Skip to main content
When a card purchase returns responseCode: "T0", the transaction requires OTP authentication. The cardholder receives a one-time password on their registered phone number. Submit that OTP here to complete the payment.

Authenticate OTP

POST /api/v1/card-payments/authenticate-otp

Authentication

x-api-key: your_api_key
x-api-secret: your_api_secret

Request body

paymentId
string
required
The paymentId returned in the data object from the Initiate Payment response.
otp
string
required
The one-time password entered by the cardholder.
transactionId
string
required
The transactionId returned in the data object from the Initiate Payment response.
eciFlag
string
The eciFlag returned from the initiate-payment response. Pass this through exactly as received. Optional but recommended.

Example request

curl --request POST \
  --url https://api.hyparrow.com/api/v1/card-payments/authenticate-otp \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: your_api_key' \
  --header 'x-api-secret: your_api_secret' \
  --data '{
    "paymentId": "PAY-2024042310300001",
    "otp": "123456",
    "transactionId": "1234567890",
    "eciFlag": "07"
  }'

Example responses

{
  "success": true,
  "message": "OTP authenticated successfully",
  "data": {
    "responseCode": "00",
    "message": "Approved by Financial Institution",
    "amount": "500000",
    "transactionDate": "2024-04-23T10:30:00Z"
  }
}

Response fields

success
boolean
true when authentication was processed by the API.
data.responseCode
string
"00" indicates the payment was approved. Any other code means the payment failed.
data.message
string
Human-readable outcome from the processor.

Resend OTP

Triggers a new OTP to be sent to the cardholder’s registered phone number. Use this if the original OTP expired or was not received. 
POST /api/v1/card-payments/resend-otp

Authentication

x-api-key: your_api_key
x-api-secret: your_api_secret

Request body

paymentId
string
required
The paymentId from the original Initiate Payment response.
transactionId
string
required
The transactionId from the original Initiate Payment response.

Example request

curl --request POST \
  --url https://api.hyparrow.com/api/v1/card-payments/resend-otp \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: your_api_key' \
  --header 'x-api-secret: your_api_secret' \
  --data '{
    "paymentId": "PAY-2024042310300001",
    "transactionId": "1234567890"
  }'

Example response

Success
{
  "success": true,
  "message": "OTP resent successfully",
  "data": {
    "message": "OTP sent to registered phone number"
  }
}