search

Request OTP

The Request OTP API is used to request access to sensitive information. Calling this endpoint triggers a One‑Time Password (OTP) that is delivered to the cardholder via SMS. The OTP must be supplied on a subsequent Verify OTP request.

NOTE: An SMS message is always sent to the cardholder’s registered mobile number. If an email address is on file and email OTP is enabled, the OTP will also be sent to the registered email address.

hashtag
✍️ Authentication Methods

Exactly one of the following authentication schemes must be supplied in the <AuthenticationDetails> block.

Scheme
Field
Format
Required
Notes

Card Credentials

AuthCardNumber

PAN (16–19 digits)

AuthExpirationDate

YYYY‑MM

AuthDOB

YYYY‑MM‑DD

Date of birth on file

Cardholder Login

Username

String

✓*

Use if the cardholder has self‑service credentials

Password

String

✓*

*Only required when using the Login scheme

hashtag
📥 Input Parameters

Name
Required
Definition
Comments

Purpose

Y

String (≤50) Allowed value: Dispute Management

ID

Y

Numeric (1‑19) RPID when IDType = RPID

IDType

Y

CardNumber | RPID | SavingAccount

Avoid CardNumber here to prevent unencrypted storage

RequestedResult

Y

String (≤50) Allowed: CardNumberCvv, ChangeCardPin

hashtag
💻 Output Parameters

Name
Definition
Failure Case
Success Case
Comments

None

All values are returned inside <ResponseDetails>

hashtag
📄 XML Samples

hashtag
Card‑Credentials Authentication

hashtag
Login‑Credentials Authentication (alternative)

ℹ️ Use the returned SessionId when calling VerifyOTP. The OTP expires after 10 minutes.

For additional error codes see the Common Errors section of the API reference.

PreviousReopen CardNextResearch Card

Last updated