Where an OTP is required for Token account flow and Token payment flow, then the OTP is delivered to the customer in one of the following ways:
- Contis SMS to customer (preferred)
- Contis provide to client for onward delivery via SMS to the customer. This will be provided to the client either via:
- API 900 response (if a 900 response exists)
- HTTP Push (webhook) for:
- VerifyPSUWithSCA
OTP delivery to PSU notification
| Parameters | Type | Description | Default value |
| NotificationType | string | Three-digit unique identifier of notification. Numeric value “066” OTP delivery for Open Banking solutions. | Blank |
| ConsumerID | integer | Unique identifier of the consumer | |
| OTPType | string | Fixed description return “Verify PSU with SCA OTP” | |
| OTPCode | integer | Unique 8-digit, time-limited, one-time-use password needs to be sent on the registered mobile or email. | |
| SecurityHash | string | String value generated through hash logic with all the above parameters (To verify the values posted on URL) |
Example OTP delivery to PSU notification
The table shows an example of an OTP delivery to PSU notification.
| Parameter name | Value |
| NotificationType | 066 |
| ConsumerID | 21 |
| OTPType | Verify PSU with SCA OTP. |
| OTPCode | 12345678 |
| SecurityHash | 5d4337d825a29cbccaad48eaca80d07f04abf0315d1d5cf445057f13c06e902e |
For this webhook there is a new notification category code: 066
Verify PSU with SCA OTP HTTP Post:
Hash sequence : NotificationType&ConsumerID&OTPType&OTPCode&SecurityHash
JSON Example
{
"NotificationType": "066",
"ConsumerID": "21",
"OTPType": "Verify PSU with SCA HTTP Post",
"OTPCode" : "12345678",
"SecurityHash" : "5d4337d825a29cbccaad48eaca80d07f04abf0315d1d5cf445057f13c06e902e"
}Note: OTPs for the online card payment journey are not covered in the above. Where a customer selects OTP as their method of authenticating an online card payment, the OTP delivery method will remain per existing client solutions in use today.