Resource Information


URI for Mobile App	`auth/v1/otp/validate`
URI for Web App	`auth/v1/web/otp/validate`
Rate Limited?	Yes
Authentication	No
HTTP Method	POST
Batch Support	Yes

Request URL

For mobile application:

http:{ae-host}/auth/v1/otp/validate

For web application:

http:{ae-host}/auth/v1/web/otp/validate

curl --location 'https://eu.api.capillarytech.com/auth/v1/otp/validate' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'accept: application/json' \
--header 'Cookie: _cfuvid=4cDcLYjTxIP0ezb6fRYB0epcC4lTjAo5Uwd.pLnw9Ag-1760013365505-0.0.1.1-604800000' \
--data '{
    "identifierType": "MOBILE",
    "identifierValue": "919999999993",
    "brand": "DocDemo",
    "deviceId": "123456785",
    "sessionId": "P-6e195d03-a643-4d24-bbda-0d6e3810b06d",
    "otp": "999999"
}'

curl --location 'https://eu.api.capillarytech.com/auth/v1/web/otp/validate' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'accept: application/json' \
--data-raw '{
    "identifierType": "EMAIL",
    "identifierValue": "captest@gmail.com",
    "brand": "DocDemo",
    "sessionId": "P-db0a6a4b-14e9-4b0b-998e-72203c39aa45",
    "otp": "999999"
}'

Request Body Parameters

Parameter	Datatype	Description
`identifierType`*	enum	Identifier used to generate OTP. Values: `MOBILE`, `EMAIL`, `USERNAME`.
`identifierValue`*	string	Value of the specified `identifierType`. For example, if `identifierType` is `MOBILE`, the `identifierValue` is a mobile number.
`deviceId`**	string	Unique ID of the device associated with the OTP. Not applicable for web applications.
`brand`*	string	Name of the brand or org associated with the OTP.
`sessionId`*	string	Session ID generated through the `v1/token/generate` API.
`otp`*	long	Validation code received by the customer (either to the mobile number or email ID provided). Note: You can configure maximum retries as well as account locking after several defined unsuccessful attempts to enter the correct OTP.

Parameters marked with * are mandatory for both web and mobile applications.

Parameter marked with ** is mandatory for the mobile application and not required for web application.

Sample response

{
    "status": {
        "success": true,
        "code": 200,
        "message": "SUCCESS"
    },
    "auth": {
        "token": "eyJpZHYiOlsiTU9CSUxFfDkxOTk5OTk5OTk5MyJdLCJkZXYiOiIxMjM0NTY3ODUiLCJvcmciOiJET0NERU1PIiwiYWxnIjoiSFMyNTYifQ.eyJ1aWQiOiI0MDQ4NjQ3IiwiaXNzIjoiQ0FQSUxMQVJZIFRFQ0hOT0xPR0lFUyIsImlzYyI6ImZhbHNlIiwib2djIjpbIjEwMDczN3xuZWVyYWouZG9jIl0sImV4cCI6MTc2MDAxNzA4MCwiaWF0IjoxNzYwMDEzNDgwLCJyb2wiOiJVU0VSIn0.8cNCH_T63gDOE4BP9QoRT96eOs-qYlUVpO5MrVJwJPo",
        "key": "eyJpZHYiOlsiTU9CSUxFfDkxOTk5OTk5OTk5MyJdLCJkZXYiOiIxMjM0NTY3ODUiLCJvcmciOiJET0NERU1PIiwiYWxnIjoiSFMyNTYifQ.eyJ1aWQiOiI0MDQ4NjQ3IiwiaXNzIjoiQ0FQSUxMQVJZIFRFQ0hOT0xPR0lFUyIsImlhdCI6MTc2MDAxMzQ4MCwicm9sIjoiQVVUSCJ9.YbMefn1HT8kkHb1r9hTRyAU-Uf3R-rNpJPlShFa0o4k"
    },
    "user": {
        "appRegistered": false,
        "sessionId": null,
        "role": "USER",
        "userRegisteredForPassword": true
    }
}

{
  "status": {
    "success": true,
    "code": 200,
    "message": "SUCCESS"
  },
  "auth": {
    "token": "eyJpZHYiOlsiRU1BSUx8Y2FwdGVzdEBnbWFpbC5jb20iXSwiZGV2IjpudWxsLCJvcmciOiJET0NERU1PIiwiYWxnIjoiSFMyNTYifQ.eyJ1aWQiOiI0MDY4MjkxIiwiaXNzIjoiQ0FQSUxMQVJZIFRFQ0hOT0xPR0lFUyIsImlzYyI6ImZhbHNlIiwib2djIjpbIjEwMDczN3xuZWVyYWouZG9jIl0sImV4cCI6MTc2MDAxMzg0MywiaWF0IjoxNzYwMDEzNzUzLCJyb2wiOiJVU0VSIn0.N7ocUUT5eBXE-rRIoJvRWmMIEN56CIr8_NXQYkUGYig",
    "key": null
  },
  "user": null
}

Response parameters

Parameter	Description
status	Object containing status information
success	Boolean indicating the success status
code	Number indicating the status code (e.g., 200 for success)
message	String providing a message related to the status
auth	Object containing authentication information
token	String representing the authentication token. By default, the token is valid for 15 minutes.
key	String representing the authentication key. This key has no validity and can be used to regenerate the authentication token. It is recommended to set an expiry of the key to avoid unauthorized usage. For more information, refer to the section Configuring validity for the key.
user	Object containing user information
appRegistered	Boolean indicating if the user is registered in the app
sessionId	Value representing the user's session ID
role	String indicating the user's role (e.g., "USER")
userRegisteredForPassword	Boolean indicating if the user is registered for a password