--- title: "Verify OTP API Reference" description: "Verify the OTP entered by the customer and receive a signed verification token for downstream use." canonical: "https://eps.eko.in/docs/mobile-otp-verify" --- > **Canonical URL:** https://eps.eko.in/docs/mobile-otp-verify > This is a machine-readable Markdown version of the page for AI agents and LLMs. The primary (HTML) version lives at the canonical URL above. # Verify OTP API Reference `PUT https://staging.eko.in/ekoapi/v3/tools/kyc/mobile/otp/verify` Verify the OTP entered by the customer and receive a signed verification token for downstream use. Validates the OTP sent by the Send OTP API. On success (`status` = 0) it returns a signed JWT `otp_verification_token` containing the verified `mobile` and a unique token id. The token is valid for **5 minutes** and acts as proof that OTP verification was performed — pass it to any transaction that depends on a verified mobile, and use the Validate OTP-Verification-Token API to confirm its authenticity. > View product & pricing details: [Mobile/OTP Verification](https://eps.eko.in/products/mobile-otp-verification-api.md) ## Body parameters | Field | Type | Required | Description | | --- | --- | --- | --- | | initiator_id | string | yes | Registered mobile number of the API user (see Platform Credentials). e.g. 9962981729 | | otp | string | yes | The OTP value the customer received via SMS from the Send OTP API. e.g. 3643 | | mobile | string | yes | The same 10-digit mobile number the OTP was sent to. e.g. 9002336768 | ## Headers | Field | Type | Required | Description | | --- | --- | --- | --- | | developer_key | string | yes | Static API key issued to your account after KYC. | | secret-key | string | yes | Dynamic per-request signature: base64(HMAC-SHA256(timestamp, base64(access_key))). | | secret-key-timestamp | string | yes | Current time in milliseconds since UNIX epoch, used to compute secret-key. Must match server time. | | content-type | string | yes | application/json e.g. application/json | ## Response ⭐ marks fields highlighted as verifiable. | Field | Type | Description | | --- | --- | --- | | status | number | Primary success indicator (0 = success). | | message | string | Human-readable response / error message. | | response_status_id | number | Granular status id; see the shared error-codes table. | | response_type_id | number | A unique id for every possible response shape (success or error) — useful for client logic branching and analytics. | | data | object | API-specific response payload. | | data.client_ref_id | string | Unique reference id for this OTP flow, echoed back. | | data.otp_verification_token ⭐ | string | Signed JWT proving the OTP was verified. Contains the verified mobile and a unique token id; valid for 5 minutes. Validate it with the Validate OTP-Verification-Token API. | | data.initiator_id | string | Registered mobile number of the API user that initiated the call. | | data.mobile ⭐ | string | The mobile number that was verified. | | data.tid | string | Unique transaction id for this verification. | ## Example request ```json { "initiator_id": "9962981729", "otp": "3643", "mobile": "9002336768" } ``` ## Example response ```json { "status": 0, "response_status_id": 0, "response_type_id": 1632, "message": "OTP verification successful.", "data": { "client_ref_id": "211101129871", "otp_verification_token": "eyJ0eXAiOiJKV1QiLCJ...5aXdrqrNcEbhfYfDsI", "initiator_id": "1234567891", "mobile": "9002336768", "tid": "2886978475" } } ``` ## Error scenarios | Status | Scenario | | --- | --- | | 200 | Incorrect or expired OTP |