API Method: `POST /api/CodeVerification/check`

Action: Verify Submitted Code

Description:

This API method is used to validate a verification code previously sent to a user via the /api/CodeVerification/send endpoint. The code is checked in the context of a specific action (such as login, transaction approval, password reset, etc.) defined by the shortMessageType parameter. If the code is valid and not expired, the action can proceed.

Endpoint:

POST https://api.banking.netevia.dev/api/CodeVerification/check

Functionality:

Purpose: Confirms that the user-provided verification code matches the one generated for a specific action.
Use Case: Commonly used in multi-factor authentication (MFA) flows to confirm identity or authorization before allowing sensitive operations.

Request Headers:

Authorization: Bearer token (if required by context)
Content-Type: application/json

Request Body Parameters:

Parameter	Type	Required	Description
`code`	string	Yes	The verification code entered by the user. Must be at least 1 character.
`shortMessageType`	string	Yes	The context or purpose for the code verification.

Accepted Values for `shortMessageType`:

UNKNOWN: Unspecified or default type.
APPROVE_TRANSACTION: Approval required for a financial transaction.
APPROVE_PAYEE: Approval for adding or modifying a payee.
ApproveLinkedAccount: Approval to link an external account.
RestorePassword: Verification for password reset.
AttemptLogin: Verification for login attempt.
TransferPoints: Authorization to transfer reward/loyalty points.
SetEwaRequest: Approval for an Earned Wage Access (EWA) request.
ContactInfoUpdateRequest: Verification for updating contact information.

Example Request:

{
  "code": "742839",
  "shortMessageType": "RestorePassword"
}

Example Response:

{
  "status": "verified",
  "message": "Verification successful."
}

Response Codes:

200 OK: The code is valid and has been successfully verified.
400 Bad Request: The code is invalid, expired, or the parameters are missing/malformed.
401 Unauthorized: Authentication token is invalid or missing.
403 Forbidden: The code is incorrect or has already been used.
429 Too Many Requests: Too many incorrect attempts; verification temporarily blocked.
500 Internal Server Error: Unexpected server error during verification process.

Notes:

Security Considerations:
- Codes typically expire after a short period for security reasons.
- Multiple failed attempts may trigger a lockout or delay.
Pairing with Send Endpoint:
- This method should always follow a successful call to /api/CodeVerification/send.

This method ensures the legitimacy of user actions and helps enforce secure workflows for all critical operations within the banking application.

200Success