Verify display sensitive data OTP

Verifies the OTP from the initiation flow and returns the card's sensitive data.

Response Fields:

pan - Primary Account Number (16 digits)

cvv - Card Verification Value (3 digits)

expiry - Expiry date in MM/YY format

pin - PIN digits (4 digits, optional - present when available, null when not set)

Security:

OTP must be valid and not expired

Maximum 5 invalid OTP attempts allowed

Sensitive data is retrieved from Paymentology's secure vault

Error Responses:

400 INVALID_OTP_FORMAT - OTP format is invalid (must be 4-8 digits)

400 OTP_EXPIRED - OTP has expired. Please initiate a new operation.

400 OTP_MAX_ATTEMPTS_REACHED - Maximum OTP verification attempts reached. Please initiate a new operation.

400 OTP_VERIFICATION_FAILED - OTP verification failed (generic error)

400 OTP_INVALID - Invalid OTP provided. Please try again.

404 CARD_NOT_FOUND - The card is invalid. Please use a valid card.

404 OTP_OPERATION_NOT_FOUND - The operation ID is invalid. Please use a valid operation.

412 INVALID_CARD_STATUS - The card is not ACTIVE. Only ACTIVE cards can access sensitive data.

412 OTP_OPERATION_WRONG_STATUS - OTP operation is not in correct state (already completed or failed)

503 SERVICE_UNAVAILABLE - The service is currently unavailable. Please try again later.

Request Code Samples

Shell

JavaScript

Java

Swift

PHP

Python

HTTP

Objective-C

Ruby

OCaml

Dart

Responses

🟢200OK

application/json

Default Response

Body

Example

{
    "pan": "string",
    "cvv": "str",
    "expiry": "string",
    "pin": "string"
}

🟠400Bad Request

🟠401Unauthorized

🟠403Forbidden

🟠404Not Found

🟠405Method Not Allowed

🟠409Conflict

🟠410Gone

🟠412Precondition Failed

🟠422Unprocessable Entity

🟠429Too Many Requests

🔴500Internal Server Error

🔴501Not Implemented

🔴503Service Unavailable

🔴504Gateway Timeout

🔴505HTTP Version Not Supported