Rules and Standards

Tools and Resources

verifyOTPAlipay+ → MPP

Alipay+ uses the verifyOTP API to request that the Mobile Payment Provider (MPP) verifies whether the one-time password (OTP) provided by the user is correct. This API is used in risk control scenarios where the user identity needs to be verified with OTPs.

Note: In the following sections, the MPP is also known as PSP. For example, pspId refers to the ID that identifies an MPP .

Structure

A message consists of a header and body. The following sections are focused on the body structure. For the header structure, see:

Note:

1. Set the data type of each parameter (except array) as String. This means that you must use double quotation marks (" ") to enclose the parameter value. Examples:

If the data type of a parameter is Integer and its value is 20, set it as "20".
If the data type of a parameter is Boolean and its value is true, set it as "true".

2. For optional parameters that are not required in your case, you can:

exclude them from the request body.
set the values as null (without the double quotation marks).

Do NOT leave the optional parameters empty by setting their values as ""; otherwise, an error might occur.

Request parameters

acquirerId String REQUIRED

The unique ID that is assigned by Alipay+ to identify an Acquiring Service Provider (ACQP).

More information about this field

Maximum length: 64 characters

pspId String REQUIRED

The unique ID that is assigned by Alipay+ to identify an MPP.

More information about this field

Maximum length: 64 characters

accessToken String REQUIRED

The token that is used to access the MPP user's resources.

For the verifyOTP API, the access token is used to specify the user.

More information about this field

Maximum length: 128 characters

verifyRequestId String REQUIRED

The unique ID that is assigned by MPP to identify an OTP.

More information about this field

Maximum length: 64 characters

otpCode String REQUIRED

The OTP code provided by the user. The MPP uses the OTP code for verification.

More information about this field

Maximum length: 32 characters

Response parameters

result Result object REQUIRED

The result of the OTP verification. If the value of the result.resultCode parameter is SUCCESS, the OTP is correct. For more information about how to return the OTP verification result, see How to return the result.

Show child parameters

API Explorer

Request

Request Body

Response

Response Body

More information

How to return the result

According to the business processing result, the MPP needs to return the corresponding result (specified by the result parameter):

If the OTP verification succeeds, set the value of result.resultStatus to S and the value of result.resultCode to SUCCESS.
If the OTP verification fails, set the value of result.resultStatus to F and the value of result.resultCode accordingly.
If the OTP verification result is unknown, set the value of result.resultStatus to U and the value of result.resultCode accordingly.

For more information about how to define your result codes, see the Result codes section below.

Result/Error codes

Code	Value	Message
SUCCESS	S	Success
ACCESS_DENIED	F	Access is denied.
EXPIRED_ACCESS_TOKEN	F	The access token is expired.
INVALID_CLIENT	F	The client is invalid.
INVALID_SIGNATURE	F	The signature is invalid.
INVALID_TOKEN	F	The access token is invalid.
KEY_NOT_FOUND	F	The key is not found.
MEDIA_TYPE_NOT_ACCEPTABLE	F	The server does not implement the media type that is acceptable to the client.
METHOD_NOT_SUPPORTED	F	The server does not implement the requested HTTPS method.
NO_INTERFACE_DEF	F	API is not defined.
OTP_VERIFY_TIMES_EXCEED_LIMIT	F	The OTP verification has failed too many times. The user must get a new OTP.
OTP_VERIFY_UNMATCHED	F	The OTP code is invalid.
PARAM_ILLEGAL	F	Illegal parameters. For example, non-numeric input, invalid date.
PROCESS_FAIL	F	A general business failure occurred. Do not retry.
USER_NOT_EXIST	F	The user does not exist.
USER_STATUS_ABNORMAL	F	The user status is abnormal.
VERIFY_REQUEST_ID_INVALID	F	The value of the verifyRequestId parameter is invalid.
REQUEST_TRAFFIC_EXCEED_LIMIT	U	The request traffic exceeds the limit.
UNKNOWN_EXCEPTION	U	An API call failed, which is caused by unknown reasons.