Validate a verification code

API Method: POST /api/CodeVerification/check

Action: Verify Submitted Code


Description:

This API method is used to validate a verification code previously sent to a user via the /api/CodeVerification/send endpoint. The code is checked in the context of a specific action (such as login, transaction approval, password reset, etc.) defined by the shortMessageType parameter. If the code is valid and not expired, the action can proceed.


Endpoint:

POST https://api.banking.netevia.dev/api/CodeVerification/check


Functionality:

  • Purpose: Confirms that the user-provided verification code matches the one generated for a specific action.
  • Use Case: Commonly used in multi-factor authentication (MFA) flows to confirm identity or authorization before allowing sensitive operations.

Request Headers:

  • Authorization: Bearer token (if required by context)
  • Content-Type: application/json

Request Body Parameters:

ParameterTypeRequiredDescription
codestringYesThe verification code entered by the user. Must be at least 1 character.
shortMessageTypestringYesThe context or purpose for the code verification.
Accepted Values for shortMessageType:
  • UNKNOWN: Unspecified or default type.
  • APPROVE_TRANSACTION: Approval required for a financial transaction.
  • APPROVE_PAYEE: Approval for adding or modifying a payee.
  • ApproveLinkedAccount: Approval to link an external account.
  • RestorePassword: Verification for password reset.
  • AttemptLogin: Verification for login attempt.
  • TransferPoints: Authorization to transfer reward/loyalty points.
  • SetEwaRequest: Approval for an Earned Wage Access (EWA) request.
  • ContactInfoUpdateRequest: Verification for updating contact information.

Example Request:

{
  "code": "742839",
  "shortMessageType": "RestorePassword"
}

Example Response:

{
  "status": "verified",
  "message": "Verification successful."
}

Response Codes:

  • 200 OK: The code is valid and has been successfully verified.
  • 400 Bad Request: The code is invalid, expired, or the parameters are missing/malformed.
  • 401 Unauthorized: Authentication token is invalid or missing.
  • 403 Forbidden: The code is incorrect or has already been used.
  • 429 Too Many Requests: Too many incorrect attempts; verification temporarily blocked.
  • 500 Internal Server Error: Unexpected server error during verification process.

Notes:

  • Security Considerations:
    • Codes typically expire after a short period for security reasons.
    • Multiple failed attempts may trigger a lockout or delay.
  • Pairing with Send Endpoint:
    • This method should always follow a successful call to /api/CodeVerification/send.

This method ensures the legitimacy of user actions and helps enforce secure workflows for all critical operations within the banking application.

Body Params

Request with data for check verification code

string
required
length ≥ 1
^\d{6}$

Code for passing verification

string
enum
required
Headers
string
enum
Defaults to application/json

Generated from available response content types

Allowed:
string
enum
Defaults to application/json

Generated from available request content types

Allowed:
Responses

400

Bad Request

404

Not Found

Language
Credentials
Bearer
JWT
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
text/plain
application/json
text/json