• Callback Response
  • Getting Started
    • Mobile Integration (Android/IOS)
      Enterprise Solutions
      Retail Solutions
      Accept Payments
      Process Payments
      Disbursals
      API References
      Refunds
      Guides
      Other links
      Mini Program Platform
  • Features for Investments PG
  • post Validate OTP API

    Use Case


    This API is used to validate the OTP entered by the user. Post successful OTP validation, you will get an access token also known as SSO token and Refresh token in the response.

    Header

    ATTRIBUTRE DESCRIPTION
    Authorization string
    mandatory
    This is a base64 encoded string of “clientId:clientSecret”
    Content-Type string
    mandatory
    application/json
    x-device-identifier string
    mandatory
    Device Id
    Please refer to below for its sample values

    Query Parameter

    ATTRIBUTRE DESCRIPTION
    locale string
    mandatory
    This query parameter contains the combination of "language to be used" and "zone".
    Possible Values: en-IN
    anchor string
    optional
    This query parameter is used to retrieve the encrypted user id in the response of API.
    Possible Values: enc_user_id

    Request Attributes


    API Content Type: JSON

    Body1

    Body

    ATTRIBUTEDESCRIPTION
    state_token string
    mandatory
    State_token retrieved from Send OTP API
    Example: 65cb6680-xxxx-11e4-aad2-3c970ea8b87f
    otp string
    mandatory
    6 digit OTP received over the user’s phone
    Example: 888888

    Response Attributes


    API Content Type: JSON

    Body2

    Body

    ATTRIBUTEDESCRIPTION
    status string
    Response Status
    Example: SUCCESS/FAILURE
    message string
    Message of the Response
    Example: Success
    responseCode string
    Response code
    Example: BExxxxxx
    Tokens string
    It comprises the following values generated in a response to this API request:
    1. Access Token (Also known as SSO token of Paytm user)
    2. Refresh Token
    3. Token Expiry for SSO token
    4. Scope
    encryptedUserId string
    It is a unique user id generated for the user in encrypted form

    Response Codes and Messages


    Response CodeStatusMessage
    BE1400001SUCCESSSuccess
    434FAILUREBad request
    BE1423005FAILUREInvalid Authorization
    BE1423011FAILUREAuthorization client and state token client mismatch
    BE1423012FAILUREDevice Identifier is missing
    BE1423013FAILUREDevice Identifier is mismatch
    BE1425004FAILUREMobile number is already pending for verification. Please try after 48 hours.
    BE1425005FAILUREScope not allowed
    BE1425007FAILUREPlease enter a valid OTP
    BE1425008FAILUREYou have exceeded the number of attempts for entering a valid OTP. Please click on resend to continue with new OTP

    Device Id Nomenclature

    DeviceSuggested NomenclatureSample Code
    App - AndroidAndroid idSettings.Secure.ANDROID_ID
    Ref: https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html
    Example: 8c4afbfab1ae0bd4
    App - iOS Vendor IdUIDevice.current.identifierForVendor?.uuidString
    Example: CCB300A0-DE1B-4D48-BC7E-599E453B8DD4
    Web User AgentId associated with cookie
    Example: 123e4567-e89b-12d3-a456-426614174000
    StagingProduction
    REQUESTRESPONSE
    curl -X POST 'https://accounts-uat.paytm.com/v4/signin/validate/otp/sv1?locale=en-IN' \
    --header 'Authorization: Basic {BASE64_ENCODED_CLIENT_ID_AND_CLIENT_SECRET}' \
    --header 'Content-Type: application/json' \
    --header 'x-device-identifier: Device123' \
    --data '{"state_token": "78e8c293-6088-XXXX-XXXX-44b83ffd50c3","otp":"888888"}'