Skip to main content
POST
/
lbms-ingress
/
member
/
api
/
Member
/
VerifyOTP
Verify OTP
curl --request POST \
  --url https://loyalife-api.xoxoday.in/lbms-ingress/member/api/Member/VerifyOTP \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "UniquerefID": "jane.doe@example.com",
  "OTP": 123456,
  "DestinationAddress": "192.168.1.1",
  "Destination": "Web",
  "OtpType": "FORGOTPWD",
  "ProgramId": 19,
  "RelationType": 4
}
'
{
  "results": {
    "IsSucessful": true,
    "ErrorCode": "000",
    "ExceptionMessage": "Success",
    "ReturnObject": true
  }
}
Validates the OTP entered by the member against the one dispatched via Generate OTP. The OtpType must match what was used in the generate call. A successful response confirms the member’s identity for the specified action (login, password reset, etc.). OTPs are time-limited and single-use. The expiry duration and maximum incorrect attempt limit are both configurable at the program level — confirm these values with your Xoxoday implementation contact so your UI timer and lockout handling match. A failed response means the code has expired, already been used, or the attempt limit has been reached.

Responses

PathTypeDescription
results.IsSucessfulbooleantrue
results.ErrorCodestring000
results.ExceptionMessagestringSuccess
results.ReturnObjectbooleantrue on successful verification
PathTypeDescription
results.IsSucessfulbooleanfalse
results.ErrorCodestringError code from the platform
results.ExceptionMessagestringHuman-readable reason — check this field for details

Authorizations

Authorization
string
header
required

JWT obtained from Generate Auth Token. Pass as Authorization: bearer {token}.

Body

application/json
UniquerefID
string
required

The member's email address

Example:

"jane.doe@example.com"

OTP
integer
required

The OTP entered by the member

Example:

123456

DestinationAddress
string
required

IP address of the client device

Example:

"192.168.1.1"

Destination
enum<string>
required
Available options:
Web,
Mobile
Example:

"Web"

OtpType
enum<string>
required

Purpose of the OTP. Must match between Generate and Verify calls.

Available options:
ACTIVATION,
LOGIN,
FORGOTPWD,
CHANGEPASSWORD,
RESETPASSWORD,
FORGOTUSERNAME,
TwoFA,
UNBLOCKMEMBER,
NONE,
CASHBACKCONFIRM,
POINTTRANSFERCONFIRM,
FAMILYPOOLINGMERGE,
FAMILYPOOLINGUNMERGE,
AIRREVIEWNCONFIRM,
DOMESTICFLIGHTREVIEWNCONFIRM,
HOTELREVIEWNCONFIRM,
CARREVIEWNCONFIRM,
GIFTCARDREVIEWNCONFIRM,
PACKAGEREVIEWNCONFIRM,
SHOPREVIEWNCONFIRM,
SHOPDIGITALREVIEWNCONFIRM,
MERCHANTREVIEWNCONFIRM,
ISPREVIEWNCONFIRM,
INSURANCEREVIEWNCONFIRM
Example:

"LOGIN"

ProgramId
integer
required
Example:

19

RelationType
integer
required

Use 4 for customers

Example:

4

Response

OTP verified