API Reference

Verify OTP API

post
https://sandbox.api.of.ayoconnect.id/dd/api/v3.0/otp-verification

This API is used to Verify OTP either for Direct Debit Payment or Account Unbinding.
In case of any HTTP response code other than 2XX received in the response, please 'DO NOT FAIL' the transaction.

The client should properly handle errors such as 502 (Bad Gateway), 504 (Gateway Timeout), client-side timeouts, or network issues. 'DO NOT FAIL' the transaction in these cases.

Please wait for the callback. If you do not receive a callback within the SLA period, please reach out to the Ayoconnect team via Whatsapp or send an email to the Ayoconnect's Operations team.

Service Code: 04

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Body Params
string
required
length between 32 and 32

PartnerReferenceNumber received in the initial API response.

string
required
length between 32 and 32

originalReferenceNo received in initial (OTP Creation API) response.

string
enum
required
length between 7 and 9

Possible values of action.

Allowed:
string
required
length between 6 and 6

This field is a 6 char merchant identifier that is unique per each merchant. The exact value is disclosed to each merchant separately.

string
required
length between 6 and 6

otp

additionalInfo
object
required

OTP verification additional info.

Headers
string
enum
required
length between 16 and 16

Represents the content type of the received data (e.g. application/json)

Allowed:
string
required

Represents the access_token of a request; string starts with the keyword "Bearer " followed by the access_token.

string
required

Represents the customer_access_token of a request; string starts with the keyword "Bearer " followed by the B2B2C Token. This is the access_token generated in the ACCESS-TOKEN B2B2C API.

string
required
length between 24 and 27

Client's current local time in yyyy-MM-ddTHH:mm:ssTZD format.

string
required

Represents signature of a request. Symmetric signature: HMAC_SHA512(clientSecret, stringToSign).

stringToSign = HTTPMethod +":"+ URLPath +":"+ AccessToken +":"+ Lowercase(HexEncode(SHA-256(minify(RequestBody))))+":" + X-TIMESTAMP

string
required
length between 6 and 6

This field is a 6 char merchant identifier that is unique per each merchant. The exact value is disclosed to each merchant separately.

string
required
length between 32 and 32

Alphanumeric String. Reference number that should be unique in the same flow. Use X-EXTERNAL-ID value of Payment or Binding.

string
required
length between 5 and 5

Numeric String. PJP's channel id. Device identification on which the API services is currently being accessed by the end user (customer). Must be the same in one flow.

Response

Updated 27 days ago

Language
Credentials
URL
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json

Updated 27 days ago