This API allows enterprise applications to validate a Time-based One-Time Password (TOTP) submitted by a user. The TOTP is generated in the Ditto ID mobile app and is used for authentication or identity confirmation.
🔗 Endpoint
POST https://REL-ID-SERVER-IP:9442/v1/validate-totp
{
"timestamp": "2023-06-20T10:46:21UTC",
"status": 409,
"error": "Not Active",
"message": "validateTOTP is not allowed if user is in status BLOCKED",
"path": "/v1/validate-totp"
}
💥 500 - Server Error
{
"timeStamp": "2023-05-30T12:33:32IST",
"status": 500,
"error": "Internal Server Error",
"message": "Unexpected error occurred while processing request",
"path": "/v1/validate-totp"
}
📌 Notes
Supported hashing: SHA-256 (TOTP must be Base64 encoded)
Make sure the user's status is ACTIVE before invoking this API
Used TOTP values can still succeed but will return "Replay TOTP matched"