2. Verify OTP code

To verify an OTP code, you need to provide the unique otpId that refers the the OTP delivery request and the OTP code the user provided. The operation will verify then if the OTP code used matched the OTP code that was generated for this user.

Basic Example for verifying an OTP (JSON):

curl \
-X POST \
-H "apikey: yourApiKey" \
https://api.tyntec.com/2fa/v1/otp/b3eaee2c-c3c4-4f40-87e5-c21d07905b27/check?otpCode=1234

* b3eaee2c-c3c4-4f40-87e5-c21d07905b27 is the uuid of the generated OTP request for this example. 

Response to Basic Example for verifying an OTP (JSON):

HTTP/1.1 202 OK

{ accountId: 'your account id', 
 "applicationId": "2a9a2a1f-ad49-39e4-9a0e-8f2b648ebf83",
 "otpId": "b3eaee2c-c3c4-4f40-87e5-c21d07905b27",
 "number": "+4412312313",
 "attemptCount": 1,
 "otpStatus": "VERIFIED",
 "expire": 1499862186616,
 "created": 1499860686616,
 "timestampCreated": "2017-07-12T11:58:06.616Z",
 "timestampExpire": "2017-07-12T12:23:06.616Z"
 } 

HTTP return codes:

HTTP Code Description
202 Accepted The OTP code provided matched the one delivered.
401 Unauthorized  This verification attempt was not valid
403 Forbidden The OTP code provided is not correct. This signals a final state for this OTP, either because the maximum attempts has been reached or because the OTP expired. You can check the otpStatus in the body response to determine the status.
404 Not Found The OTP was not found.
410 Gone This OTP has already being validated.
Note once an OTP is validated, even if you request a check against it with the correct OTP or a wrong one you will already get this HTTP response code.
500 Internal Server Error Unexpected error.