Verify OTP and Linking

API to verify the OTP given by the customer and the otpToken given by the merchant. Once verified merchant account is linked to PhonePe account. This doesn’t involve any UI flow. Merchant needs to implement their own UI.

Request Headers

Header Name

Header Value

Content-Type

application/json

X-VERIFY

SHA256(base64 encoded payload +
'/v3/merchant/otp/verify' + salt key) +
'###' + salt index

{
 "merchantId": "MID",
 "otpToken": "TXN12345",
 "otp": "65732"
}
{
 "request" : "ew0KCeKAnG1lcmNoYW50SWTigJ06IOKAnEpJT+KAnQ0KCeKAnHRyYW5zYWN0aW9uSWTigJ06IOKAnFRYTjEyMzQ14oCdLA0KCeKAnE90cOKAnTog4oCcNjU3MzLigJ0NCn0="
}

Request Parameters

Parameter Name

Type

Description

Mandatory

merchantId

string

Unique merchantId assigned to the merchant

Yes

otpToken

string

OTP token received in Trigger OTP API response

Yes

otp

string

OTP received by customer

Yes

🚧

PhonePe will send a new otpToken for every otp requested. Merchants need to pass the correct and latest otpToken and otp pair.

Response Parameters

Parameter Name

Type

Description

success

boolean

Denotes if API call is successful.

code

string

See below for list of values

data

Object

See below table

Response Code

Code Value

Description

SUCCESS

Success scenario

AUTHORIZATION_FAILED

Value of X-VERIFY is incorrect

BAD_REQUEST

Invalid request payload

INTERNAL_SERVER_ERROR

The server is busy or the server is not responding

USER_BLACKLISTED

Customer is blacklisted on PhonePe side

USER_BLOCKED

User is blocked for 1 day.

INVALID_OTP_TOKEN

OTP token is not valid or expired

OTP_LIMIT_EXCEEDED

There is a limit on number of times OTP can be sent on a mobile number. This code will be received is that limit is crossed.

OTP_ALREADY_VERIFIED

The OTP has been already verified for OTP token. Resending of OTP is required.

OTP_VERIFY_FAILED

Otp is invalid. Ask user to enter again

OTP_EXPIRED

Otp expired, regenerate again

TOO_MANY_REQUESTS

If we are getting too many requests from merchant for this API

Response Data

Parameter Name

Type

Description

merchantId

string

merchantId assigned to merchant.

userAuthToken

string

Auth token for the user

Language
Click Try It! to start a request and see the response here!