post https://uatmea-iss-apigw.creditpluspinelabs.com/deviceapi/apis/v1/services/cardholder/otp/verification
This API is used to verify one-time password (OTP) generated through any applicable channels, such as, 'Generate OTP API'. The Credit+ Issuing system receives, validates and processes the request. The request is successful only if it is received within two minutes of OTP generation and all validations are passed. If it is successful, the valid OTP will be marked as verified in the Credit+ Issuing system. If the request fails, the system returns the corresponding error code.
NOTE:
- The API, if sent with cardNumberAlias (CNA), will internally fetch the corresponding associated device for further processing only if DEVICE _STATUS_CODE = NORMAL (0) OR (DEVICE_STATUS_CODE = UPGRADE (9) AND UPGRADE_STATUS = 1).
- Either deviceNumber or cardNumberAlias parameter’s value must be provided to process the request. However, if both are received in request then the system will not validate if the cardNumberAliasislinked to that particular device. System processesthe request based on the device number itself.
HTTP Status and Response Status Matrix
- HTTP Code: This is the response status code issued by a server in response to a client's request made to the server.
- Error Code: This is the error code returned by Credit+ Issuing application in the ‘code’ field of the response message indicating if the request was processed successfully or failed.
- Reason: This is the description of the error code returned by Credit+ Issuing application.
| HTTP Code | Error Code | Reason |
|---|---|---|
| 400 | 997 | Device Number and Card Number Alias fields are empty. Please provide value for at least one field. |
| 400 | 997 | Product Type field is invalid. |
| 400 | 997 | Program Code field should only contain [A-Z 0-9] and underscore and must start and end with alphanumeric character. |
| 400 | 997 | Program Code field value must have max length 6. |
| 400 | 997 | Device Plan Code field should only contain [A-Z 0-9] and underscore and must start and end with alphanumeric character. |
| 400 | 997 | Device Plan Code field value must have max length 10. |
| 400 | 997 | Only alphanumeric characters and special characters [_!'()*+,-.] are allowed. |
| 400 | 997 | Card Number Alias field value must have max length 24. |
| 400 | 997 | Card number is of invalid format. |
| 400 | 997 | Request type field is empty. |
| 400 | 997 | OTP field is empty. |
| 400 | 997 | Channel field is empty. |
| 401 | 990 | Channel not authenticated for this service |
| 401 | 991 | OTP request not supported for this service |
| 400 | 997 | Device does not exist |
| 404 | 998 | Device number not registered in the system |
| 500 | 992 | OTP not generated or expired |
| 500 | 993 | Invalid encrypted otp |
| 500 | 999 | Incorrect OTP |
| 201 | 000 | SUCCESS |
| 500 | CNA001 | Bank Does Not Exists |
| 500 | CNA002 | Card Number Alias Functionality is not applicable for this Institution |
| 500 | CNA003 | Record does not exist for the given details |
| 500 | CNA005 | Multiple device numbers are linked for given details |
| 500 | CNA006 | Error while fetching device details |