OTP delivery for SDK

Where an OTP is required for Device Registration, or where a customer selects OTP as their choice of SCA in the SDK screens (this is not offered as the preferred authentication but can be selected by a customer by choosing ‘other authentication’ on the SDK UI), then the OTP is delivered to the customer in one of the following ways:

  • Contis SMS to customer (preferred)
  • Contis provide to client for onward delivery via SMS to the customer. This will be provided to the client either via:
  1. API 900 response (if a 900 response exists)
  2. HTTP Push (webhook) for:
    – SDK_RegisterDevice (internal SDK method)
    – SDK_ResendOTP (internal SDK method)

OTP delivery for SDK notification

Parameters Type Description Default value
NotificationType string Three-digit unique identifier of notification. Numeric value “065” denotes the OTP delivery for SDK. Blank
CardHolderID integer Unique identifier of the consumer
OTPType string Fixed description return “SDK RegisterDevice and ResendOTP OTP”
OTPCode integer Unique 8-digit, time-limited, one-time-use password needs to be sent on the registered mobile or email.
SecurityHash string String value generated through hash logic with all the above parameters (To verify the values posted on URL)

Example OTP delivery for SDK notification

The table shows an example of an OTP delivery for SDK notification.

Parameter name Value
NotificationType 065
CardHolderID 21
OTPType SDK RegisterDevice and ResendOTP OTP
OTPCode 12345678
SecurityHash 5d4337d825a29cbccaad48eaca80d07f04abf0315d1d5cf445057f13c06e902e

For this webhook there is a new notification category code: 065

SDK RegisterDevice and ResendOTP OTP HTTP Post:

Hash sequence : NotificationType&CardHolderID&OTPType&OTPCode&SecurityHash

JSON Example

{
   "NotificationType": "065",
   "CardHolderID": "21",
   "OTPType": "SDK RegisterDevice and ResendOTP OTP",
   "OTPCode" : "12345678",
   "SecurityHash" : "5d4337d825a29cbccaad48eaca80d07f04abf0315d1d5cf445057f13c06e902e"	
}

Note: OTPs for the online card payment journey are not covered in the above. Where a customer selects OTP as their method of authenticating an online card payment, the OTP delivery method will remain per existing client solutions in use today.