Used to validate one-time passwords (OTPs) entered by users against previously generated and stored OTPs.
Examples
Verify a one-time password (OTP) for a user. The example below shows how to verify an OTP using the request_id and the user-provided OTP.
curl --request POST \
--url https://external-api.xtremepush.com/api/otp/verify \
--header 'content-type: application/json' \
--data '{
"apptoken": "YOUR_APPTOKEN",
"request_id": "<otp-request-id-from-generate-result>",
"otp": "<user-entered-otp>"
}'
Example Use Case
Use this endpoint to validate the OTP entered by a user during login or transaction confirmation. Replace and with actual values from your application.
Verification results from the OTP Verify API
Success
Code: 200
Description: The OTP is correct and has not expired.
Response:
curl --request POST \
--url https://external-api.xtremepush.com/api/otp/verify \
--header 'content-type: application/json' \
--data '{
"success": true,
"code": 200,
"status": "success"
}'
Incorrect OTP
Code: 200
Description: The OTP entered by the user does not match the generated OTP.
Response:
curl --request POST \
--url https://external-api.xtremepush.com/api/otp/verify \
--header 'content-type: application/json' \
--data '{
"success": false,
"code": 200,
"status": "failure",
"error": "Incorrect OTP"
}'
Expired OTP
Code: 200
Description: The OTP has expired based on the expiration time set during generation.
Response:
curl --request POST \
--url https://external-api.xtremepush.com/api/otp/verify \
--header 'content-type: application/json' \
--data '{
"success": false,
"code": 200,
"status": "failure",
"error": "OTP expired"
}'
Verification Limit Exceeded
Code: 200
Description: The OTP has exceeded the allowed number of verification attempts.
Response:
curl --request POST \
--url https://external-api.xtremepush.com/api/otp/verify \
--header 'content-type: application/json' \
--data '{
"success": false,
"code": 200,
"status": "failure",
"error": "Verification attempts exceeded"
}'