--- title: "Validate OTP-Verification-Token API Reference" description: "Validate an otp_verification_token as proof that OTP verification happened within the 5-minute time limit." canonical: "https://eps.eko.in/docs/mobile-otp-validate-token" --- > **Canonical URL:** https://eps.eko.in/docs/mobile-otp-validate-token > This is a machine-readable Markdown version of the page for AI agents and LLMs. The primary (HTML) version lives at the canonical URL above. # Validate OTP-Verification-Token API Reference `GET https://staging.eko.in/ekoapi/v3/tools/kyc/mobile/otp/validate-token` Validate an otp_verification_token as proof that OTP verification happened within the 5-minute time limit. Validates the authenticity of an `otp_verification_token` issued by the Verify OTP API, proving the OTP verification was actually performed within its 5-minute validity window. Returns `status` = 0 when the token is valid; a timed-out or tampered/invalid token returns `status` = 1 with a descriptive message. > View product & pricing details: [Mobile/OTP Verification](https://eps.eko.in/products/mobile-otp-verification-api.md) ## Query parameters | Field | Type | Required | Description | | --- | --- | --- | --- | | initiator_id | string | yes | Registered mobile number of the API user (see Platform Credentials). e.g. 9962981729 | | otp_verification_token | string | yes | The signed JWT received from the Verify OTP API. e.g. eyJ0eXAiOiJKV1QiLCJ...5aXdrqrNcEbhfYfDsI | ## Headers | Field | Type | Required | Description | | --- | --- | --- | --- | | developer_key | string | yes | Static API key issued to your account after KYC. | | secret-key | string | yes | Dynamic per-request signature: base64(HMAC-SHA256(timestamp, base64(access_key))). | | secret-key-timestamp | string | yes | Current time in milliseconds since UNIX epoch, used to compute secret-key. Must match server time. | | content-type | string | yes | application/json e.g. application/json | ## Response ⭐ marks fields highlighted as verifiable. | Field | Type | Description | | --- | --- | --- | | status | number | Primary success indicator (0 = success). | | message | string | Human-readable response / error message. | | response_status_id | number | Granular status id; see the shared error-codes table. | | response_type_id | number | A unique id for every possible response shape (success or error) — useful for client logic branching and analytics. | | data | object | API-specific response payload. | | data.client_ref_id | string | Unique reference id for the original OTP flow, echoed back. | | data.otp_verification_token | string | The token that was validated, echoed back. | | data.initiator_id | string | Registered mobile number of the API user that initiated the call. | | data.mobile ⭐ | string | The mobile number the token certifies as verified. | | data.tid | string | Unique transaction id for this validation. | ## Example response ```json { "status": 0, "response_status_id": 0, "response_type_id": 1633, "message": "OTP verification token is valid.", "data": { "client_ref_id": "211101129871", "otp_verification_token": "eyJ0eXAiOiJKV1QiLCJ...5aXdrqrNcEbhfYfDsI", "initiator_id": "1234567891", "mobile": "9002336768", "tid": "2886978475" } } ``` ## Error scenarios | Status | Scenario | | --- | --- | | 200 | Token timed out (older than 5 minutes) | | 200 | Invalid or tampered token |