pilot Step 2: Validate the one-time password code {#tms-net-tkn-card-stepup-otp-step2} ================================================================================ This section describes how to validate one-time passwords (OTPs) and issuer authentication codes. When the cardholder receives their OTP by means of their selected method (SMS, email, or online banking) or an issuer authentication code from their banking application, you can verify the OTP or issuer authentication code by including it in the endpoint here. Endpoint -------- **Test:** `POST ``https://apitest.cybersource.com``/tms/v2/tokenized-cards/`*{tokenId}*`/authentication-options/validate` **Production:** `POST ``https://api.cybersource.com``/tms/v2/tokenized-cards/`*{tokenId}*`/authentication-options/validate` **Production in India:** `POST ``https://api.in.cybersource.com``/tms/v2/tokenized-cards/`*{tokenId}*`/authentication-options/validate` **Production in Saudi Arabia:** `POST ``https://api.sa.cybersource.com``/tms/v2/tokenized-cards/`*{tokenId}*`/authentication-options/validate`{#tms-net-tkn-card-stepup-otp-step2_d21e76} **Test in Saudi Arabia:** `POST ``https://apitest.sa.cybersource.com``/tms/v2/tokenized-cards/`*{tokenId}*`/authentication-options/validate`{#tms-net-tkn-card-stepup-otp-step2_d21e87} The *`{tokenId}`* is the identifier of the tokenized card. > IMPORTANT > If you receive an error when you validate the OTP, you must get a new OTP from the issuer. See [Step 1: Issuer sends a one-time password code](/docs/cybs/en-us/tms/developer/all/rest/tms/tms-passkey-intro/tms-net-tkn-card-stepup/tms-net-tkn-card-stepup-otp/tms-net-tkn-card-stepup-otp-step1.md ""). Required Fields for Validating an OTP or Issuer Authentication Code {#tms-net-tkn-card-stepup-otp-step2-reqfields} ================================================================================================================== [clientCorrelationId](https://developer.cybersource.com/docs/cybs/en-us/api-fields/reference/all/rest/api-fields/client-correlation-id.md "") : Set to the client reference ID. [issuerAuthCode](https://developer.cybersource.com/docs/cybs/en-us/api-fields/reference/all/rest/api-fields/issuer-auth-code.md "") : Required when otp is not included in the request. [otp](https://developer.cybersource.com/docs/cybs/en-us/api-fields/reference/all/rest/api-fields/otp.md "") : Required when issuerAuthCode is not included in the request. [stepUpOption.id](https://developer.cybersource.com/docs/cybs/en-us/api-fields/reference/all/rest/api-fields/step-up-opt-aa/step-up-opt-id.md "") : Related Information ------------------- * [API Field Reference for the REST API](https://developer.cybersource.com/docs/cybs/en-us/api-fields/reference/all/rest/api-fields/rest-api-fields-intro.md "") {#tms-net-tkn-card-stepup-otp-step2-reqfields_d45e75} REST Example: Validating an OTP or Issuer Authentication Code {#tms-net-tkn-card-stepup-otp-step2-ex-rest} ========================================================================================================== Request ``` { "clientCorrelationId": "aB3cD4eF5gH6iJ7kL8mN9oP0qR1sT2uV3wX", "stepUpOption": { "id": "YWEwMjFhZmFkZDU4ZWI0NDJjYTM0MzY4OTY1YjdhMDE=" }, "otp": "456789", "issuerAuthCode": "HTZlY2YwOWQ3MDZmYWZj4GMww2Y0YjllZWFkODZkHJI=" } ``` {#tms-net-tkn-card-stepup-otp-step2-ex-rest_d19e24} Response to a Successful Request ``` { "action": "AUTHENTICATION_REGISTRATION" } ```