Issues OTP to the customer’s mobile number/email ID using the sessionId generated through the token/generate API. The OTP is valid for 20 minutes, which is the same duration as the session ID validity.

There is a limit to the number of OTPs a customer can generate in a day. Contact the Sustenance team to increase or decrease the limit.

Resource Information


URI for Mobile App	`/auth/v1/otp/generate`
URI for Web App	`/auth/v1/web/otp/generate`
Rate Limited	Demo and testing clusters: 1000 requests per minute per API key. Other organisations: The rate limit is brand-specific.
Authentication	Not required
HTTP Method	POST
Batch Support	Yes

Request URL

For mobile application:

http:{ae-host}/auth/v1/otp/generate

For web application:

http:{ae-host}/auth/v1/web/otp/generate

Request Body Parameters

curl --location 'https://eu.api.capillarytech.com/auth/v1/otp/generate' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'accept: application/json' \
--header 'Cookie: _cfuvid=omyxxTL4JKRyz4yJ6akXXwAQb4MsROzdNed9SczptHs-1760004859086-0.0.1.1-604800000' \
--data '{
    "identifierType": "MOBILE",
    "identifierValue": "919999999993",
    "brand": "DocDemo",
    "deviceId": "123456785",
    "sessionId": "P-7df5e433-17bb-4f02-9ce0-7420ba69c7b4"
}'

curl --location 'https://eu.api.capillarytech.com/auth/v1/web/otp/generate' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'accept: application/json' \
--header 'Cookie: _cfuvid=omyxxTL4JKRyz4yJ6akXXwAQb4MsROzdNed9SczptHs-1760004859086-0.0.1.1-604800000' \
--data-raw '{
    "identifierType": "EMAIL",
    "identifierValue": "captest@gmail.com",
    "brand": "DocDemo",
    "sessionId": "P-e766af2a-f676-489e-9b24-8571f7af057b"
}'

Parameter	Datatype	Description
identifierType*	enum	Identifier used for authentication. Values: MOBILE, EMAIL, USERNAME.
identifierValue*	string	Value of the specified identifierType. For example, if identifierType is MOBILE, the identifierValue is mobile number. If you want to send the OTP to WhatsApp or Zalo, you need to raise a JIRA ticket to the sustenance team to define the related configurations and configure the templates.
deviceId**	string	Unique ID of the device from which the customer has generated the token. Required for mobile app.
brand*	string	Name of the brand or org for which authentication needs to be verified.
sessionId*	string	Session ID generated through the v1/token/generate API.
hash	string	Hash value generated by the mobile application to encrypt the payload. The server-side validation is performed by matching this hash value. For information, refer to Enable API encryption. Note: This parameter is mandatory if the API payload encryption configurations are enabled and is not applicable if the API payload encryption is not enabled.

Parameters marked with * are mandatory, and the parameter with ** is required for the mobile app.

Error

Error	Solution
5004 - Response tampered	Payload encryption is enabled, and the defined time for the hash value is expired.