/v1/sessions/{id}/mfa/generate

Prev Next
Post
/v1/sessions/{id}/mfa/generate

Generates a multi-factor authentication (MFA) session for the Aadhaar Database Verification Check. 

Can be used to re-trigger the MFA flow in case the end-user did not receive the one-time password (OTP).


Note: always ensure that you use the correct API URL to send requests. See the API URL section for more info.

Security
API Key: api_key
Header parameter namex-auth-client

Your integration's API key (occasionally referred to the "Token", "API public key" or "Publishable key")

Header parameters
x-hmac-signature
stringRequired
Path parameters
id
stringRequired
Body parameters

Identifier and OTP type

object
identifier
string Required

End-user’s Aadhaar number, can contain only numbers

Example111122223333
type
string Required

Indicates the registry being called, in this case always "aadhaar"

Exampleaadhaar
Responses
200
Headers
x-auth-client
string
Your integration's API key. Required to identify the request or response sender. Occasionally referred to as the "API token".
x-hmac-signature
string
Response body signed with the shared secret key. Required to authenticate the response sender.
vrf-auth-client
string
Your integration's API key. Required to identify the request or response sender. Same as x-auth-client.
vrf-hmac-signature
string
Response body signed with the shared secret key. Required to authenticate the response sender. Same as x-hmac-signature.
object
sessionId
string

Identifier of the verification session the OTP is created for

Exampled91deadc-11ca-4f0a-8dcb-d82aa96f58b7
status
string

Indicates if the OTP generation was successful or not

Valid values[ "success", "fail" ]
Examplesuccess
reason
string

Indicates the issue why the request failed. Only sent if it failed

Examplemfa already completed
400

Bad request

object
status
string
Valid values[ "fail" ]
Examplefail
code
string
Example1101
message
string
ExampleValidation failed
401

Unauthorized

object
status
string
Valid values[ "fail" ]
Examplefail
code
string
Example1101
message
string
ExampleMandatory X-AUTH-CLIENT header containing the API key is missing from the request.
500

Internal server error

object
status
string
Valid values[ "fail" ]
Examplefail
code
string
Example1101
message
string
ExampleSomething went wrong



Document Versioning

Article Versioning

Date

Description

Aug 6, 2025

Response headers added

Mar 17, 2025

In Response, `status` parameter changed from `boolean` to `string`, valid values: `success`, `fail`

Mar 12, 2025

Documentation published