> ## Documentation Index > Fetch the complete documentation index at: https://www.cashfree.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Submit or Resend OTP > If you accept OTP on your own page, you can use the below API to send OTP to Cashfree. ## OpenAPI ````yaml /openapi/payments/v2022-09-01.yaml post /orders/pay/authenticate/{cf_payment_id} openapi: 3.0.0 info: version: '2022-09-01' title: Cashfree Payment Gateway APIs license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html contact: email: developers@cashfree.com name: API Support url: https://discord.com/invite/QdZkNSxXsB description: >- Cashfree's Payment Gateway APIs provide developers with a streamlined pathway to integrate advanced payment processing capabilities into their applications, platforms and websites. servers: - url: https://sandbox.cashfree.com/pg description: Sandbox server - url: https://api.cashfree.com/pg description: Production server security: [] tags: - name: Orders description: Collection of APIs to handle orders. - name: Payments description: Collection of APIs to handle payments. - name: Refunds description: Collection of APIs to handle refunds. - name: Settlements description: Collection of APIs to handle settlements. - name: Payment Links description: Collection of APIs to handle payment links. - name: Token Vault description: >- Collection of APIs to use Cashfree's token Vault. This helps you save cards and tokenize them in a PCI complaint manner. We support creation of network tokens which can be used across acquiring banks - name: softPOS description: Collection of APIs to manage softPOS' agent and order - name: Offers description: Collection of APIs to handle offers - name: Eligibility description: >- Collection of APIs to check eligibile entities - payment methods, offer, affordibility - name: Settlement Reconciliation description: Collection of APIs to handle settlements - name: PG Reconciliation description: Collection of APIs to handle reconciliation paths: /orders/pay/authenticate/{cf_payment_id}: post: tags: - Payments summary: Submit or Resend OTP description: >- If you accept OTP on your own page, you can use the below API to send OTP to Cashfree. operationId: PGOrderAuthenticatePayment parameters: - $ref: '#/components/parameters/apiVersionHeader' - $ref: '#/components/parameters/xRequestIDHeader' - $ref: '#/components/parameters/cfPaymentIDParam' - $ref: '#/components/parameters/xIdempotencyKeyHeader' requestBody: $ref: '#/components/requestBodies/OrderAuthenticatePaymentRequest' responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/OrderAuthenticateEntity' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' '400': $ref: '#/components/responses/Response400' '401': $ref: '#/components/responses/Response401' '404': $ref: '#/components/responses/Response404' '409': $ref: '#/components/responses/Response409' '422': $ref: '#/components/responses/Response422' '429': $ref: '#/components/responses/Response429' '500': $ref: '#/components/responses/Response500' '502': $ref: '#/components/responses/Response502' deprecated: false security: [] components: parameters: apiVersionHeader: in: header name: x-api-version required: true description: API version to be used. Format is in YYYY-MM-DD schema: type: string description: API version to be used default: '2022-09-01' example: '2022-09-01' xRequestIDHeader: in: header name: x-request-id description: >- Request id for the API call. Can be used to resolve tech issues. Communicate this in your tech related queries to cashfree required: false schema: type: string example: 4dfb9780-46fe-11ee-be56-0242ac120002 cfPaymentIDParam: name: cf_payment_id in: path required: true description: The Cashfree payment or transaction ID. schema: type: string example: '121224562' xIdempotencyKeyHeader: in: header name: x-idempotency-key required: false description: > Idempotency works by saving the resulting status code and body of the first request made for any given idempotency key, regardless of whether it succeeded or failed. Subsequent requests with the same key return the same result, including 500 errors. Currently supported on all POST calls that uses x-client-id & x-client-secret. To use enable, pass x-idempotency-key in the request header. The value of this header must be unique to each operation you are trying to do. One example can be to use the same order_id that you pass while creating orders schema: type: string format: UUID example: 47bf8872-46fe-11ee-be56-0242ac120002 requestBodies: OrderAuthenticatePaymentRequest: description: >- Request body to submit/resend headless OTP. To use this API make sure you have headless OTP enabled for your account required: true content: application/json: schema: $ref: '#/components/schemas/OrderAuthenticatePaymentRequest' schemas: OrderAuthenticateEntity: title: OrderAuthenticateEntity description: >- This is the response shared when merchant inovkes the OTP submit or resend API example: cf_payment_id: 975654863 authenticate_status: FAILED action: SUBMIT_OTP payment_message: otp is invalid properties: cf_payment_id: type: number format: int64 description: The payment id for which this request was sent action: type: string enum: - SUBMIT_OTP - RESEND_OTP description: The action that was invoked for this request. authenticate_status: type: string enum: - FAILED - SUCCESS description: >- Status of the is action. Will be either failed or successful. If the action is successful, you should still call the authorization status to verify the final payment status. payment_message: type: string description: Human readable message which describes the status in more detail OrderAuthenticatePaymentRequest: title: OrderAuthenticatePaymentRequest description: OTP to be submitted for headless/native OTP type: object required: - otp - action properties: otp: type: string description: OTP to be submitted action: type: string enum: - SUBMIT_OTP - RESEND_OTP description: >- The action for this workflow. Could be either SUBMIT_OTP or RESEND_OTP example: otp: '111000' action: SUBMIT_OTP BadRequestError: title: BadRequestError description: Invalid request received from client example: message: bad URL, please check API documentation code: request_failed type: invalid_request_error type: object properties: message: type: string code: type: string type: type: string enum: - invalid_request_error AuthenticationError: title: AuthenticationError description: Error if api keys are wrong example: message: authentication Failed code: request_failed type: authentication_error type: object properties: message: type: string code: type: string type: type: string description: authentication_error ApiError404: title: ApiError404 description: Error when resource requested is not found example: message: something is not found code: somethind_not_found type: invalid_request_error type: object properties: message: type: string code: type: string type: type: string enum: - invalid_request_error description: invalid_request_error ApiError409: title: ApiError409 description: duplicate request example: message: order with same id is already present code: order_already_exists type: invalid_request_error type: object properties: message: type: string code: type: string type: type: string enum: - invalid_request_error description: invalid_request_error IdempotencyError: title: IdempotencyError description: >- Error when idempotency fails. Different request body with the same idempotent key example: message: something is not found code: request_invalid type: idempotency_error type: object properties: message: type: string code: type: string type: type: string enum: - idempotency_error description: idempotency_error RateLimitError: title: RateLimitError description: Error when rate limit is breached for your api example: message: Too many requests from IP. Check headers code: request_failed type: rate_limit_error type: object properties: message: type: string code: type: string type: type: string enum: - rate_limit_error description: rate_limit_error ApiError: title: ApiError description: Error at cashfree's server example: message: internal Server Error code: internal_error type: api_error type: object properties: message: type: string code: type: string type: type: string enum: - api_error description: api_error ApiError502: title: ApiError502 description: Error when there is error at partner bank example: message: something is not found code: bank_processing_failure type: api_error type: object properties: message: type: string code: type: string description: > `bank_processing_failure` will be returned here to denote failure at bank. type: type: string enum: - api_error description: api_error headers: x-api-version: schema: type: string format: YYYY-MM-DD enum: - '2022-09-01' description: >- This header has the version of the API. The current version is `2022-09-01`. x-ratelimit-limit: schema: type: integer example: 200 description: Ratelimit set for your account for this API per minute x-ratelimit-remaining: schema: type: integer example: 2 description: >- Rate limit remaning for your account for this API in the next minute. Uses sliding window x-ratelimit-retry: schema: type: integer example: 4 description: | Contains number of seconds to wait if rate limit is breached - Is 0 if withing the limit - Is between 1 and 59 if breached x-ratelimit-type: schema: type: string enum: - app_id - ip example: ip description: > either ip or app_id - `ip` if making a call from the browser. True for api where you don't need `x-client-id` and `x-client-secret` - `app_id` for authenticated api calls i.e using `x-client-id` and `x-client-secret` x-request-id: schema: type: string example: some-req-id description: >- Request id for your api call. Is blank or null if no `x-request-id` is sent during the request x-idempotency-key: schema: type: string example: some-idem-id description: Idempotency key used during the request. Applicable for POST only x-idempotency-replayed: schema: type: string format: boolean example: 'true' description: |- In conjunction with `x-idempotency-key` this means - `true` if the response was replayed - `false` if the response has not been replayed responses: Response400: description: Bad request error content: application/json: schema: $ref: '#/components/schemas/BadRequestError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response401: description: Authentication Error content: application/json: schema: $ref: '#/components/schemas/AuthenticationError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response404: description: Resource Not found content: application/json: schema: $ref: '#/components/schemas/ApiError404' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response409: description: Resource already present content: application/json: schema: $ref: '#/components/schemas/ApiError409' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response422: description: Idempotency error content: application/json: schema: $ref: '#/components/schemas/IdempotencyError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response429: description: Rate Limit Error content: application/json: schema: $ref: '#/components/schemas/RateLimitError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response500: description: API related Error content: application/json: schema: $ref: '#/components/schemas/ApiError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response502: description: Bank related Error content: application/json: schema: $ref: '#/components/schemas/ApiError502' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' ````