Verify OTP and Linking

API to verify the OTP given by the customer and the otpToken given by the merchant. Once verified merchant account is linked to PhonePe account. This doesn’t involve any UI flow. Merchant needs to implement their own UI.

Request Headers

Header NameHeader Value
X-VERIFYSHA256(base64 encoded payload +
'/v3/merchant/otp/verify' + salt key) +
'###' + salt index
X-DEVICE-IDTo identify the device that the user is performing the transaction on. This will be used for checks in Direct Wallet Debit API.
Note: If not passed, the INVALID_DEVICE_ID code will be returned.
[Note: Mandatory Field for Direct Wallet Debit Flow]

Recommended Headers: Additional headers used for Fraud checks

Parameter NameMandatoryDescription
X-DEVICE-MANUFACTURERNoManufacture of the device
Ex- OnePlus
X-DEVICE-MODELNoModel of the Device
Ex- AC2001
X-OS-VERSIONNoOS Version of device
Ex- 29
X-DEVICE-UPI-IDNoUPI ID of user’s device
Ex- 431B25BF650BGL
X-MERCHANT-APP-VERSIONNoApp version of the merchant
Ex- 1.0.0
X-DEVICE-LATITUDENoLatitude of the user’s device
Ex- 39
X-DEVICE-LONGITUDENoLongitude of the user’s device
Ex- 45
X-DEVICE-NETWORK-TYPENoNetwork type of the device
 "merchantId": "MID",
 "otpToken": "TXN12345",
 "otp": "65732"
 "request" : "ew0KCeKAnG1lcmNoYW50SWTigJ06IOKAnEpJT+KAnQ0KCeKAnHRyYW5zYWN0aW9uSWTigJ06IOKAnFRYTjEyMzQ14oCdLA0KCeKAnE90cOKAnTog4oCcNjU3MzLigJ0NCn0="

Request Parameters

Parameter NameTypeDescriptionMandatory
merchantIdstringUnique merchantId assigned to the merchantYes
otpTokenstringOTP token received in Trigger OTP API responseYes
otpstringOTP received by customerYes


PhonePe will send a new otpToken for every otp requested. Merchants need to pass the correct and latest otpToken and otp pair.

Response Parameters

Parameter NameTypeDescription
successbooleanDenotes if API call is successful.
codestringSee below for list of values
dataObjectSee below table

Response Code

Code ValueDescription
SUCCESSSuccess scenario
BAD_REQUESTInvalid request payload
INTERNAL_SERVER_ERRORThe server is busy or the server is not responding
USER_BLACKLISTEDCustomer is blacklisted on PhonePe side
USER_BLOCKEDUser is blocked for 1 day.
INVALID_OTP_TOKENOTP token is not valid or expired
OTP_LIMIT_EXCEEDEDThere is a limit on number of times OTP can be sent on a mobile number. This code will be received is that limit is crossed.
OTP_ALREADY_VERIFIEDThe OTP has been already verified for OTP token. Resending of OTP is required.
OTP_VERIFY_FAILEDOtp is invalid. Ask user to enter again
OTP_EXPIREDOtp expired, regenerate again
TOO_MANY_REQUESTSIf we are getting too many requests from merchant for this API
INVALID_DEVICE_IDThe device id you have provided seems to be invalid.

Response Data

Parameter NameTypeDescription
merchantIdstringmerchantId assigned to merchant.
userAuthTokenstringAuth token for the user
Click Try It! to start a request and see the response here!