The Generate OTP for Rupay Card API is used to generate OTP in the Seamless flow. After the customer receives the OTP, you must validate the OTP using the Verify OTP for Rupay Card API.

Endpoint


Production	https://pgdomain/authentication/api/v1/generateOTP
Test	https://areionsbi.pc.enstage-sas.com/authentication/api/v1/generateOTP

Sample request

curl -X POST https://areionsbi.pc.enstage-sas.com/authentication/api/v1/generateOTP \
-H "Content-Type: application/json" \
-H "pgInstanceId: 720200" \
-d '{
  "header": {
    "version": "1.0.0.0",
    "pgInstanceId":”72702415”,
    "x-api-key”: “AF165FBD-4E85-4c66-BEB1C54DC16CD48B”
  },
  "body": {
     “pgInstanceId”:” 72702415”
     "merchantId":”123”,
     "pan": “6075xxxxxxxx4412”,	
     "expDate_:"022024",
     "cvd2":”123”,
     "nameOnCard":”test”,
     "email":”test@test.io”,
     "currencCode":”356”,
     "amount":”11025”
     "merchantReferenceNo":”122344sdg”
     "orderDesc":”One bat”,
     "mobileNumber":”8867772222”,
     “cardHolderStatus”:”NW”,
     "http_accept": “text/html, application/xhmtl (http accept of a browser)”,	
     "browser_user_agent":"user agent of a browser",
     "customerIpAddress":"ip-address of a customer",
     “ext1”:”123456”,
     “ext2”:”123456”,
     “amountInINR:”11025”,
     “originalAmount”:”11025”
     “purposeOfAuthentication”:” Token Transaction”,
      “tokenAuthenticationValue”:”wwopqds/qww=”
  }
}'

Response parameters

Parameter	M/O/C	Type & Size	Description	Example
status	M	N(5)	Transaction Status	success or failed
validityPeriod	C	N(2)	The validity of the OTP in minutes for this transaction. Any newly generated OTP for the same transaction will automatically invalidate the old OTPs.	00 to 30
errorcode	M	N(1-4)	This is a numeric code used to provide success or failure response.	0 = No Error. For the complete list of error codes, refer to Error codes sub-section and PG Error Codes.
errormsg	C	AN(0-(1024)	Description for the error code.	For the complete list of error codes with message, refer to PG Error Codes .
pgTransactionId	C	N(1-8)	Sale ID	860

Sample response

{
      "status":"success",
      "errorcode":"0",
      "errormsg":"",
      "pgTransactionId":"32424",	
      “validityPeriod”:”25”
   }

Error codes

###Error codes

Error Code	Description	Reference XML Tag
00	Transaction was successfully authorized by Issuing bank.	Entire SOAP envelop along with values of parameters passed BEPG will successfully complete all technical as well as business validations on XML structure and values of all the parameters present within tag and passes the same to Issuing bank. On successful response from Issuinb bank, BEPG to return code '00'
01	Missing Parameter	Entire SOAP envelop along with values of parameters passed BEPG will check all the parameters and if any of the required parameter is not present then return this error code.
02	Invalid Command	BEPG checks if command in this tag is as per specs and if not will decline with this error code.
07	Invalid Parameter	BEPG checks all parameters and if any parameter is not as per specs and it will decline with this error code.
13	Amount Error	<auth_amount> under If amount value send by PG is not greater than 0 then BEPG will decline with this error code.
41	DECLINED (lost card)	If card is marked as Lost at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG
42	DECLINED (no account)	If no account is found for the card number provided at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
43	DECLINED (stolen)	If card is marked as Stolen at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
51	NON SUFFICIENT FUNDS	If sufficient funds are not available in cardholder account to process that transaction amount, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
54	EXPIRED CARD	If card is expired, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
55	WRONG PIN	If cardholder has submitted wrong PIN, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
57	DECLINED (cardholder not allowed)	If transactions are not allowed for the provided card at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
58	DECLINED (terminal not allowed)	If transactions are not allowed for the provided terminal details at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
59	DECLINED (fraud)	If transaction is match any RISK criterias/rules at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
61	DECLINED (exceeds with)	If daily withdrawal amount limit is exceeded for provided card at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
62	DECLINED (restricted card)	If card is marked as Restricted for usage at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
65	DECLINED (exceeds frequency)	If daily withdrawal frequency limit is exceeded for provided card at Issuer end, Issuer to pass this error code to BEPG and BEPG sends this error code to PG.
91	ERROR	If NPCI switch does not receives response from Issuer switch within specified time limit, transactions is declined by NPCI switch with this error code
92	NO ROUTING AVAILABLE	If no routing is available for provided BIN at NPCI switch end, NPCI switch to pass this error code to BEPG and BEPG sends this error code to PG.
96	SYSTEM ERROR	In case if due to any technical error BEPG is unable to process transaction then BEPG to return this error code.
96	PREVIOUSLY AUTHORIZED	Duplicate Authorize API Call Transaction was authorized at BEPG and received duplicate Authorize request for same transaction ID from PG. It is completely on PG’s discretion to decline/approve the transaction based on response received for duplicate Authorize API call and member entity is always advised to trigger the Transaction Status API call in case of response not received for first authorize API call instead of duplicate Authorize API call.
96	PREVIOUSLY DECLINED	Duplicate Authorize API Call Transaction was authorized at BEPG and received duplicate Authorize request for same transaction ID from PG. It is completely on PG’s discretion to decline/approve the transaction based on response received for duplicate Authorize API call and member entity is always advised to trigger the Transaction Status API call in case of response not received for first authorize API call instead of duplicate Authorize API call.
110	NO ACCT	If not account is found for provided card at Issuer end, Issuer to pass this error code to BEPG and BEPG to send this error code to PG.
120	ACCT CLOSED	If not account is closed for the card provided at Issuer end, Issuer to pass this error code to BEPG and BEPG to send this error code to PG.
399	SYSTEM UNAVAILABLE	In case if interfacing systems are unavailable at BEPG end, for some reasons resulting in non-processing of transaction then BEPG to return this error code
400	General Error	If BEPG is not able to process transactions for codes as specified in this document then BEPG can return this code.
401	Command is Null or Empty	IAS checks tag and if NULL or Empty command found, then decline with this error code
402	XML is Null or Empty	If XML body in this tag is Null or Empty then return this message
406	Not Authenticated	, <partner_id>, <merchant_password> Credentials mismatch/Invalid credentials OR not able to validate the signature/hash of the request in case or rest endpoints.
407	Not Authorized	Source IP BEPG checks for credentials passed by PG and source IP and if source IP is not from white listed IP addresses at application level then BEPG will return this error code.
408	XML Data Error	under BEPG will validate entire XML structure/format and if validation fails then BEPG will return this error code
409	Invalid AuthenticaionValue	The authenticationValue sent in request is validated and if invalid or duplicate, the request is rejected with this code.
453	Exhausted OTP resend count	Limit reached for resend OTP request for this transaction. The user must initiate a new transaction.
454	Duplicate requestID	The requestID of generateOTP is already used for a different card number.
501	EMI Not available	EMI program is not available for the given card bin.
504	EMI details mismatch	The Emi details (emi tenure, emi rate of interest) does not match with EMI program available for the card bin.
505	SI not registered	SI registration ID sent in request is not available in the system.
506	Invalid relationshipID	The relationshipID sent in request is not available in the system or is invalid
507	SFA device token security error	The deviceToken is invalid for the relationshipID sent Note: Reason could be: deviceToken decryption error deviceToken signature error devicetoken validation error
508	SFA token security error	The token/token signature is invalid