Validate MFA OTP

Validates the OTP generated for the MFA flow.

Use this API to validate the OTP in the MFA flow. The /mfa/otp/generate API generates the OTP.

API endpoint example


Resource information

Pagination supported?NA
Rate limitNA
Batch supportNA

Request body parameters

(Parameters marked with * are mandatory)
Data TypeDescription
identifierType*EnumCustomer identifier used for MFA token generation. Values: MOBILE, EMAIL, USERNAME, EXTERNALID
identifierValue*StringValue of the identifier.
deviceId*StringUnique ID of the device where OTP is validated.
brand*StringName of the brand or organisation that needs verification.
sessionId*StringUnique session ID created from /mfa/token/generate API.
otp*StringOTP that needs validation.
curl --location '' \
--header 'Content-Type: application/json' \
--data '{
    "deviceId": "1234",
    "brand": "Bukl",
    "sessionId": "P-b04c1001-ef08-4125-9886-f9d8b4c5d9b8",
   "otp": 999999

Response parameters

ParameterData TypeDescription
statusobjectObject containing status information.
- successbooleanBoolean indicating the status of the request.
- codeintegerHTTP status code indicating the result. Example: 200 indicates success.
- messagestringMessage describing the status of the request.
authobjectObject containing authentication details.
- tokenstringString representing the authentication token. By default, the token is valid for 15 minutes.
- keystringString representing the authentication key.
userobjectObject containing user details.
- appRegisteredbooleanIndicates if the user is registered in the app.
- sessionIdstringCurrent session ID for MFA flow. The session ID is valid for 15 minutes by default.
- rolestringIndicates the user's role. Example: VIEW, USER.
- userRegisteredForPasswordbooleanIndicates if the user is registered for a password.

    "status": {
        "success": true,
        "code": 200,
        "message": "SUCCESS"
    "auth": {
        "token": "eyJpZHYiOlsiTU9CSUxFfDE4NzY3NDMxNzU0Il0sImRldiI6IjEyMzQiLCJvcmciOiJCVUtMIiwiYWxnIjoiSFMyNTYifQ.eyJ1aWQiOiIxNzgwNzc2IiwiaXNzIjoiQ0FQSUxMQVJZIFRFQ0hOT0xPR0lFUyIsImlzYyI6ImZhbHNlIiwib2djIjpbIjEwMDQ1OHxidWtsLmluZC5zb2x1dGlvbiJdLCJleHAiOjE3MTY5NjM0NTcsImlhdCI6MTcxNjk2MjU1Nywicm9sIjoiVVNFUiJ9.RNOnu2qd9b4CrH6ODsIc1OdeOg4EwFh7ssv0zlAG5pE",
        "key": "eyJpZHYiOlsiTU9CSUxFfDE4NzY3NDMxNzU0Il0sImRldiI6IjEyMzQiLCJvcmciOiJCVUtMIiwiYWxnIjoiSFMyNTYifQ.eyJ1aWQiOiIxNzgwNzc2IiwiaXNzIjoiQ0FQSUxMQVJZIFRFQ0hOT0xPR0lFUyIsIm1mYSI6dHJ1ZSwiaWF0IjoxNzE2OTYyNTU3LCJyb2wiOiJBVVRIIn0.89CmFeLl_zfUBuv2Ea4eQIc3Wy8fJzlcRQad8UcqK-4"
    "user": {
        "appRegistered": false,
        "sessionId": null,
        "role": "USER",
        "userRegisteredForPassword": false
Click Try It! to start a request and see the response here!