Request OTP

The Request OTP API is used to request access to sensitive information. Calling this endpoint triggers a One‑Time Password (OTP) that is delivered to the cardholder via SMS. The OTP must be supplied on a subsequent Verify OTP request.

NOTE: An SMS message is always sent to the cardholder’s registered mobile number. If an email address is on file and email OTP is enabled, the OTP will also be sent to the registered email address.


✍️ Authentication Methods

Exactly one of the following authentication schemes must be supplied in the <AuthenticationDetails> block.

Scheme
Field
Format
Required
Notes

Card Credentials

AuthCardNumber

PAN (16–19 digits)

âś“

AuthExpirationDate

YYYY‑MM

âś“

AuthDOB

YYYY‑MM‑DD

âś“

Date of birth on file

Cardholder Login

Username

String

âś“*

Use if the cardholder has self‑service credentials

Password

String

âś“*

*Only required when using the Login scheme


📥 Input Parameters

Name
Required
Definition
Comments

Purpose

Y

String (≤50) Allowed value: Dispute Management

ID

Y

Numeric (1‑19) RPID when IDType = RPID

IDType

Y

CardNumber | RPID | SavingAccount

Avoid CardNumber here to prevent unencrypted storage

RequestedResult

Y

String (≤50) Allowed: CardNumberCvv, ChangeCardPin

đź’» Output Parameters

Name
Definition
Failure Case
Success Case
Comments

None

All values are returned inside <ResponseDetails>


đź“„ XML Samples

Card‑Credentials Authentication

<?xml version="1.0"?>
<PraxellXMLRequest>
  <AuthenticationDetails>
    <AuthCardNumber>*******************</AuthCardNumber>
    <AuthExpirationDate>2028-03</AuthExpirationDate>
    <AuthDOB>1996-11-28</AuthDOB>
  </AuthenticationDetails>
  <ServiceDetails>
    <UniqueRequestId>9633-6955-1</UniqueRequestId>
    <ServiceName>RequestOTP</ServiceName>
  </ServiceDetails>
  <Origin>
    <OriginType>ExtAPI</OriginType>
  </Origin>
  <ServiceParams>
    <Purpose>Dispute Management</Purpose>
    <ID>1234565789</ID>
    <IDType>RPID</IDType>
    <RequestedResult>ChangeCardPin</RequestedResult>
  </ServiceParams>
</PraxellXMLRequest>
<?xml version="1.0"?>
<PraxellXMLResponse>
  <ResponseDetails>
    <ServiceName>RequestOTP</ServiceName>
    <SessionId>38097317201110064</SessionId>
    <StatusCode>0</StatusCode>
    <StatusName>StatusOK</StatusName>
    <StatusDescription>OK</StatusDescription>
    <ServiceDate>2025-05-29 05:10:40</ServiceDate>
    <ServiceId>38097317201110064</ServiceId>
  </ResponseDetails>
  <ResponseParams/>
</PraxellXMLResponse>
<?xml version="1.0"?>
<PraxellXMLResponse>
  <ResponseDetails>
    <ServiceName>RequestOTP</ServiceName>
    <SessionId>07071612200737105</SessionId>
    <StatusCode>70029</StatusCode>
    <StatusName>Data not found (cardholder not found)</StatusName>
    <StatusDescription>Data not found (cardholder not found)</StatusDescription>
    <ServiceDate>2025-05-29 05:12:50</ServiceDate>
    <ServiceId>07071612200737105</ServiceId>
  </ResponseDetails>
  <ResponseParams/>
</PraxellXMLResponse>

Login‑Credentials Authentication (alternative)

<?xml version="1.0"?>
<PraxellXMLRequest>
  <AuthenticationDetails>
    <Username>jane.doe</Username>
    <Password>Aq1!xyz123</Password>
  </AuthenticationDetails>
  <ServiceDetails>
    <UniqueRequestId>984653217</UniqueRequestId>
    <ServiceName>RequestOTP</ServiceName>
  </ServiceDetails>
  <Origin>
    <OriginType>ExtAPI</OriginType>
  </Origin>
  <ServiceParams>
    <Purpose>Dispute Management</Purpose>
    <ID>1234567890</ID>
    <IDType>RPID</IDType>
    <RequestedResult>ChangeCardPin</RequestedResult>
  </ServiceParams>
</PraxellXMLRequest>

ℹ️ Use the returned SessionId when calling VerifyOTP. The OTP expires after 10 minutes.

For additional error codes see the Common Errors section of the API reference.

Last updated