--- title: "Verify OTP (eKYC) API Reference" description: "Verify the eKYC OTP sent to the agent's Aadhaar-linked mobile number to advance the one-time AePS Fingpay eKYC." canonical: "https://eps.eko.in/docs/aeps-verify-otp-kyc" --- > **Canonical URL:** https://eps.eko.in/docs/aeps-verify-otp-kyc > This is a machine-readable Markdown version of the page for AI agents and LLMs. The primary (HTML) version lives at the canonical URL above. # Verify OTP (eKYC) API Reference `PUT https://staging.eko.in/ekoapi/v3/user/collection/aeps-fingpay/kyc/otp/verify` Verify the eKYC OTP sent to the agent's Aadhaar-linked mobile number to advance the one-time AePS Fingpay eKYC. The second step of the one-time AePS Fingpay eKYC flow (Send OTP → Verify OTP → Biometric Capture). Submits the OTP the agent received, together with the `otp_ref_id` and `reference_tid` returned by the Send OTP API, to validate the agent's identity before biometric capture. Aadhaar must be RSA-encrypted and Base64-encoded. > View product & pricing details: [AePS Cashout](https://eps.eko.in/products/aeps-api.md) ## Body parameters | Field | Type | Required | Description | | --- | --- | --- | --- | | initiator_id | string | yes | Registered mobile number of the API user (see Platform Credentials). e.g. 9962981729 | | user_code | string | yes | Unique code of your user/agent/retailer the service is run for. Use `Onboard Agent` API to register your users e.g. 20810200 | | customer_id | string | yes | Registered mobile number of the agent/merchant undergoing eKYC. e.g. 9123456789 | | aadhaar | string | yes | RSA-encrypted, Base64-encoded Aadhaar number of the agent undergoing eKYC. e.g. BASE64_ENCRYPTED_AADHAAR | | otp | string | yes | OTP received on the agent's Aadhaar-registered mobile number. e.g. 123456 | | otp_ref_id | string | yes | Reference ID returned by the Send OTP (eKYC) API. e.g. 2465238 | | reference_tid | string | yes | Transaction reference ID returned by the Send OTP (eKYC) API. e.g. EKYKF4719702240123152147525I | | latlong | string | yes | Agent's GPS coordinates as `latitude,longitude`. Required for security and fraud prevention. e.g. 28.6139,77.2090 | ## Headers | Field | Type | Required | Description | | --- | --- | --- | --- | | developer_key | string | yes | Static API key issued to your account after KYC. | | secret-key | string | yes | Dynamic per-request signature: base64(HMAC-SHA256(timestamp, base64(access_key))). | | secret-key-timestamp | string | yes | Current time in milliseconds since UNIX epoch, used to compute secret-key. Must match server time. | | content-type | string | yes | application/json e.g. application/json | ## Response ⭐ marks fields highlighted as verifiable. | Field | Type | Description | | --- | --- | --- | | status | number | Primary success indicator (0 = success). | | message | string | Human-readable response / error message. | | response_status_id | number | Granular status id; see the shared error-codes table. | | response_type_id | number | A unique id for every possible response shape (success or error) — useful for client logic branching and analytics. | | data | object | API-specific response payload. | | data.user_code ⭐ | string | User code of the agent whose eKYC was verified. | | data.reference_tid | string | Transaction reference ID for this eKYC verification. | | data.otp_ref_id ⭐ | string | Reference ID of the OTP session. Carry forward to the Biometric eKYC step. | ## Example request ```json { "initiator_id": "9962981729", "user_code": "20810200", "customer_id": "9123456789", "aadhaar": "BASE64_ENCRYPTED_AADHAAR", "otp": "123456", "otp_ref_id": "2465238", "reference_tid": "EKYKF4719702240123152147525I", "latlong": "28.6139,77.2090" } ``` ## Example response ```json { "response_status_id": 0, "data": { "user_code": "20810200", "reference_tid": "EKYKF4719702240123152147525I", "otp_ref_id": "2465238" }, "response_type_id": 1604, "message": "Validation successful", "status": 0 } ``` ## Error scenarios | Status | Scenario | | --- | --- | | 200 | Invalid or expired OTP |