/v1/sessions/{id}/mfa/generate

Updated on Aug 6, 2025
Published on Jan 30, 2025

Prev Next

Post

Generates a multi-factor authentication (MFA) session for the Aadhaar Database Verification Check.

Can be used to re-trigger the MFA flow in case the end-user did not receive the one-time password (OTP).

Note: always ensure that you use the correct API URL to send requests. See the API URL section for more info.

Security

API Key: api_key

Header parameter namex-auth-client

Your integration's API key (occasionally referred to the "Token", "API public key" or "Publishable key")

Header parameters

x-hmac-signature

stringRequired

Path parameters

stringRequired

Body parameters

Identifier and OTP type

object

identifier

string Required

End-user’s Aadhaar number, can contain only numbers

Example111122223333

type

string Required

Indicates the registry being called, in this case always "aadhaar"

Exampleaadhaar

Responses

200

Headers

x-auth-client

string

Your integration's API key. Required to identify the request or response sender. Occasionally referred to as the "API token".

x-hmac-signature

string

Response body signed with the shared secret key. Required to authenticate the response sender.

vrf-auth-client

string

Your integration's API key. Required to identify the request or response sender. Same as x-auth-client.

vrf-hmac-signature

string

Response body signed with the shared secret key. Required to authenticate the response sender. Same as x-hmac-signature.

object

sessionId

string

Identifier of the verification session the OTP is created for

Exampled91deadc-11ca-4f0a-8dcb-d82aa96f58b7

status

string

Indicates if the OTP generation was successful or not

Valid values[ "success", "fail" ]

Examplesuccess

reason

string

Indicates the issue why the request failed. Only sent if it failed

Examplemfa already completed

400

Bad request

object

status

string

Valid values[ "fail" ]

Examplefail

code

string

Example1101

message

string

ExampleValidation failed

401

Unauthorized

object

status

string

Valid values[ "fail" ]

Examplefail

code

string

Example1101

message

string

ExampleMandatory X-AUTH-CLIENT header containing the API key is missing from the request.

500

Internal server error

object

status

string

Valid values[ "fail" ]

Examplefail

code

string

Example1101

message

string

ExampleSomething went wrong

Document Versioning

Article Versioning

Date	Description
Aug 6, 2025	Response headers added
Mar 17, 2025	In Response, `status` parameter changed from `boolean` to `string`, valid values: `success`, `fail`
Mar 12, 2025	Documentation published

Was this article helpful?