Where can I see the status of a PIN code/OTP?
Once an OTP reaches a final state (verified, expired or failed after too many attempts), the API always returns HTTP response code “410 Gone” with the final state of this OTP, independent of the OTP code that is provided.
Final states include:
- A successful authentication, which will return “202 Accepted” as HTTP response code for the first successful verification for this otpID
- “403 Forbidden,” which will return once all of the allowed attempts are reached to verify the code and were all unsuccessful (three by default) or the OTP code has expired (after five minutes, by default)
After the final state, the status will always return “410 Gone” as HTTP response code with the final state provided in the response body on the “otpStatus” field and will not check the otpCode provided.
OTP status values:
- “ACTIVE” – The OTP is still active
- “VERIFIED” – The OTP was verified successfully
- “EXPIRED” – The OTP expired
- “TOO_MANY_ATTEMPTS” – The OTP validation requests exceeded the maximum allowed by the application configuration
Check tyntec’s 2FA API for more details here.