post https://mercury-uat.phonepe.com/v3/merchant/otp/verify
API to verify the OTP given by the customer and the otpToken given by the merchant. Once verified merchant account is linked to PhonePe account. This doesn’t involve any UI flow. Merchant needs to implement their own UI.
| Header Name | Header Value |
|---|---|
Content-Type | application/json |
X-VERIFY | SHA256(base64 encoded payload + '/v3/merchant/otp/verify' + salt key) + '###' + salt index |
X-DEVICE-ID | To identify the device that the user is performing the transaction on. This will be used for checks in Direct Wallet Debit API. Note: ● If not passed, the INVALID_DEVICE_ID code will be returned. ● Mandatory Field for Direct Wallet Debit Flow ● The maximum length is 64 characters |
Recommended Headers: Additional headers used for Fraud checks
| Parameter Name | Mandatory | Description |
|---|---|---|
X-DEVICE-MANUFACTURER | No | Manufacture of the device Ex- OnePlus |
X-DEVICE-MODEL | No | Model of the Device Ex- AC2001 |
X-OS-VERSION | No | OS Version of device Ex- 29 |
X-DEVICE-UPI-ID | No | UPI ID of user’s device Ex- 431B25BF650BGL |
X-MERCHANT-APP-VERSION | No | App version of the merchant Ex- 1.0.0 |
X-DEVICE-LATITUDE | No | Latitude of the user’s device Ex- 39 |
X-DEVICE-LONGITUDE | No | Longitude of the user’s device Ex- 45 |
X-DEVICE-NETWORK-TYPE | No | Network type of the device Ex- MOBILE_DATA_4G |
{
"merchantId": "MID",
"otpToken": "TXN12345",
"otp": "65732"
}
{
"request" : "ew0KCeKAnG1lcmNoYW50SWTigJ06IOKAnEpJT+KAnQ0KCeKAnHRyYW5zYWN0aW9uSWTigJ06IOKAnFRYTjEyMzQ14oCdLA0KCeKAnE90cOKAnTog4oCcNjU3MzLigJ0NCn0="
}
| Parameter Name | Type | Description | Mandatory |
|---|---|---|---|
merchantId | string | Unique merchantId assigned to the merchant | Yes |
otpToken | string | OTP token received in Trigger OTP API response | Yes |
otp | string | OTP received by customer | Yes |
PhonePe will send a new otpToken for every otp requested. Merchants need to pass the correct and latest otpToken and otp pair.
| Parameter Name | Type | Description |
|---|---|---|
success | boolean | Denotes if API call is successful. |
code | string | See below for list of values |
data | Object | See below table |
| Code Value | Description |
|---|---|
SUCCESS | Success scenario |
AUTHORIZATION_FAILED | Value of X-VERIFY is incorrect |
BAD_REQUEST | Invalid request payload |
INTERNAL_SERVER_ERROR | The server is busy or the server is not responding |
USER_BLACKLISTED | Customer is blacklisted on PhonePe side |
USER_BLOCKED | User is blocked for 1 day. |
INVALID_OTP_TOKEN | OTP token is not valid or expired |
OTP_LIMIT_EXCEEDED | There is a limit on number of times OTP can be sent on a mobile number. This code will be received is that limit is crossed. |
OTP_ALREADY_VERIFIED | The OTP has been already verified for OTP token. Resending of OTP is required. |
OTP_VERIFY_FAILED | Otp is invalid. Ask user to enter again |
OTP_EXPIRED | Otp expired, regenerate again |
TOO_MANY_REQUESTS | If we are getting too many requests from merchant for this API |
INVALID_DEVICE_ID | The device id you have provided seems to be invalid. |
| Parameter Name | Type | Description |
|---|---|---|
merchantId | string | merchantId assigned to merchant. |
userAuthToken | string | Auth token for the user |