Validate One-Time Password

The /Authentication/OTP/Validate endpoint allows the user to send their One-Time Password (OTP) for validation. The user must provide the OTP along with any additional required information, such as username or deviceId. The server will verify the provided OTP against the expected value and check for expiration or other constraints. If the OTP is valid, the server will return a success message, allowing the user to proceed with MFA. In case of errors, such as invalid or expired OTP, appropriate error codes and messages will be provided.

SecurityApiKeyAuth

Request

header Parameters

required

string

Initialization Vector for database encryption.

Request Body schema:
application/UNENCRYPTED—DO_NOT_SEND+json

One of:

Object with items required to reset one-time password.

object

username	string (Username) An string containing the user's login credential, which is either the user's primary `emailAddress` or primary `phoneNumber`.
deviceId	string (DeviceId) The unique identifier for the device.
oneTimePassword	string (Otp) One time password for multi-factor and mobile login.

Responses

200

400

Bad Request

401

Unauthorized access

403

Access forbidden

404

Resource was not found

409

Conflict.

429

Too Many Requests

post/authentication/otp/validation

Request samples

{"login": {"username": "joeblow@acme.com",
"deviceId": "A-10000",
"oneTimePassword": "string"
}
}

Response samples

{"loginDetails": {"isValidClient": true,
"username": "joeblow@acme.com",
"deviceId": "A-10000",
"userRolesByClient": [{"clientId": "987654",
"name": "Acme Co",
"userRoles": ["admin"
],
"cryptoKeys": {"deviceEncryptionKey": "63ee6fab-2e6d-4f7b-8e4b-c6643e4cf364",
"transactionEncryptionKey": "b465a1e9-42a1-4c22-a33d-f1faa80ea3b7"
}
},
{"clientId": "324234",
"name": "Pace Software",
"userRoles": ["agent",
"merchant"
],
"cryptoKeys": {"deviceEncryptionKey": "6777c9a9-2524-405b-b71f-ccbfd7cc2645",
"transactionEncryptionKey": "243df8d8-b468-4fab-b79c-e6aa8932dc63"
}
}
]
}
}