Verify OTP and Linking

API to verify the OTP given by the customer and the otpToken given by the merchant. Once verified merchant account is linked to PhonePe account. This doesn’t involve any UI flow. Merchant needs to implement their own UI.

<html-block html=”

Request Headers

“>

Header NameHeader Value
Content-Typeapplication/json
X-VERIFYSHA256(base64 encoded payload +
‘/v3/merchant/otp/verify’ + salt key) +
‘###’ + salt index
{
 "merchantId": "MID",
 "otpToken": "TXN12345",
 "otp": "65732"
}
{
 "request" : "ew0KCeKAnG1lcmNoYW50SWTigJ06IOKAnEpJT+KAnQ0KCeKAnHRyYW5zYWN0aW9uSWTigJ06IOKAnFRYTjEyMzQ14oCdLA0KCeKAnE90cOKAnTog4oCcNjU3MzLigJ0NCn0="
}

<html-block html=”

Request Parameters

“>

Parameter NameTypeDescriptionMandatory
merchantIdstringUnique merchantId assigned to the merchantYes
otpTokenstringOTP token received in Trigger OTP API responseYes
otpstringOTP received by customerYes

PhonePe will send a new otpToken for every otp requested. Merchants need to pass the correct and latest otpToken and otp pair.

<html-block html=”

Response Parameters

“>

Parameter NameTypeDescription
successbooleanDenotes if API call is successful.
codestringSee below for list of values
dataObjectSee below table

<html-block html=”

Response Code

“>

Code ValueDescription
SUCCESSSuccess scenario
AUTHORIZATION_FAILEDValue of X-VERIFY is incorrect
BAD_REQUESTInvalid request payload
INTERNAL_SERVER_ERRORThe server is busy or the server is not responding
USER_BLACKLISTEDCustomer is blacklisted on PhonePe side
USER_BLOCKEDUser is blocked for 1 day.
INVALID_OTP_TOKENOTP token is not valid or expired
OTP_LIMIT_EXCEEDEDThere is a limit on number of times OTP can be sent on a mobile number. This code will be received is that limit is crossed.
OTP_ALREADY_VERIFIEDThe OTP has been already verified for OTP token. Resending of OTP is required.
OTP_VERIFY_FAILEDOtp is invalid. Ask user to enter again
OTP_EXPIREDOtp expired, regenerate again
TOO_MANY_REQUESTSIf we are getting too many requests from merchant for this API

<html-block html=”

Response Data

“>

Parameter NameTypeDescription
merchantIdstringmerchantId assigned to merchant.
userAuthTokenstringAuth token for the user
{“method”:”post”,”url”:”/v3/merchant/otp/verify”,”auth”:”required”,”results”:{“codes”:[{“status”:200,”language”:”json”,”code”:”{\n \”success\”: true,\n \”code\”: \”SUCCESS\”,\n \”message\”: \”Your request has been successfully completed.\”,\n \”data\”: {\n \”userAuthToken\”: \”M23061604832206755791408c38b65b84314a3293b8eb9a5ad43079\”\n }\n}\n”,”name”:”Success Response”},{“status”:400,”language”:”json”,”code”:”{}”,”name”:””}]},”params”:[{“name”:”request”,”type”:”string”,”enumValues”:””,”default”:””,”desc”:”base64 encoded payload”,”required”:true,”in”:”body”,”ref”:””,”_id”:”5a97df8ffd23730045ac15c8″},{“name”:”Content-Type”,”type”:”string”,”enumValues”:””,”default”:”application/json”,”desc”:””,”required”:true,”in”:”header”,”ref”:””,”_id”:”5a97df8ffd23730045ac15c7″},{“name”:”X-VERIFY”,”type”:”string”,”enumValues”:””,”default”:””,”desc”:”sha256(base64encodedRequest + \”/v3/merchant/otp/verify\”+ saltKey) + \”###\” + saltIndex”,”required”:true,”in”:”header”,”ref”:””,”_id”:”5a97df8ffd23730045ac15c6″}],”apiSetting”:”5ecf9143b5bd210023b3b738″,”examples”:{“codes”:[]}}
https://mercury-uat.phonepe.com