Request Headers

Header Name	Header Value
`Content-Type`	application/json
`X-VERIFY`	SHA256(base64 encoded payload + '/v3/merchant/otp/verify' + salt key) + '###' + salt index

{
 "merchantId": "MID",
 "otpToken": "TXN12345",
 "otp": "65732"
}

{
 "request" : "ew0KCeKAnG1lcmNoYW50SWTigJ06IOKAnEpJT+KAnQ0KCeKAnHRyYW5zYWN0aW9uSWTigJ06IOKAnFRYTjEyMzQ14oCdLA0KCeKAnE90cOKAnTog4oCcNjU3MzLigJ0NCn0="
}

Request Parameters

Parameter Name	Type	Description	Mandatory
`merchantId`	`string`	Unique `merchantId` assigned to the merchant	`Yes`
`otpToken`	`string`	OTP token received in Trigger OTP API response	`Yes`
`otp`	`string`	OTP received by customer	`Yes`

🚧
PhonePe will send a new otpToken for every otp requested. Merchants need to pass the correct and latest otpToken and otp pair.

Response Parameters

Parameter Name	Type	Description
`success`	`boolean`	Denotes if API call is successful.
`code`	`string`	See below for list of values
`data`	`Object`	See below table

Response Code

Code Value	Description
`SUCCESS`	Success scenario
`AUTHORIZATION_FAILED`	Value of X-VERIFY is incorrect
`BAD_REQUEST`	Invalid request payload
`INTERNAL_SERVER_ERROR`	The server is busy or the server is not responding
`USER_BLACKLISTED`	Customer is blacklisted on PhonePe side
`USER_BLOCKED`	User is blocked for 1 day.
`INVALID_OTP_TOKEN`	OTP token is not valid or expired
`OTP_LIMIT_EXCEEDED`	There is a limit on number of times OTP can be sent on a mobile number. This code will be received is that limit is crossed.
`OTP_ALREADY_VERIFIED`	The OTP has been already verified for OTP token. Resending of OTP is required.
`OTP_VERIFY_FAILED`	Otp is invalid. Ask user to enter again
`OTP_EXPIRED`	Otp expired, regenerate again
`TOO_MANY_REQUESTS`	If we are getting too many requests from merchant for this API

Response Data

Parameter Name	Type	Description
`merchantId`	`string`	merchantId assigned to merchant.
`userAuthToken`	`string`	Auth token for the user