Verify OTP and Linking

API to verify the OTP given by the customer and the otpToken given by the merchant. Once verified merchant account is linked to PhonePe account. This doesn’t involve any UI flow. Merchant needs to implement their own UI.

Request Headers

Header Name

Header Value

Content-Type

application/json

X-VERIFY

SHA256(base64 encoded payload +
'/v3/merchant/otp/verify' + salt key) +
'###' + salt index

X-DEVICE-ID

To identify the device that the user is performing the transaction on. This will be used for checks in Direct Wallet Debit API.
Note: If not passed, the INVALID_DEVICE_ID code will be returned.
[Note: Mandatory Field for Direct Wallet Debit Flow]

Recommended Headers: Additional headers used for Fraud checks

Parameter Name

Mandatory

Description

X-DEVICE-MANUFACTURER

No

Manufacture of the device
Ex- OnePlus

X-DEVICE-MODEL

No

Model of the Device
Ex- AC2001

X-OS-VERSION

No

OS Version of device
Ex- 29

X-DEVICE-UPI-ID

No

UPI ID of user’s device
Ex- 431B25BF650BGL

X-MERCHANT-APP-VERSION

No

App version of the merchant
Ex- 1.0.0

X-DEVICE-LATITUDE

No

Latitude of the user’s device
Ex- 39

X-DEVICE-LONGITUDE

No

Longitude of the user’s device
Ex- 45

X-DEVICE-NETWORK-TYPE

No

Network type of the device
Ex- MOBILE_DATA_4G

{
 "merchantId": "MID",
 "otpToken": "TXN12345",
 "otp": "65732"
}
{
 "request" : "ew0KCeKAnG1lcmNoYW50SWTigJ06IOKAnEpJT+KAnQ0KCeKAnHRyYW5zYWN0aW9uSWTigJ06IOKAnFRYTjEyMzQ14oCdLA0KCeKAnE90cOKAnTog4oCcNjU3MzLigJ0NCn0="
}

Request Parameters

Parameter Name

Type

Description

Mandatory

merchantId

string

Unique merchantId assigned to the merchant

Yes

otpToken

string

OTP token received in Trigger OTP API response

Yes

otp

string

OTP received by customer

Yes

🚧

PhonePe will send a new otpToken for every otp requested. Merchants need to pass the correct and latest otpToken and otp pair.

Response Parameters

Parameter Name

Type

Description

success

boolean

Denotes if API call is successful.

code

string

See below for list of values

data

Object

See below table

Response Code

Code Value

Description

SUCCESS

Success scenario

AUTHORIZATION_FAILED

Value of X-VERIFY is incorrect

BAD_REQUEST

Invalid request payload

INTERNAL_SERVER_ERROR

The server is busy or the server is not responding

USER_BLACKLISTED

Customer is blacklisted on PhonePe side

USER_BLOCKED

User is blocked for 1 day.

INVALID_OTP_TOKEN

OTP token is not valid or expired

OTP_LIMIT_EXCEEDED

There is a limit on number of times OTP can be sent on a mobile number. This code will be received is that limit is crossed.

OTP_ALREADY_VERIFIED

The OTP has been already verified for OTP token. Resending of OTP is required.

OTP_VERIFY_FAILED

Otp is invalid. Ask user to enter again

OTP_EXPIRED

Otp expired, regenerate again

TOO_MANY_REQUESTS

If we are getting too many requests from merchant for this API

INVALID_DEVICE_ID

The device id you have provided seems to be invalid.

Response Data

Parameter Name

Type

Description

merchantId

string

merchantId assigned to merchant.

userAuthToken

string

Auth token for the user

Language
Click Try It! to start a request and see the response here!