OTP delivery to PSU

Where an OTP is required for Token account flow and Token payment flow, then the OTP is delivered to the customer in one of the following ways:

  • Contis SMS to customer (preferred)
  • Contis provide to client for onward delivery via SMS to the customer. This will be provided to the client either via:
  1. API 900 response (if a 900 response exists)
  2. HTTP Push (webhook) for:
    • VerifyPSUWithSCA

OTP delivery to PSU notification

Parameters Type Description Default value
NotificationType string Three-digit unique identifier of notification. Numeric value “066” OTP delivery for Open Banking solutions. Blank
ConsumerID integer Unique identifier of the consumer
OTPType string Fixed description return “Verify PSU with SCA OTP”
OTPCode integer Unique 8-digit, time-limited, one-time-use password needs to be sent on the registered mobile or email.
SecurityHash string String value generated through hash logic with all the above parameters (To verify the values posted on URL)

Example OTP delivery to PSU notification

The table shows an example of an OTP delivery to PSU notification.

Parameter name Value
NotificationType 066
ConsumerID 21
OTPType Verify PSU with SCA OTP.
OTPCode 12345678
SecurityHash 5d4337d825a29cbccaad48eaca80d07f04abf0315d1d5cf445057f13c06e902e

For this webhook there is a new notification category code: 066

Verify PSU with SCA OTP HTTP Post:

Hash sequence : NotificationType&ConsumerID&OTPType&OTPCode&SecurityHash

JSON Example

{
   "NotificationType": "066",
   "ConsumerID": "21",
   "OTPType": "Verify PSU with SCA HTTP Post",
   "OTPCode" : "12345678",
   "SecurityHash" : "5d4337d825a29cbccaad48eaca80d07f04abf0315d1d5cf445057f13c06e902e"	
}

Note: OTPs for the online card payment journey are not covered in the above. Where a customer selects OTP as their method of authenticating an online card payment, the OTP delivery method will remain per existing client solutions in use today.