POSTValidate OTP API

Use Case

This API is used to validate the OTP entered by a user. Post successful OTP validation, you will get an access token known as SSO token and Refresh token in the response.

Header

ATTRIBUTE	DESCRIPTION
Authorization string mandatory	This is a base64 encoded string of “clientId:clientSecret”
Content-Type string mandatory	application/json
x-device-identifier string mandatory	Device Id Please refer below for its sample values.

ATTRIBUTE

DESCRIPTION

Authorization

string
mandatory

This is a base64 encoded string of “clientId:clientSecret”

Content-Type

string
mandatory

application/json

x-device-identifier

string
mandatory

Device Id
Please refer below for its sample values.

Query Parameter

ATTRIBUTE	DESCRIPTION
locale string mandatory	This query parameter contains the combination of "language to be used" and "zone". Possible Values: en-IN
anchor string optional	This query parameter is used to retrieve the encrypted user id in the response of API. Possible Values: enc_user_id

ATTRIBUTE

DESCRIPTION

locale

string
mandatory

This query parameter contains the combination of "language to be used" and "zone".
Possible Values: en-IN

anchor

string
optional

This query parameter is used to retrieve the encrypted user id in the response of API.
Possible Values: enc_user_id

Request Attributes

Content Type : JSON

Body

Attribute	Description
state_token string mandatory	State_token retrieved from Send OTP API Example: 65cb6680-xxxx-11e4-aad2-3c970ea8b87f
otp string mandatory	6 digit OTP received over the user’s phone Example: 888888

Response Attributes

Content Type : JSON

Body

Attribute	Description
status string	Response Status Example: SUCCESS/FAILURE
message string	Message of the Response message
responseCode string	Response code Example: BExxxxxx
tokens string	It comprises the following values generated in a response to this API request: • Access Token (Also known as SSO token of Paytm user) • Refresh Token • Token Expiry for SSO token • Scope
encryptedUserId string	It is a unique user id generated for the user in encrypted form

Response Codes & Messages

responseCode	status	message
BE1400001	SUCCESS	Success
434	FAILURE	Bad request
BE1423005	FAILURE	Invalid Authorization
BE1423011	FAILURE	Authorization client and state token client mismatch
BE1423012	FAILURE	Device Identifier is missing
BE1423013	FAILURE	Device Identifier is mismatch
BE1425004	FAILURE	Mobile number is already pending for verification. Please try after 48 hours.
BE1425005	FAILURE	Scope not allowed
BE1425007	FAILURE	Please enter a valid OTP
BE1425008	FAILURE	You have exceeded the number of attempts for entering a valid OTP. Please click Resend to continue with new OTP.

Device Id Nomenclature

Device	Suggested Nomenclature	Sample Code
App - Android	Android id	Settings.Secure.ANDROID_ID Ref: https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html Example: 8c4afbfab1ae0bd4
App - iOS	Vendor Id	UIDevice.current.identifierForVendor?.uuidString Example: CCB300A0-DE1B-4D48-BC7E-599E453B8DD4
Web	User Agent	Id associated with cookie Example: 123e4567-e89b-12d3-a456-426614174000

⇾

Staging

Production

https://accounts-uat.paytm.com/v4/signin/validate/otp/sv1?locale=en-IN copy icon

REQUEST

RESPONSE

CURL

JAVA

NODE

PHP

PYTHON

DOTNET

curl -X POST 'https://accounts-uat.paytm.com/v4/signin/validate/otp/sv1?locale=en-IN' \
--header 'Authorization: Basic {BASE64_ENCODED_CLIENT_ID_AND_CLIENT_SECRET}' \
--header 'Content-Type: application/json' \
--header 'x-device-identifier: Device123' \
--data '{"state_token": "78e8c293-6088-XXXX-XXXX-44b83ffd50c3","otp":"888888"}'