OTP Engine V2
The main difference between v1 and v2 is in v2 Response Body contains metadata that show
next_resend_at, resend_count and resend_limit. Also when resend_limit exceeded, it will Lock that User for requesting OTP.
The Duration is based on authentication flow config.
ba
Get Client Config
Same Implementation with V1 Here
OTP with Basic Auth
To request and validate OTP using otp with basic auth flow, you need to send base64(client_id:client_secret) as basic auth token. Here's the Example Flow Use Case:
API Endpoints
Request OTP
URL:
POST /v2/passwordless/start
Header:
Authorization: Basic <base64(client_id:client_secret)>
Content-Type: application/json
Request Body:
{
"username": "081200010002"
}
Success (200) Response Body:
{
"username": "081200010002",
"otp": "59180",
"timestamp": "2024-03-07T06:37:48.079251Z",
"metadata": {
"next_resend_at": "2024-03-07T13:38:48.078787+07:00",
"resend_count": 0,
"resend_limit": 3
}
}
Failed (400) Response Body:
{
"error": "invalid_body",
"error_description": "Invalid Request Body",
"timestamp": "2023-08-21T02:44:53Z"
}
Failed (401) Response Body:
{
"error": "identifier_has_active_verification",
"error_description": "User has Active OTP",
"timestamp": "2024-03-07T06:38:23.507756Z",
"metadata": {
"next_resend_at": "2024-03-07T13:38:48.078787+07:00",
"resend_count": 0,
"resend_limit": 3
}
}
List Of Possible Response
| http status code | error code | message |
|---|---|---|
| 500 | unexpected_error | Something Went Wrong |
| 400 | invalid_request_body | Invalid Request, Please Check Your Request Body |
| 400 | invalid_request_body | Please Enter a valid username |
| 400 | otp_resend_limit_exceeded | OTP Resend Limit Exceeded |
| 401 | invalid_client_credential | Invalid Client Credentials |
| 401 | identifier_has_active_verification | User has Active OTP |
Validate OTP
URL:
POST /v2/passwordless/validate
Header:
Authorization: Basic <base64(client_id:client_secret)>
Content-Type: application/json
Request Body:
{
"username": "081200010002",
"otp": "123456"
}
Success (200) Response Body:
{
"message": "OTP Validated Successfully",
"timestamp": "2023-01-01T00:00:00Z"
}
Failed (400) Response Body:
{
"error": "invalid_otp",
"error_description": "OTP is Invalid",
"timestamp": "2024-03-07T07:06:36.977945Z",
"metadata": {
"invalid_attempt": 1,
"max_invalid_attempt": 3
}
}
List Of Possible Response
| http status code | error code | message |
|---|---|---|
| 500 | unexpected_error | Something Went Wrong |
| 400 | invalid_request_body | Invalid Request, Please Check Your Request Body |
| 400 | invalid_request_body | Please Enter a valid username |
| 400 | verification_not_found | Verification Not Found |
| 400 | wrong_otp_request_limit | Wrong OTP Limit Request Exceeded |
| 400 | invalid_otp | OTP is Invalid |
| 400 | verification_is_expired | Verification Expired |
| 400 | used_otp | OTP is Already Used |
| 400 | invalid_otp_config_changed | OTP is Invalid, Please Request New OTP |
| 401 | invalid_client_credential | Invalid Client Credentials |
| 401 | identifier_has_active_verification | User has Active OTP |