> ## Documentation Index > Fetch the complete documentation index at: https://www.cashfree.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Submit or Resend OTP > If you accept OTP on your own page, you can use the below API to send OTP to Cashfree. ## OpenAPI ````yaml /openapi/payments/v2023-08-01.yaml post /orders/pay/authenticate/{cf_payment_id} openapi: 3.0.0 info: version: '2023-08-01' title: Cashfree Payment Gateway APIs license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html contact: email: developers@cashfree.com name: API Support url: https://discord.com/invite/QdZkNSxXsB description: >- Cashfree's Payment Gateway APIs provide developers with a streamlined pathway to integrate advanced payment processing capabilities into their applications, platforms and websites. servers: - url: https://sandbox.cashfree.com/pg description: Sandbox server - url: https://api.cashfree.com/pg description: Production server security: [] tags: - name: Orders description: Collection of APIs to handle orders. - name: Payments description: Collection of APIs to handle payments. - name: Refunds description: Collection of APIs to handle refunds. - name: Settlements description: Collection of APIs to handle settlements. - name: Payment Links description: Collection of APIs to handle payment links. - name: Token Vault description: >- Collection of APIs to use Cashfree's token Vault. This helps you save cards and tokenize them in a PCI complaint manner. We support creation of network tokens which can be used across acquiring banks - name: softPOS description: Collection of APIs to manage softPOS' agent and order - name: Offers description: Collection of APIs to handle offers - name: Eligibility description: >- Collection of APIs to check eligibile entities - payment methods, offer, affordibility - name: Settlement Reconciliation description: Collection of APIs to handle settlements - name: PG Reconciliation description: Collection of APIs to handle reconciliation - name: Customers description: Collection of APIs to handle customers. - name: Easy-Split description: Collection of APIs to handle Easy-Split. - name: Simulation description: Collection of APIs to handle simulation. - name: Disputes description: Collection of APIs to handle disputes. externalDocs: url: https://api.cashfree.com/pg description: This url will have the information of all the APIs. paths: /orders/pay/authenticate/{cf_payment_id}: post: tags: - Payments summary: Submit or Resend OTP description: >- If you accept OTP on your own page, you can use the below API to send OTP to Cashfree. operationId: PGOrderAuthenticatePayment parameters: - $ref: '#/components/parameters/apiVersionHeader' - $ref: '#/components/parameters/xRequestIDHeader' - $ref: '#/components/parameters/cfPaymentIDParam' - $ref: '#/components/parameters/xIdempotencyKeyHeader' requestBody: $ref: '#/components/requestBodies/OrderAuthenticatePaymentRequest' responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/OrderAuthenticateEntity' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' '400': $ref: '#/components/responses/Response400' '401': $ref: '#/components/responses/Response401' '404': $ref: '#/components/responses/Response404' '409': $ref: '#/components/responses/Response409' '422': $ref: '#/components/responses/Response422' '429': $ref: '#/components/responses/Response429' '500': $ref: '#/components/responses/Response500' '502': $ref: '#/components/responses/Response502' deprecated: false security: [] components: parameters: apiVersionHeader: in: header name: x-api-version required: true description: API version to be used. Format is in YYYY-MM-DD schema: type: string description: API version to be used default: '2023-08-01' example: '2023-08-01' xRequestIDHeader: in: header name: x-request-id description: >- Request id for the API call. Can be used to resolve tech issues. Communicate this in your tech related queries to cashfree required: false schema: type: string example: 4dfb9780-46fe-11ee-be56-0242ac120002 cfPaymentIDParam: name: cf_payment_id in: path required: true description: The Cashfree payment or transaction ID. schema: type: string example: '121224562' xIdempotencyKeyHeader: in: header name: x-idempotency-key required: false description: > An idempotency key is a unique identifier you include with your API call. If the request fails or times out, you can safely retry it using the same key to avoid duplicate actions. schema: type: string format: UUID example: 47bf8872-46fe-11ee-be56-0242ac120002 requestBodies: OrderAuthenticatePaymentRequest: description: >- Request body to submit/resend headless OTP. To use this API make sure you have headless OTP enabled for your account required: true content: application/json: schema: $ref: '#/components/schemas/OrderAuthenticatePaymentRequest' schemas: OrderAuthenticateEntity: title: OrderAuthenticateEntity description: >- This is the response shared when merchant inovkes the OTP submit or resend API example: cf_payment_id: '975654863' authenticate_status: FAILED action: SUBMIT_OTP payment_message: otp is invalid properties: cf_payment_id: type: string description: The payment id for which this request was sent action: type: string enum: - SUBMIT_OTP - RESEND_OTP description: The action that was invoked for this request. authenticate_status: type: string enum: - FAILED - SUCCESS description: >- Status of the is action. Will be either failed or successful. If the action is successful, you should still call the authorization status to verify the final payment status. payment_message: type: string description: Human readable message which describes the status in more detail OrderAuthenticatePaymentRequest: title: OrderAuthenticatePaymentRequest description: OTP to be submitted for headless/native OTP type: object required: - otp - action properties: otp: type: string description: OTP to be submitted action: type: string enum: - SUBMIT_OTP - RESEND_OTP description: >- The action for this workflow. Could be either SUBMIT_OTP or RESEND_OTP example: otp: '111000' action: SUBMIT_OTP BadRequestError: title: BadRequestError description: Invalid request received from client example: message: bad URL, please check API documentation code: request_failed type: invalid_request_error type: object properties: message: type: string code: type: string type: type: string enum: - invalid_request_error AuthenticationError: title: AuthenticationError description: Error if api keys are wrong example: message: authentication Failed code: request_failed type: authentication_error type: object properties: message: type: string code: type: string type: type: string description: authentication_error ApiError404: title: ApiError404 description: Error when resource requested is not found example: message: something is not found code: somethind_not_found type: invalid_request_error type: object properties: message: type: string code: type: string type: type: string enum: - invalid_request_error description: invalid_request_error ApiError409: title: ApiError409 description: duplicate request example: message: order with same id is already present code: order_already_exists type: invalid_request_error type: object properties: message: type: string code: type: string type: type: string enum: - invalid_request_error description: invalid_request_error IdempotencyError: title: IdempotencyError description: >- Error when idempotency fails. Different request body with the same idempotent key example: message: something is not found code: request_invalid type: idempotency_error type: object properties: message: type: string code: type: string type: type: string enum: - idempotency_error description: idempotency_error RateLimitError: title: RateLimitError description: Error when rate limit is breached for your api example: message: Too many requests from IP. Check headers code: request_failed type: rate_limit_error type: object properties: message: type: string code: type: string type: type: string enum: - rate_limit_error description: rate_limit_error ApiError: title: ApiError description: Error at cashfree's server example: message: internal Server Error code: internal_error type: api_error type: object properties: message: type: string code: type: string type: type: string enum: - api_error description: api_error ApiError502: title: ApiError502 description: Error when there is error at partner bank example: message: something is not found code: bank_processing_failure type: api_error type: object properties: message: type: string code: type: string description: > `bank_processing_failure` will be returned here to denote failure at bank. type: type: string enum: - api_error description: api_error headers: x-api-version: schema: type: string format: YYYY-MM-DD enum: - '2022-09-01' description: >- This header has the version of the API. The current version is `2022-09-01`. x-ratelimit-limit: schema: type: integer example: 200 description: Ratelimit set for your account for this API per minute x-ratelimit-remaining: schema: type: integer example: 2 description: >- Rate limit remaning for your account for this API in the next minute. Uses sliding window x-ratelimit-retry: schema: type: integer example: 4 description: | Contains number of seconds to wait if rate limit is breached - Is 0 if withing the limit - Is between 1 and 59 if breached x-ratelimit-type: schema: type: string enum: - app_id - ip example: ip description: > either ip or app_id - `ip` if making a call from the browser. True for api where you don't need `x-client-id` and `x-client-secret` - `app_id` for authenticated api calls i.e using `x-client-id` and `x-client-secret` x-request-id: schema: type: string example: some-req-id description: >- Request id for your api call. Is blank or null if no `x-request-id` is sent during the request x-idempotency-key: schema: type: string example: some-idem-id description: >- An idempotency key is a unique identifier you include with your API call. If the request fails or times out, you can safely retry it using the same key to avoid duplicate actions. x-idempotency-replayed: schema: type: string format: boolean example: 'true' description: |- In conjunction with `x-idempotency-key` this means - `true` if the response was replayed - `false` if the response has not been replayed responses: Response400: description: Bad request error content: application/json: schema: $ref: '#/components/schemas/BadRequestError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response401: description: Authentication Error content: application/json: schema: $ref: '#/components/schemas/AuthenticationError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response404: description: Resource Not found content: application/json: schema: $ref: '#/components/schemas/ApiError404' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response409: description: Resource already present content: application/json: schema: $ref: '#/components/schemas/ApiError409' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response422: description: Idempotency error content: application/json: schema: $ref: '#/components/schemas/IdempotencyError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response429: description: Rate Limit Error content: application/json: schema: $ref: '#/components/schemas/RateLimitError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response500: description: API related Error content: application/json: schema: $ref: '#/components/schemas/ApiError' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' Response502: description: Bank related Error content: application/json: schema: $ref: '#/components/schemas/ApiError502' headers: x-api-version: $ref: '#/components/headers/x-api-version' x-ratelimit-limit: $ref: '#/components/headers/x-ratelimit-limit' x-ratelimit-remaining: $ref: '#/components/headers/x-ratelimit-remaining' x-ratelimit-retry: $ref: '#/components/headers/x-ratelimit-retry' x-ratelimit-type: $ref: '#/components/headers/x-ratelimit-type' x-request-id: $ref: '#/components/headers/x-request-id' x-idempotency-key: $ref: '#/components/headers/x-idempotency-key' x-idempotency-replayed: $ref: '#/components/headers/x-idempotency-replayed' ````