The Authentications Challenges API is used by the Credit+ Issuing system to send challenge or one-time password (OTP) to a client or customer. This API offers the ability to send OTP to a client or customer. Identity of a client is confirmed before sending the OTP. At least one of the form factors, such as device number, packID, alias, client code, or wallet or account number is provided to confirm the identity of a client. If this API is consumed by platform-specific vendors (such as ACS or SMS providers), then the device.number parameter is mandatory in the request. The device.alias parameter must be used only if device alias functionality is enabled for the institution or bank. In case, alias uniqueness is not defined at institution level, then the productType, planCode, or programCode parameters must be used to confirm identity of a client. If input form factor(s) failsto resolve to single client (that is, if multiple clients are found), then UNIQUE_RECORD_NOT_FOUND error is returned. In case ofsuccess, the API returns 200 as HTTP status code with no body. This API is applicable for prepaid, credit, and debit products.
HTTP Status and Response Status Matrix
- HTTP Code: This is the response status code issued by a server in response to a client's request made to the server.
- Error Code: This is the error code returned by Credit+ Issuing application in the ‘code’ field of the response message indicating if the request was processed successfully or failed.
- Reason: This is the description of the error code returned by Credit+ Issuing application.
| HTTP Code | Error Code | Reason |
|---|---|---|
| 201 | 000 | Successful. |
| 400 | Input request JSON format is not valid. | |
| 400 | Missing Required Field - {fieldName}. | |
| 400 | Invalid Field Format - {fieldName}. | |
| 400 | {FieldName} size must be between and . | |
| 400 | Invalid Field Value - {fieldname}. | |
| 400 | Alias functionality not supported for this institution. | |
| 400 | Aliases uniqueness is not defined at institution level and records corresponding to multiple clients found for given alias. | |
| 400 | Cryptography error. | |
| 400 | Missing required messaging tag - <TAG Name 1>. | |
| 400 | System rejected the payload as given timestamp is in the past. | |
| 401 | The user is not authorized to make the request. | |
| 403 | The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource. | |
| 404 | The requested resource could not be found but may be available in the future. Subsequent requests by the client are permissible. | |
| 500 | The server encountered an internal error and was unable to complete your request. Please try again after some time or contact customer care. | |
| 500 | Server failed to deliver SMS to recipient. | |
| 500 | Server failed to deliver email to recipient. |