Use this endpoint to submit and verify the one-time password delivered to your registered phone or email. A successful verification confirms your identity for the declared purpose and allows the associated sensitive operation to proceed. If the OTP is incorrect or has expired, the request returns an error and you must generate a new code.
Endpoint
POST /api/v1/security/web/verify_otp
Authentication
All requests must include a valid Dashboard Bearer token in the Authorization header.
| Header | Type | Required | Description |
|---|
Authorization | string | Yes | Bearer <token> — obtain from Login |
Content-Type | string | Yes | application/json |
Request Body
The one-time password you received on your registered device. Maximum 255 characters.
The purpose this OTP was generated for. Must match the value used when calling Generate OTP. Accepted values:
transactionuser_password_resetstaff_password_reset
Example Request Body
{
"otp": "482915",
"purpose": "transaction"
}
Response
A successful response confirms the OTP is valid for the declared purpose.
Success
{
"status": true,
"response_code": "00",
"message": "OTP verified successfully"
}
Error Codes
| Response Code | Meaning |
|---|
02 | Invalid OTP — the code you submitted does not match |
03 | Expired OTP — the code is past its validity window; generate a new one |
01 | Validation error — otp or purpose field is missing or malformed |
Error Example — Wrong OTP
{
"status": false,
"response_code": "02",
"message": "Invalid OTP"
}
Error Example — Expired OTP
{
"status": false,
"response_code": "03",
"message": "OTP has expired. Please request a new one."
}
Example
curl --request POST \
--url https://baasapi.payrepmfb.com/api/v1/security/web/verify_otp \
--header 'Authorization: Bearer <your_dashboard_token>' \
--header 'Content-Type: application/json' \
--data '{
"otp": "482915",
"purpose": "transaction"
}'
