m2pfintech
API LibraryAuthentication

Generate OTP

Generates and sends a One-Time Password (OTP) to the customer's registered mobile number. The OTP is used for sensitive operations like viewing card details, activating cards, and initiating fund transfers.

When to Use

  • Before card activation (activate-card endpoint)
  • Before viewing full card details
  • Before IMPS/fund transfers
  • Any operation requiring two-factor authentication

OTP Types

  • S — Single OTP sent to mobile only
  • D — Dual OTP sent to both mobile and email

Response

Returns a traceNumber that must be passed to the validate-otp endpoint.

Rate Limits

OTP generation is limited to prevent abuse. Exceeding limits returns a 409 error.

POST
/v1/otp/generate

Authorization

bearerAuth tenantId
AuthorizationBearer <token>

JWT Bearer token from the Authentication API

In: header

X-TENANT-ID<token>

Your unique tenant identifier assigned during onboarding

In: header

Header Parameters

X-TENANT-ID*string

Your unique tenant identifier

Request Body

application/json

mobileNumber?string

Required. Customer's registered mobile number

otpType?string

OTP delivery type: S = Single (mobile only), D = Dual (mobile + email)

Value in"S" | "D"
template?string

OTP template name

card?string

Last 4 digits of the card (for card-specific OTP)

productId?string

Product identifier

countryCode?integer

Country code

entityId?string

Customer entity ID

kitNo?string

Card kit number

Response Body

application/json

application/json

application/json

curl -X POST "https://sandbox-api.m2pprepaid.com/prepaid/customer/v1/otp/generate" \  -H "X-TENANT-ID: ACME_CORP" \  -H "Content-Type: application/json" \  -d '{    "mobileNumber": "9876543210",    "otpType": "S",    "template": "OTP",    "entityId": "615928984620006085281025",    "productId": "HKfXwH9uph",    "card": "0016",    "countryCode": 91  }'
{
  "result": {
    "status": true,
    "traceNumber": "10b53ad5-9fa2-48d5-8de0-ffa9643900d9",
    "refNumber": ""
  },
  "pagination": null
}
{
  "type": "https://www.m2pfintech.com/problem/problem-with-message",
  "title": "Bad Request",
  "status": 400,
  "detail": "Unable to convert http message",
  "message": "error.http.400"
}
{
  "type": "https://www.m2pfintech.com/problem/problem-with-message",
  "title": "No account found",
  "status": 409,
  "detail": "No account found",
  "message": "error.business",
  "businessCode": "PP_MIDD_027"
}

API Library

Complete API reference for the Prepaid V2 platform with parameters, schemas, and examples.

Validate OTP POST

Validates the OTP entered by the customer against the previously generated OTP. ### Flow 1. Call Generate OTP → get `traceNumber` 2. Customer enters OTP 3. Call this endpoint with `traceNumber` + OTP ### Validation Limits - Maximum **3 validation attempts** per OTP within 24 hours - After 3 failed attempts, a new OTP must be generated ### Response On success, returns a `messageHash` that may be required by subsequent operations as proof of OTP verification.