> ## Documentation Index
> Fetch the complete documentation index at: https://www.cashfree.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Submit or Resend OTP
> Use this API to submit or resend OTP if you use [Native OTP](https://www.cashfree.com/docs/payments/features/native-otp) for authentication of card payments.
{
const el = e.currentTarget;
el.style.backgroundColor = 'rgba(255, 248, 240, 0.8)';
el.style.transform = 'translateY(-1px)';
}}
onMouseLeave={(e) => {
const el = e.currentTarget;
el.style.backgroundColor = 'rgba(255, 248, 240, 0.4)';
el.style.transform = 'none';
}}
>
Run in Postman: You can also try this API in our Postman Collection.
Refer to the sample responses below:
Submit OTP Success and Transaction Successful – 200 OK
```json theme={"dark"}
{
"action": "SUBMIT_OTP",
"authenticate_status": "SUCCESS",
"cf_payment_id": "3991872901",
"payment_message": "payment successful"
}
```
Submit OTP Success but Invalid OTP – 200 OK
```json theme={"dark"}
{
"action": "SUBMIT_OTP",
"authenticate_status": "FAILED",
"cf_payment_id": "5114916442998",
"payment_message": "otp is invalid"
}
```
Max OTP Submit Limit Exceeded – 400 Bad Request
```json theme={"dark"}
{
"message": "Exceeded retry attempts. Check latest errors and resolution from Merchant Dashboard API logs: https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9",
"code": "request_invalid",
"type": "invalid_request_error"
}
```
Transaction Already Completed – 400 Bad Request
```json theme={"dark"}
{
"message": "Transaction is already processed. Check latest errors and resolution from Merchant Dashboard API logs: https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9",
"code": "request_invalid",
"type": "invalid_request_error"
}
```
Invalid Request – 404 Not Found
```json theme={"dark"}
{
"message": "transaction not found. Check latest errors and resolution from Merchant Dashboard API logs: https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9",
"code": "payment_not_found",
"type": "invalid_request_error"
}
```
Submit OTP Success but Transaction Failed – 502 Bad Gateway
```json theme={"dark"}
{
"message": "transaction failed",
"code": "bank_processing_failure",
"type": "api_error"
}
```
Submit OTP Success but Transaction Pending – 502 Bad Gateway
```json theme={"dark"}
{
"message": "transaction incomplete",
"code": "bank_processing_failure",
"type": "api_error"
}
```
Resend OTP Success – 200 OK
```json theme={"dark"}
{
"action": "RESEND_OTP",
"authenticate_status": "SUCCESS",
"cf_payment_id": "5114916574918",
"payment_message": "otp sent successfully"
}
```
## Error codes
The following table lists the error codes you may encounter when submitting an OTP:
| Code | Description | Type | Status |
| :---------------------- | :------------------------------------------------------------------------- | :---------------------- | :----- |
| `action_missing` | The `action` field is required but was not included in the request. | `invalid_request_error` | 400 |
| `cf_payment_id_missing` | The `cf_payment_id` field is required but was not included in the request. | `invalid_request_error` | 400 |
## OpenAPI
````yaml /openapi/payments/v2025-01-01.yaml post /orders/pay/authenticate/{cf_payment_id}
openapi: 3.0.0
info:
version: '2025-01-01'
title: Cashfree Payment Gateway APIs
license:
name: Apache 2.0
url: https://www.apache.org/licenses/LICENSE-2.0.html
contact:
email: developers@cashfree.com
name: API Support
url: https://discord.com/invite/QdZkNSxXsB
description: >-
Cashfree's Payment Gateway APIs provide developers with a streamlined
pathway to integrate advanced payment processing capabilities into their
applications, platforms and websites.
servers:
- url: https://sandbox.cashfree.com/pg
description: Sandbox server.
- url: https://api.cashfree.com/pg
description: Production server.
security: []
tags:
- name: Orders
description: Collection of APIs to handle orders.
- name: Payments
description: Collection of APIs to handle payments.
- name: Refunds
description: Collection of APIs to handle refunds.
- name: Settlements
description: Collection of APIs to handle settlements.
- name: Payment Links
description: Collection of APIs to handle payment links.
- name: Token Vault
description: >-
Collection of APIs to use Cashfree's token Vault. This helps you save
cards and tokenize them in a PCI complaint manner. We support creation of
network tokens which can be used across acquiring banks.
- name: softPOS
description: Collection of APIs to manage softPOS' agent and order.
- name: Offers
description: Collection of APIs to handle offers.
- name: Eligibility
description: >-
Collection of APIs to check eligibile entities - payment methods, offer,
affordibility.
- name: Settlement Reconciliation
description: Collection of APIs to handle settlements.
- name: PG Reconciliation
description: Collection of APIs to handle reconciliation.
- name: Customers
description: Collection of APIs to handle customers.
- name: Easy-Split
description: Collection of APIs to handle Easy-Split.
- name: Simulation
description: Collection of APIs to handle simulation.
- name: Disputes
description: Collection of APIs to handle disputes.
- name: Utilities
description: Collection of APIs for utility requirement.
- name: Downtimes
description: Collection of APIs for managing downtimes.
externalDocs:
url: https://api.cashfree.com/pg
description: This url will have the information of all the APIs.
paths:
/orders/pay/authenticate/{cf_payment_id}:
post:
tags:
- Payments
summary: Submit or Resend OTP
description: >-
Use this API to submit or resend OTP if you use [Native
OTP](https://www.cashfree.com/docs/payments/features/native-otp) for
authentication of card payments.
operationId: PGOrderAuthenticatePayment
parameters:
- $ref: '#/components/parameters/apiVersionHeader'
- $ref: '#/components/parameters/xRequestIDHeader'
- $ref: '#/components/parameters/cfPaymentIDParam'
- $ref: '#/components/parameters/xIdempotencyKeyHeader'
requestBody:
$ref: '#/components/requestBodies/OrderAuthenticatePaymentRequest'
responses:
'200':
description: >-
Success response for submitting or resend OTP if you use [Native
OTP](https://www.cashfree.com/docs/payments/features/native-otp) for
authentication of card payments.
content:
application/json:
schema:
$ref: '#/components/schemas/OrderAuthenticateEntity'
examples:
submit_otp:
value:
action: SUBMIT_OTP
authenticate_status: SUCCESS
cf_payment_id: '3991872901'
payment_message: payment successful
resend_otp:
value:
action: RESEND_OTP
authenticate_status: SUCCESS
cf_payment_id: '5114916442998'
payment_message: otp sent successfully
headers:
x-api-version:
$ref: '#/components/headers/x-api-version'
x-ratelimit-limit:
$ref: '#/components/headers/x-ratelimit-limit'
x-ratelimit-remaining:
$ref: '#/components/headers/x-ratelimit-remaining'
x-ratelimit-retry:
$ref: '#/components/headers/x-ratelimit-retry'
x-ratelimit-type:
$ref: '#/components/headers/x-ratelimit-type'
x-request-id:
$ref: '#/components/headers/x-request-id'
x-idempotency-key:
$ref: '#/components/headers/x-idempotency-key'
x-idempotency-replayed:
$ref: '#/components/headers/x-idempotency-replayed'
'400':
$ref: '#/components/responses/Response400'
'401':
$ref: '#/components/responses/Response401'
'404':
$ref: '#/components/responses/Response404'
'409':
$ref: '#/components/responses/Response409'
'422':
$ref: '#/components/responses/Response422'
'429':
$ref: '#/components/responses/Response429'
'500':
$ref: '#/components/responses/Response500'
'502':
$ref: '#/components/responses/Response502'
deprecated: false
security: []
components:
parameters:
apiVersionHeader:
in: header
name: x-api-version
required: true
description: API version to be used. Format is in YYYY-MM-DD.
schema:
type: string
description: API version to be used.
default: '2025-01-01'
example: '2025-01-01'
x-ignore: true
xRequestIDHeader:
in: header
name: x-request-id
description: >-
Request ID for the API call. Can be used to resolve tech issues.
Communicate this in your tech related queries to Cashfree.
required: false
schema:
type: string
example: 4dfb9780-46fe-11ee-be56-0242ac120002
cfPaymentIDParam:
name: cf_payment_id
in: path
required: true
description: The Cashfree payment or transaction ID.
schema:
type: string
example: '121224562'
xIdempotencyKeyHeader:
in: header
name: x-idempotency-key
required: false
description: >
An idempotency key is a unique identifier you include with your API
call.
If the request fails or times out, you can safely retry it using the
same key to avoid duplicate actions.
schema:
type: string
format: UUID
example: 47bf8872-46fe-11ee-be56-0242ac120002
requestBodies:
OrderAuthenticatePaymentRequest:
description: >-
Request parameters to submit or resend OTP if you use [Native
OTP](https://www.cashfree.com/docs/payments/features/native-otp) for
authentication of card payments.
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/OrderAuthenticatePaymentRequest'
examples:
submit_otp:
$ref: '#/components/examples/submit_otp'
resend_otp:
$ref: '#/components/examples/resend_otp'
schemas:
OrderAuthenticateEntity:
title: OrderAuthenticateEntity
description: Success response for submitting or resending OTP.
example:
action: SUBMIT_OTP
authenticate_status: SUCCESS
cf_payment_id: '3991872901'
payment_message: payment successful
properties:
cf_payment_id:
type: string
description: Cashfree payment ID for which this request was sent.
action:
type: string
enum:
- SUBMIT_OTP
- RESEND_OTP
description: The action that was requested.
authenticate_status:
type: string
enum:
- FAILED
- SUCCESS
description: >-
Status of this action - will be either success or failed. If the
action is success, you should still call [payment status
API](https://www.cashfree.com/docs/api-reference/payments/latest/payments/get)
to verify the final payment status.
payment_message:
type: string
description: Human readable message which describes the status in more detail.
OrderAuthenticatePaymentRequest:
title: OrderAuthenticatePaymentRequest
type: object
required:
- action
properties:
otp:
type: string
description: >-
OTP collected from the customer. Mandatory only when action is
SUBMIT_OTP.
action:
type: string
enum:
- SUBMIT_OTP
- RESEND_OTP
description: Action intended for this request - can be SUBMIT_OTP or RESEND_OTP.
example:
otp: '111000'
action: SUBMIT_OTP
BadRequestError:
title: BadRequestError
description: Invalid request received from client.
example:
message: bad URL, please check API documentation
help: >-
Check latest errors and resolution from Merchant Dashboard API logs:
https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9
code: request_failed
type: invalid_request_error
type: object
properties:
message:
type: string
code:
type: string
help:
type: string
type:
type: string
enum:
- invalid_request_error
AuthenticationError:
title: AuthenticationError
description: Error if api keys are wrong.
example:
message: authentication Failed
code: request_failed
type: authentication_error
type: object
properties:
message:
type: string
code:
type: string
type:
type: string
description: authentication_error.
ApiError404:
title: ApiError404
description: Error when resource requested is not found.
example:
message: something is not found
help: >-
Check latest errors and resolution from Merchant Dashboard API logs:
https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9
code: something_not_found
type: invalid_request_error
type: object
properties:
message:
type: string
code:
type: string
help:
type: string
type:
type: string
enum:
- invalid_request_error
description: invalid_request_error.
ApiError409:
title: ApiError409
description: duplicate request.
example:
message: order with same id is already present
help: >-
Check latest errors and resolution from Merchant Dashboard API logs:
https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9
code: order_already_exists
type: invalid_request_error
type: object
properties:
message:
type: string
help:
type: string
code:
type: string
type:
type: string
enum:
- invalid_request_error
description: invalid_request_error.
IdempotencyError:
title: IdempotencyError
description: >-
Error when idempotency fails. Different request body with the same
idempotent key.
example:
message: something is not found
help: >-
Check latest errors and resolution from Merchant Dashboard API logs:
https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9
code: request_invalid
type: idempotency_error
type: object
properties:
message:
type: string
help:
type: string
code:
type: string
type:
type: string
enum:
- idempotency_error
description: idempotency_error.
RateLimitError:
title: RateLimitError
description: Error when rate limit is breached for your api.
example:
message: Too many requests from IP. Check headers
code: request_failed
type: rate_limit_error
type: object
properties:
message:
type: string
code:
type: string
type:
type: string
enum:
- rate_limit_error
description: rate_limit_error.
ApiError:
title: ApiError
description: Error at Cashfree's server.
example:
message: internal Server Error
help: >-
Check latest errors and resolution from Merchant Dashboard API logs:
https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9
code: internal_error
type: api_error
type: object
properties:
message:
type: string
code:
type: string
help:
type: string
type:
type: string
enum:
- api_error
description: api_error.
ApiError502:
title: ApiError502
description: Error when there is error at partner bank.
example:
message: something is not found
help: >-
Check latest errors and resolution from Merchant Dashboard API logs:
https://bit.ly/4glEd0W Help Document: https://bit.ly/4eeZYO9
code: bank_processing_failure
type: api_error
type: object
properties:
message:
type: string
help:
type: string
code:
type: string
description: >
`bank_processing_failure` will be returned here to denote failure at
bank.
type:
type: string
enum:
- api_error
description: api_error.
headers:
x-api-version:
schema:
type: string
format: YYYY-MM-DD
enum:
- '2025-01-01'
description: >-
This header has the version of the API. The current version is
`2025-01-01`.
x-ratelimit-limit:
schema:
type: integer
example: 200
description: Ratelimit set for your account for this API per minute.
x-ratelimit-remaining:
schema:
type: integer
example: 2
description: >-
Rate limit remaning for your account for this API in the next minute.
Uses sliding window.
x-ratelimit-retry:
schema:
type: integer
example: 4
description: |
Contains number of seconds to wait if rate limit is breached
- Is 0 if withing the limit
- Is between 1 and 59 if breached
x-ratelimit-type:
schema:
type: string
enum:
- app_id
- ip
example: ip
description: >
either ip or app_id
- `ip` if making a call from the browser. True for api where you don't
need `x-client-id` and `x-client-secret`
- `app_id` for authenticated api calls i.e using `x-client-id` and
`x-client-secret`
x-request-id:
schema:
type: string
example: some-req-id
description: >-
Request id for your api call. Is blank or null if no `x-request-id` is
sent during the request.
x-idempotency-key:
schema:
type: string
example: some-idem-id
description: >-
An idempotency key is a unique identifier you include with your API
call. If the request fails or times out, you can safely retry it using
the same key to avoid duplicate actions.
x-idempotency-replayed:
schema:
type: string
format: boolean
example: 'true'
description: |-
In conjunction with `x-idempotency-key` this means
- `true` if the response was replayed
- `false` if the response has not been replayed.
responses:
Response400:
description: Bad request error.
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestError'
headers:
x-api-version:
$ref: '#/components/headers/x-api-version'
x-ratelimit-limit:
$ref: '#/components/headers/x-ratelimit-limit'
x-ratelimit-remaining:
$ref: '#/components/headers/x-ratelimit-remaining'
x-ratelimit-retry:
$ref: '#/components/headers/x-ratelimit-retry'
x-ratelimit-type:
$ref: '#/components/headers/x-ratelimit-type'
x-request-id:
$ref: '#/components/headers/x-request-id'
x-idempotency-key:
$ref: '#/components/headers/x-idempotency-key'
x-idempotency-replayed:
$ref: '#/components/headers/x-idempotency-replayed'
Response401:
description: Authentication Error.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthenticationError'
headers:
x-api-version:
$ref: '#/components/headers/x-api-version'
x-ratelimit-limit:
$ref: '#/components/headers/x-ratelimit-limit'
x-ratelimit-remaining:
$ref: '#/components/headers/x-ratelimit-remaining'
x-ratelimit-retry:
$ref: '#/components/headers/x-ratelimit-retry'
x-ratelimit-type:
$ref: '#/components/headers/x-ratelimit-type'
x-request-id:
$ref: '#/components/headers/x-request-id'
x-idempotency-key:
$ref: '#/components/headers/x-idempotency-key'
x-idempotency-replayed:
$ref: '#/components/headers/x-idempotency-replayed'
Response404:
description: Resource Not found.
content:
application/json:
schema:
$ref: '#/components/schemas/ApiError404'
headers:
x-api-version:
$ref: '#/components/headers/x-api-version'
x-ratelimit-limit:
$ref: '#/components/headers/x-ratelimit-limit'
x-ratelimit-remaining:
$ref: '#/components/headers/x-ratelimit-remaining'
x-ratelimit-retry:
$ref: '#/components/headers/x-ratelimit-retry'
x-ratelimit-type:
$ref: '#/components/headers/x-ratelimit-type'
x-request-id:
$ref: '#/components/headers/x-request-id'
x-idempotency-key:
$ref: '#/components/headers/x-idempotency-key'
x-idempotency-replayed:
$ref: '#/components/headers/x-idempotency-replayed'
Response409:
description: Resource already present.
content:
application/json:
schema:
$ref: '#/components/schemas/ApiError409'
headers:
x-api-version:
$ref: '#/components/headers/x-api-version'
x-ratelimit-limit:
$ref: '#/components/headers/x-ratelimit-limit'
x-ratelimit-remaining:
$ref: '#/components/headers/x-ratelimit-remaining'
x-ratelimit-retry:
$ref: '#/components/headers/x-ratelimit-retry'
x-ratelimit-type:
$ref: '#/components/headers/x-ratelimit-type'
x-request-id:
$ref: '#/components/headers/x-request-id'
x-idempotency-key:
$ref: '#/components/headers/x-idempotency-key'
x-idempotency-replayed:
$ref: '#/components/headers/x-idempotency-replayed'
Response422:
description: Idempotency error.
content:
application/json:
schema:
$ref: '#/components/schemas/IdempotencyError'
headers:
x-api-version:
$ref: '#/components/headers/x-api-version'
x-ratelimit-limit:
$ref: '#/components/headers/x-ratelimit-limit'
x-ratelimit-remaining:
$ref: '#/components/headers/x-ratelimit-remaining'
x-ratelimit-retry:
$ref: '#/components/headers/x-ratelimit-retry'
x-ratelimit-type:
$ref: '#/components/headers/x-ratelimit-type'
x-request-id:
$ref: '#/components/headers/x-request-id'
x-idempotency-key:
$ref: '#/components/headers/x-idempotency-key'
x-idempotency-replayed:
$ref: '#/components/headers/x-idempotency-replayed'
Response429:
description: Rate Limit Error.
content:
application/json:
schema:
$ref: '#/components/schemas/RateLimitError'
headers:
x-api-version:
$ref: '#/components/headers/x-api-version'
x-ratelimit-limit:
$ref: '#/components/headers/x-ratelimit-limit'
x-ratelimit-remaining:
$ref: '#/components/headers/x-ratelimit-remaining'
x-ratelimit-retry:
$ref: '#/components/headers/x-ratelimit-retry'
x-ratelimit-type:
$ref: '#/components/headers/x-ratelimit-type'
x-request-id:
$ref: '#/components/headers/x-request-id'
x-idempotency-key:
$ref: '#/components/headers/x-idempotency-key'
x-idempotency-replayed:
$ref: '#/components/headers/x-idempotency-replayed'
Response500:
description: API related Error.
content:
application/json:
schema:
$ref: '#/components/schemas/ApiError'
headers:
x-api-version:
$ref: '#/components/headers/x-api-version'
x-ratelimit-limit:
$ref: '#/components/headers/x-ratelimit-limit'
x-ratelimit-remaining:
$ref: '#/components/headers/x-ratelimit-remaining'
x-ratelimit-retry:
$ref: '#/components/headers/x-ratelimit-retry'
x-ratelimit-type:
$ref: '#/components/headers/x-ratelimit-type'
x-request-id:
$ref: '#/components/headers/x-request-id'
x-idempotency-key:
$ref: '#/components/headers/x-idempotency-key'
x-idempotency-replayed:
$ref: '#/components/headers/x-idempotency-replayed'
Response502:
description: Bank related Error.
content:
application/json:
schema:
$ref: '#/components/schemas/ApiError502'
headers:
x-api-version:
$ref: '#/components/headers/x-api-version'
x-ratelimit-limit:
$ref: '#/components/headers/x-ratelimit-limit'
x-ratelimit-remaining:
$ref: '#/components/headers/x-ratelimit-remaining'
x-ratelimit-retry:
$ref: '#/components/headers/x-ratelimit-retry'
x-ratelimit-type:
$ref: '#/components/headers/x-ratelimit-type'
x-request-id:
$ref: '#/components/headers/x-request-id'
x-idempotency-key:
$ref: '#/components/headers/x-idempotency-key'
x-idempotency-replayed:
$ref: '#/components/headers/x-idempotency-replayed'
examples:
submit_otp:
summary: Submit OTP for Native OTP flow
description: Submit OTP for Native OTP flow.
value:
action: SUBMIT_OTP
otp: 111000
resend_otp:
summary: Resend OTP for Native OTP flow
description: Resend OTP for Native OTP flow.
value:
action: RESEND_OTP
````