> ## Documentation Index > Fetch the complete documentation index at: https://help-loyalife.xoxoday.com/llms.txt > Use this file to discover all available pages before exploring further. # Verify OTP > Validate an OTP sent via Generate OTP (email-based). Validates the OTP entered by the member against the one dispatched via [Generate OTP](/api-reference/otp/generate-otp). The `OtpType` must match what was used in the generate call. A successful response confirms the member's identity for the specified action (login, password reset, etc.). OTPs are time-limited and single-use. The expiry duration and maximum incorrect attempt limit are both **configurable at the program level** — confirm these values with your Xoxoday implementation contact so your UI timer and lockout handling match. A failed response means the code has expired, already been used, or the attempt limit has been reached. ## Responses | Path | Type | Description | | -------------------------- | ------- | --------------------------------- | | `results.IsSucessful` | boolean | `true` | | `results.ErrorCode` | string | `000` | | `results.ExceptionMessage` | string | `Success` | | `results.ReturnObject` | boolean | `true` on successful verification | | Path | Type | Description | | -------------------------- | ------- | ---------------------------------------------------- | | `results.IsSucessful` | boolean | `false` | | `results.ErrorCode` | string | Error code from the platform | | `results.ExceptionMessage` | string | Human-readable reason — check this field for details | ## OpenAPI ````yaml POST /lbms-ingress/member/api/Member/VerifyOTP openapi: 3.1.0 info: title: Loyalife LBMS API description: >- REST API for Loyalife's Loyalty Management System. Covers member management, OTP authentication, loyalty transactions, and points redemption. version: 1.0.0 contact: name: Xoxoday Support email: support@xoxoday.com servers: - url: https://loyalife-api.xoxoday.in description: Production security: - bearerAuth: [] paths: /lbms-ingress/member/api/Member/VerifyOTP: post: tags: - OTP summary: Verify OTP description: Validate an OTP sent via Generate OTP (email-based flow). operationId: verifyOtp requestBody: required: true content: application/json: schema: type: object required: - UniquerefID - OTP - DestinationAddress - Destination - OtpType - ProgramId - RelationType properties: UniquerefID: type: string description: The member's email address example: jane.doe@example.com OTP: type: integer description: The OTP entered by the member example: 123456 DestinationAddress: type: string description: IP address of the client device example: 192.168.1.1 Destination: type: string enum: - Web - Mobile example: Web OtpType: $ref: '#/components/schemas/OtpType' enum: - ACTIVATION - LOGIN - FORGOTPWD - CHANGEPASSWORD - RESETPASSWORD - FORGOTUSERNAME - TwoFA - UNBLOCKMEMBER - NONE - CASHBACKCONFIRM - POINTTRANSFERCONFIRM - FAMILYPOOLINGMERGE - FAMILYPOOLINGUNMERGE - AIRREVIEWNCONFIRM - DOMESTICFLIGHTREVIEWNCONFIRM - HOTELREVIEWNCONFIRM - CARREVIEWNCONFIRM - GIFTCARDREVIEWNCONFIRM - PACKAGEREVIEWNCONFIRM - SHOPREVIEWNCONFIRM - SHOPDIGITALREVIEWNCONFIRM - MERCHANTREVIEWNCONFIRM - ISPREVIEWNCONFIRM - INSURANCEREVIEWNCONFIRM description: >- Purpose of the OTP. Must match between Generate and Verify calls. example: LOGIN ProgramId: type: integer example: 19 RelationType: type: integer description: Use `4` for customers example: 4 example: UniquerefID: jane.doe@example.com OTP: 123456 DestinationAddress: 192.168.1.1 Destination: Web OtpType: FORGOTPWD ProgramId: 19 RelationType: 4 responses: '200': description: OTP verified content: application/json: example: results: IsSucessful: true ErrorCode: '000' ExceptionMessage: Success ReturnObject: true '400': description: Invalid or expired OTP content: application/json: schema: $ref: '#/components/schemas/StandardError' example: results: IsSucessful: false ErrorCode: E400 ExceptionMessage: Invalid or expired OTP components: schemas: OtpType: type: string enum: - LOGIN - FORGOTPWD - ACTIVATION - CHANGEPASSWORD - RESETPASSWORD - TwoFA - REGISTRATION - PROFILEUPDATE example: LOGIN StandardError: type: object properties: results: type: object properties: IsSucessful: type: boolean example: false ErrorCode: type: string example: E400 ExceptionMessage: type: string example: Error description securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: >- JWT obtained from Generate Auth Token. Pass as `Authorization: bearer {token}`. ````