--- title: "AePS Fingpay — Send OTP (eKYC) API Reference" description: "Initiate AePS Fingpay eKYC by sending an OTP to the agent's registered Aadhaar-linked mobile number." canonical: "https://eps.eko.in/docs/aeps-send-otp-kyc" --- > **Canonical URL:** https://eps.eko.in/docs/aeps-send-otp-kyc > This is a machine-readable Markdown version of the page for AI agents and LLMs. The primary (HTML) version lives at the canonical URL above. # AePS Fingpay — Send OTP (eKYC) API Reference `POST https://staging.eko.in/ekoapi/v3/customer/aeps/fingpay/kyc/otp` Initiate AePS Fingpay eKYC by sending an OTP to the agent's registered Aadhaar-linked mobile number. The first step in the one-time AePS Fingpay eKYC flow. Sends an OTP to the mobile number registered with the agent's Aadhaar. The eKYC flow — Send OTP → Verify OTP → Biometric Capture — must be completed once per agent before they can perform any AePS transactions. This step is a prerequisite; do not confuse it with the daily authentication (2FA) which is required on each calendar day. > View product & pricing details: [AePS Cashout](https://eps.eko.in/products/aeps-api.md) ## Body parameters | Field | Type | Required | Description | | --- | --- | --- | --- | | initiator_id | string | yes | Registered mobile number of the API user (see Platform Credentials). e.g. 9962981729 | | user_code | string | yes | User code of the retailer/agent the service is run for. e.g. 20810200 | | client_ref_id | string | no | Unique reference id per API call, generated by your system. e.g. REQ-20260101-001 | | aadhaar | string | yes | RSA-encrypted, Base64-encoded Aadhaar number of the agent undergoing eKYC. e.g. BASE64_ENCRYPTED_AADHAAR | ## Headers | Field | Type | Required | Description | | --- | --- | --- | --- | | developer_key | string | yes | Static API key issued to your account after KYC. | | secret-key | string | yes | Dynamic per-request signature: base64(HMAC-SHA256(timestamp, base64(access_key))). | | secret-key-timestamp | string | yes | Current time in milliseconds since UNIX epoch, used to compute secret-key. Must match server time. | | content-type | string | yes | application/json e.g. application/json | ## Response ⭐ marks fields highlighted as verifiable. | Field | Type | Description | | --- | --- | --- | | status | number | Primary success indicator (0 = success). | | message | string | Human-readable response / error message. | | response_status_id | number | Granular status id; see the shared error-codes table. | | response_type_id | number | A unique id for every possible response shape (success or error) — useful for client logic branching and analytics. | | data | object | API-specific response payload. | | data.otp_ref_id ⭐ | string | Reference ID for the OTP session. Must be passed to the Verify OTP API. | | data.mobile_hint | string | Masked mobile number to which the OTP was sent (e.g., ******7890), for UI display. | ## Example request ```json { "initiator_id": "9962981729", "user_code": "20810200", "client_ref_id": "REQ-20260101-001", "aadhaar": "BASE64_ENCRYPTED_AADHAAR" } ``` ## Example response ```json { "status": 0, "response_status_id": 0, "message": "OTP sent successfully to Aadhaar-linked mobile number.", "response_type_id": 1388, "data": { "otp_ref_id": "OTPREF20240101001", "mobile_hint": "******7890" } } ``` ## Error scenarios | Status | Scenario | | --- | --- | | 200 | OTP already sent / too many requests | | 200 | Aadhaar not eligible for eKYC |