Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagejs
titleGenerate OTP
Api details:
URI : v1/otp/generate
Method: POST
header: api key
request body:
 {
 "request":
     {
       "userId":"valid user id"
       "key":"email/phone/prevUsedEmail/prevUsedPhone value", // prevUsedEmail/prevUsedPhone value should be used if userId is not null for forgot password flow
        "type" : "supported type as of now{email or phone}" 
     }

}

Response:
    Case 1 : 200
     {
    "id": "api.otp.generate",
    "ver": "v1",
    "ts": "2018-11-28 11:12:31:853+0000",
    "params": {
        "resmsgid": null,
        "msgid": "8e27cbf5-e299-43b0-bca7-8347f7e5abcf",
        "err": "",
        "status": "success",
        "errmsg": ""
    },
    "responseCode": "OK",
    "result": {
         "response":"SUCCESS"
        }
}

 Case 2 : 400
     {
    "id": "api.otp.generate",
    "ver": "v1",
    "ts": "2018-11-28 11:12:31:853+0000",
    "params": {
        "resmsgid": null,
        "msgid": "8e27cbf5-e299-43b0-bca7-8347f7e5abcf",
        "err": "MAX_LIMIT_EXHAUSTED",
        "status": "MAX_LIMIT_EXHAUSTED",
        "errmsg": "Only 4 OTP can be generated with in 24 hours"
    },
    "responseCode": "CLIENT_ERROR",
    "result": {
        }
}

// 400 error code can have : Phone or email is already in used , INVALID_PHONE/EMAIL , PHONE/EMAIL IS BLOCKED.

Case 3 : 500
     {
    "id": "api.otp.generate",
    "ver": "v1",
    "ts": "2018-11-28 11:12:31:853+0000",
    "params": {
        "resmsgid": null,
        "msgid": "8e27cbf5-e299-43b0-bca7-8347f7e5abcf",
        "err": "SERVER_ERROR",
        "status": "SERVER_ERROR",
        "errmsg": "Process failed, please try again."
    },
    "responseCode": "SERVER_ERROR",
    "result": {
        }
}



...

-- This api will have following validations:

...


1. User ID validation(Optional)
2. Request validation based on type {phone or email}.
23. Requested phone/email should not present in user data base. if it's present in user DB then throw error.- {"Phone or email is already in used."}
34. If requested phone/email is already in otp authenticate table and is not expired yet and attempt threshold is less than set value then send same OTP.
45. if OTP request is for first time then generate an OTP, store into db and send to user with valid channel. valid channel can be (email/Phone)
56. If user requested for OTP and OTP is expired and attempt count is less than threshold value-

...

      - Scenario 3: Generate new OTP and reset only attempt count and generated time. 
67. If user requested for OTP and OTP is expired and attempt count greater than equal to threshold value  Or OTP is not expired but attempt count more than threshold then throw an error. and put this data into in-memory for particular time to , so that next time it will check in cache it self if phone/email found then through error
78. Api gateway will have ip based throttling for this api, so that from same IP you can't continuously hit it.
89. Sunbird will have phone based throttling. API throttling or OTP API Throttling

...