OTP delivery for SDK

Where an OTP is required for Device Registration, or where a customer selects OTP as their choice of SCA in the SDK screens (this is not offered as the preferred authentication but can be selected by a customer by choosing ‘other authentication’ on the SDK UI), then the OTP is delivered to the customer in one of the following ways:

  • Contis SMS to customer (preferred)
  • Contis provide to client for onward delivery via SMS to the customer. This will be provided to the client either via:
  1. API 900 response (if a 900 response exists)
  2. HTTP Push (webhook) for:
              –  SDK_RegisterDevice (internal SDK method)
              –  SDK_ResendOTP (internal SDK method)

For this webhook there is a new notification category code: 065

SDK RegisterDevice and ResendOTP OTP HTTP Post:

NotificationType | CardHolderID | OTPType | OTPCode | SecurityHash

Example:

NotificationType=065&CardHolderID=21&OTPType=SDK RegisterDevice 
and ResendOTP OTP&OTPCode=12345678&SecurityHash=5d4337d825a29cbccaad48eaca80d07f04abf0315d1d5cf445057f13c06e902e

Note: OTPs for the online card payment journey are not covered in the above. Where a customer selects OTP as their method of authenticating an online card payment, the OTP delivery method will remain per existing client solutions in use today.