search
Your Paytm for business app is working and will keep working beyond March 15th, 2024. Click to know more

POSTValidate OTP API

Use Case

This API is used to validate the OTP entered by a user. Post successful OTP validation, you will get an access token known as SSO token and Refresh token in the response.
 

Header

ATTRIBUTE

DESCRIPTION

Authorization

string
mandatory

This is a base64 encoded string of “clientId:clientSecret”

Content-Type

string
mandatory

application/json

x-device-identifier

string
mandatory

Device Id
Please refer below for its sample values.

Query Parameter

ATTRIBUTE DESCRIPTION

locale

string
mandatory

This query parameter contains the combination of "language to be used" and "zone".
Possible Values: en-IN

anchor

string
optional

This query parameter is used to retrieve the encrypted user id in the response of API.
Possible Values: enc_user_id

Request Attributes

Content Type : JSON

Body

AttributeDescription
state_token
string
mandatory

State_token retrieved from Send OTP API

Example: 65cb6680-xxxx-11e4-aad2-3c970ea8b87f

otp
string
mandatory

6 digit OTP received over the user’s phone

Example: 888888

Response Attributes

Content Type : JSON

Body

AttributeDescription
status
string

Response Status

Example: SUCCESS/FAILURE

message
string

Message of the Response

message

responseCode
string

Response code

Example: BExxxxxx

tokens
string

It comprises the following values generated in a response to this API request:

•  Access Token (Also known as SSO token of Paytm user)

•  Refresh Token

•  Token Expiry for SSO token

•  Scope

encryptedUserId
string

It is a unique user id generated for the user in encrypted form

Response Codes & Messages

responseCodestatusmessage
BE1400001 SUCCESS Success
434 FAILURE Bad request
BE1423005 FAILURE Invalid Authorization
BE1423011 FAILURE Authorization client and state token client mismatch
BE1423012 FAILURE Device Identifier is missing
BE1423013 FAILURE Device Identifier is mismatch
BE1425004 FAILUREMobile number is already pending for verification. Please try after 48 hours.
BE1425005 FAILURE Scope not allowed
BE1425007 FAILURE Please enter a valid OTP
BE1425008 FAILUREYou have exceeded the number of attempts for entering a valid OTP. Please click Resend to continue with new OTP.
 

Device Id Nomenclature

Device Suggested Nomenclature Sample Code
App - Android Android id Settings.Secure.ANDROID_ID
Ref: https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html
Example: 8c4afbfab1ae0bd4
App - iOS Vendor Id UIDevice.current.identifierForVendor?.uuidString
Example: CCB300A0-DE1B-4D48-BC7E-599E453B8DD4
Web User Agent Id associated with cookie
Example: 123e4567-e89b-12d3-a456-426614174000
Staging
Production
https://accounts-uat.paytm.com/v4/signin/validate/otp/sv1?locale=en-INcopy icon
REQUEST
RESPONSE
CURL
JAVA
NODE
PHP
PYTHON
DOTNET
curl -X POST 'https://accounts-uat.paytm.com/v4/signin/validate/otp/sv1?locale=en-IN' \
--header 'Authorization: Basic {BASE64_ENCODED_CLIENT_ID_AND_CLIENT_SECRET}' \
--header 'Content-Type: application/json' \
--header 'x-device-identifier: Device123' \
--data '{"state_token": "78e8c293-6088-XXXX-XXXX-44b83ffd50c3","otp":"888888"}'
copy icon