>",
  "otp_value": "<User entered OTP>"
}

• notification_uuid: (string) Unique ID received in generateRVN response.
• otp_value: (string) OTP value entered by user. It should match the hashed value as per the hash_spec used during generation.

📥 Success Response (Validation Success)

{
  "response_code": 0,
  "notification_uuid": "03f67f9e-ec4f-11e6-b006-92361f002671",
  "otp_validation_status": "SUCCESS"
}

📥 Failure Response (Validation Failed)

{
  "response_code": 0,
  "notification_uuid": "03f67f9e-ec4f-11e6-b006-92361f002671",
  "otp_validation_status": "FAILED",
  "attempts_left": 2
}

❌ Error Response (API Error)

{
  "response_code": 1,
  "error_code": 3565,
  "error_message": "Notification is not present or is expired"
}

⚠️ Error Codes