post https://{host}/v2/otp/validate
Use this API to authenticate a customer by validating the OTP sent through SMS or email. After a successful validation, you can proceed with actions such as redeeming points or coupons or registering the customer.
In the response,
"entity": trueindicates that OTP validation was successful."entity": falseindicates that validation failed.
The API also supports rate limiting to prevent excessive validation attempts.
| Configuration Key | Description | Default Value |
|---|---|---|
| CONF_OTP_VALIDATE_RATE_LIMIT_ENABLED | Enables rate limiting for the API. | false |
| CONF_OTP_VALIDATE_RATE_LIMIT_MINUTE | Defines the time window (in minutes) during which rate limiting applies. | 15 |
| CONF_OTP_VALIDATE_RATE_LIMIT_COUNT | Defines the maximum number of API requests allowed. | 5 |
Example: With the default configuration, a user can call the OTP validation API up to 5 times within 15 minutes for the same entity.
For organisations created after mid-October 2025, rate limiting is enabled by default with the default configuration values. To update the default values and enable the configuration for existing organisations, create a JIRA ticket with the Capillary Product Support team.