On This Page
pilot
Step 4: Validate the one-time password code
This section describes how to validate one-time passwords (OTPs) and issuer
authentication codes. When the cardholder receives their OTP by means of their
selected method (SMS, email, or online banking) or an issuer authentication code
from their banking application, you can verify the OTP or issuer authentication code
by including it in the endpoint here.
Endpoint
Test:
POST
https://apitest.cybersource.com
/tms/v2/tokenized-cards/{tokenId}
/authentication-options/validateProduction:
POST
https://api.cybersource.com
/tms/v2/tokenized-cards/{tokenId}
/authentication-options/validateProduction in India:
POST
https://api.in.cybersource.com
/tms/v2/tokenized-cards/{tokenId}
/authentication-options/validateThe is the identifier of the tokenized card.
{tokenId}
IMPORTANT
If you receive an error when you validate the OTP, you must
get a new OTP from the issuer. See Step 1: Issuer sends a one-time password code.
Required Fields for Validating an OTP or Issuer Authentication Code
- Set to the client reference ID.
- Required whenotpis not included in the request.
- Required whenissuerAuthCodeis not included in the request.
Related Information
REST Example: Validating an OTP or Issuer Authentication Code
Request
{ "clientCorrelationId": "aB3cD4eF5gH6iJ7kL8mN9oP0qR1sT2uV3wX", "stepUpOption": { "id": "YWEwMjFhZmFkZDU4ZWI0NDJjYTM0MzY4OTY1YjdhMDE=" }, "otp": "456789", "issuerAuthCode": "HTZlY2YwOWQ3MDZmYWZj4GMww2Y0YjllZWFkODZkHJI=" }
Response to a Successful Request
{ "action": "AUTHENTICATION_REGISTRATION" }