This page provides you with information on Generate OTP API.
Issues OTP to the customer’s mobile number/email ID using the sessionId generated through the token/generate API.
There is a limit to the number of OTPs a customer can generate in a day. Contact the Sustenance team to increase or decrease the limit.
Resource Information
| URI for Mobile App | /auth/v1/otp/generate |
| URI for Web App | /auth/v1/web/otp/generate |
| Rate Limited | Yes |
| Authentication | No |
| HTTP Method | POST |
| Batch Support | Yes |
Request URL
For mobile application:
http://{ae-host}/auth/v1/otp/generate
For web application:
http://{ae-host}/auth/v1/web/otp/generate
Request Body Parameters
{
"identifierType":"MOBILE",
"identifierValue":"9940000000",
"deviceId": "32rtsdered",
"brand": "STANDARDAPP",
"sessionId": "D-502259d3-d4d6-4458-bc5f-b89d3d8e4c7b"
}
| Parameter | Datatype | Description |
|---|---|---|
| identifierType* | enum | Identifier used for authentication. Values: MOBILE, EMAIL, USERNAME. |
| identifierValue* | string | Value of the specified identifierType. For example, if identifierType is MOBILE, the identifierValue is mobile number. If you want to send the OTP to WhatsApp or Zalo, you need to raise a JIRA ticket to the sustenance team to define the related configurations. |
| deviceId** | string | Unique ID of the device from which the customer has generated the token. Required for mobile app. |
| brand* | string | Name of the brand or org for which authentication needs to be verified. |
| sessionId* | string | Session ID generated through the v1/token/generate API. |
| hash | string | Hash value generated by the mobile application to encrypt the payload. The server-side validation is performed by matching this hash value. For information, refer to Encrypting API payload. Note: This parameter is mandatory if the API payload encryption configurations are enabled and is not applicable if the API payload encryption is not enabled. |
Parameters marked with * are mandatory, and the parameter with ** is required for the mobile app.
Encrypting the API payload
To avoid unauthorised usage of this API, it is suggested to enable the below configuration to encrypt the payload.
Configurations
Note
There is no UI to enable these configurations. To enable these configurations, create a ticket to the sustenance team.
| Configuration | Description |
|---|---|
| CONF_ENABLE_ENCRYPTION | To enable the encryption. By default, this value is set as false. |
| CONF_ENCRYPTION_ENDPOINTS | To define the API endpoints for which the payload needs to be encrypted. You can encrypt the payload of the APIs otp/generate(OTP) and mfa/otp/generate(MFA_OTP) API |
| CONF_ENCRYPTION_PUBLIC_KEY & CONF_ENCRYPTION_PRIVATE_KEY | To store the org's public and private key. The keys are encoded in Base64 format and are constant and do not change. |
| CONF_ENCRYPTION_VALID_IN_SECONDS | To define the time window during which it considers requests as valid. By default, the time is set as 120 seconds. |
Error
| Error | Solution |
|---|---|
| 5004 - Response tampered | Payload encryption is enabled. and the defined time for the hash value is expired. |