This page provides you with information on Generate OTP API.
| Time | Status | User Agent | |
|---|---|---|---|
Retrieving recent requests… | |||
Issues OTP to the customer’s mobile number/email ID using the sessionId generated through the token/generate API. The OTP is valid for 20 minutes, which is the same duration as the session ID validity.
OTP rate limits are enforced per mobile number based on your organisation's configuration. The following parameters control the rate limit:
- otpMaxCount: The maximum number of OTPs that can be generated per mobile number within a specified time window.
- otpTimeOut: The time window (in minutes) during which the maximum OTP count applies.
If these parameters are not set (null), there is no rate limit and OTP generation is unrestricted. Contact your administrator to change these limits.
Resource Information
| URI for Mobile App | /auth/v1/otp/generate |
| URI for Web App | /auth/v1/web/otp/generate |
| Authentication | Not required |
| HTTP Method | POST |
| Batch Support | Yes |
Request URL
For mobile application:
http:{ae-host}/auth/v1/otp/generate
For web application:
http:{ae-host}/auth/v1/web/otp/generate
Request Body Parameters
curl --location 'https://eu.api.capillarytech.com/auth/v1/otp/generate' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'accept: application/json' \
--header 'Cookie: _cfuvid=omyxxTL4JKRyz4yJ6akXXwAQb4MsROzdNed9SczptHs-1760004859086-0.0.1.1-604800000' \
--data '{
"identifierType": "MOBILE",
"identifierValue": "919999999993",
"brand": "DocDemo",
"deviceId": "123456785",
"sessionId": "P-7df5e433-17bb-4f02-9ce0-7420ba69c7b4"
}'curl --location 'https://eu.api.capillarytech.com/auth/v1/web/otp/generate' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'accept: application/json' \
--header 'Cookie: _cfuvid=omyxxTL4JKRyz4yJ6akXXwAQb4MsROzdNed9SczptHs-1760004859086-0.0.1.1-604800000' \
--data-raw '{
"identifierType": "EMAIL",
"identifierValue": "[email protected]",
"brand": "DocDemo",
"sessionId": "P-e766af2a-f676-489e-9b24-8571f7af057b"
}'| Parameter | Datatype | Description |
|---|---|---|
| identifierType* | enum | Identifier used for authentication. Values: MOBILE, EMAIL, USERNAME. |
| identifierValue* | string | Value of the specified identifierType. For example, if identifierType is MOBILE, the identifierValue is mobile number. If you want to send the OTP to WhatsApp or Zalo, you need to raise a JIRA ticket to the sustenance team to define the related configurations and configure the templates. |
| deviceId** | string | Unique ID of the device from which the customer has generated the token. Required for mobile app. |
| brand* | string | Name of the brand or org for which authentication needs to be verified. |
| sessionId* | string | Session ID generated through the v1/token/generate API. |
| hash | string | Hash value generated by the mobile application to encrypt the payload. The server-side validation is performed by matching this hash value. For information, refer to Enable API encryption. Note: This parameter is mandatory if the API payload encryption configurations are enabled and is not applicable if the API payload encryption is not enabled. |
Parameters marked with are mandatory, and the parameter with * is required for the mobile app.
Error
| Error | Solution |
|---|---|
| 5004 - Response tampered | Payload encryption is enabled, and the defined time for the hash value is expired. |