m2pfintech
API LibraryOtp Management

Generate a one-time password

Generate and send a one-time password (OTP) to a customer mobile number for verification of secure operations. The OTP is delivered via SMS to the registered mobile number.

The purpose field defines what operation the OTP is for. Supported purposes include SET_PIN (for PIN setting), TRANSACTION (for high-value transactions), LOGIN (for authentication), and CARD_BLOCK (for card blocking confirmation).

The kitNo is required for card-related operations (SET_PIN, CARD_BLOCK) to identify which card the OTP is associated with.

OTPs have a limited validity period (typically 5 minutes) and a maximum of 3 validation attempts. Rate limited to prevent abuse.

POST
/Yappay/otp-manager/generate

Authorization

BearerAuth TenantHeader
AuthorizationBearer <token>

JWT Bearer token obtained from the /auth/login endpoint

In: header

TENANT<token>

Tenant identifier provided by M2P (e.g. ENBDTABBY)

In: header

Request Body

application/json

mobile*string

Customer registered mobile number to send the OTP to

purpose*string

Purpose of the OTP. Determines which operation the OTP authorizes. SET_PIN for PIN setting, TRANSACTION for high-value transactions, LOGIN for authentication, CARD_BLOCK for card blocking.

Value in"SET_PIN" | "TRANSACTION" | "LOGIN" | "CARD_BLOCK"
kitNo?string

Kit number. Required for card-related operations (SET_PIN, CARD_BLOCK).

Response Body

application/json

application/json

application/json

curl -X POST "https://api.m2p.com/Yappay/otp-manager/generate" \  -H "Content-Type: application/json" \  -d '{    "mobile": "9876543210",    "purpose": "SET_PIN",    "kitNo": "KIT20260306001234"  }'
{
  "status": "success",
  "message": "OTP sent successfully"
}

{
  "result": null,
  "exception": {
    "detailMessage": "Not a registered Mobile No",
    "shortMessage": "Not a registered Mobile No",
    "errorCode": "Y216",
    "languageCode": "en"
  },
  "pagination": null
}

{
  "result": null,
  "exception": {
    "detailMessage": "Too many OTP requests. Please wait before retrying.",
    "shortMessage": "OTP rate limit",
    "errorCode": "OTP_004",
    "languageCode": "en"
  },
  "pagination": null
}

Send a notification to a customer POST

Send a notification to a customer through one of the supported channels - SMS, EMAIL, or PUSH notification. The templateId identifies a pre-configured notification template. The params object provides dynamic values to be substituted into the template placeholders. Templates and their available parameters are configured by M2P during onboarding. Contact M2P to get the list of available template IDs and their required parameters.

Validate a one-time password POST

Validate an OTP received by the customer. The purpose field must match the purpose used when generating the OTP. OTPs have a limited validity period (typically 5 minutes). Expired OTPs return error code Y101. Incorrect OTPs return error code Y103. After 3 failed attempts, the OTP is invalidated and a new one must be generated.