m2pfintech
API LibraryAuthentication

Validate OTP

Validates the OTP entered by the customer against the previously generated OTP.

Flow

  1. Call Generate OTP → get traceNumber
  2. Customer enters OTP
  3. Call this endpoint with traceNumber + OTP

Validation Limits

  • Maximum 3 validation attempts per OTP within 24 hours
  • After 3 failed attempts, a new OTP must be generated

Response

On success, returns a messageHash that may be required by subsequent operations as proof of OTP verification.

POST
/v1/otp/validate-otp

Authorization

bearerAuth tenantId
AuthorizationBearer <token>

JWT Bearer token from the Authentication API

In: header

X-TENANT-ID<token>

Your unique tenant identifier assigned during onboarding

In: header

Header Parameters

X-TENANT-ID*string

Your unique tenant identifier

Request Body

application/json

traceNumber*string

Required. Trace number from Generate OTP response

refNumber?string

Reference number

mobileOtp*string

Required. OTP entered by the customer

emailOtp?string

Email OTP (for dual OTP type)

otpType?string

OTP type

Value in"SINGLE_OTP_MOBILE" | "SINGLE_OTP_DUAL" | "DIFFERENT_OTP_DUAL"
mobile?
entityId?string
eventName?string
kitNo?string
linkData?string
mobileNumber?string
otp?string

Response Body

application/json

application/json

application/json

curl -X POST "https://sandbox-api.m2pprepaid.com/prepaid/customer/v1/otp/validate-otp" \  -H "X-TENANT-ID: ACME_CORP" \  -H "Content-Type: application/json" \  -d '{    "traceNumber": "73ee6eb5-ebb8-4e9f-8d9c-dc7520cd4870",    "refNumber": "68bff8eb7eedcd247cf46204",    "mobileOtp": "123456",    "otpType": "SINGLE_OTP_DUAL",    "mobile": {      "value": "9876543210",      "countryCode": 91    }  }'
{
  "result": {
    "status": true,
    "refNumber": "68bff8eb7eedcd247cf46204",
    "messageHash": "EF9A1A2F15555C1EA3A202EBBBA03B901B399D306C0BA07500C0B1915E213D34"
  },
  "pagination": null
}
{
  "type": "https://www.m2pfintech.com/problem/problem-with-message",
  "title": "Bad Request",
  "status": 400,
  "detail": "Unable to convert http message",
  "message": "error.http.400"
}

{
  "type": "https://www.m2pfintech.com/problem/problem-with-message",
  "title": "Otp Validation is not allowed more than 3 times in 24hrs",
  "status": 409,
  "detail": "Otp Validation is not allowed more than 3 times in 24hrs",
  "message": "error.business",
  "businessCode": "PP_MIDD_034"
}

Generate OTP POST

Generates and sends a One-Time Password (OTP) to the customer's registered mobile number. The OTP is used for sensitive operations like viewing card details, activating cards, and initiating fund transfers. ### When to Use - Before card activation (activate-card endpoint) - Before viewing full card details - Before IMPS/fund transfers - Any operation requiring two-factor authentication ### OTP Types - `S` — Single OTP sent to mobile only - `D` — Dual OTP sent to both mobile and email ### Response Returns a `traceNumber` that must be passed to the validate-otp endpoint. ### Rate Limits OTP generation is limited to prevent abuse. Exceeding limits returns a 409 error.

Fetch All Beneficiaries for Cardholder GET

Retrieves all registered IMPS beneficiaries for a cardholder. Returns both active and inactive beneficiaries. Use this endpoint to: - Display the list of saved beneficiaries in your fund transfer UI - Check if a beneficiary is already registered before attempting to add a new one - Show the cardholder their beneficiary management dashboard ### Response Details Each beneficiary in the list includes: - Bank account details (masked account number, IFSC, account name) - Beneficiary type (SELF/OTHER) - Current status (ACTIVE/INACTIVE)