GSTN OTP request Call
URL#
Refer to API Ecosystem and NIC API document to form the correct URL.
The below example is provided for version: v1.0
The HTTP method required is: POST
The endpoint you shall be accessing is: <base_url>/gus/taxpayerapi/v1.0/authenticate
Headers#
The headers will look somewhat like follows.
| Name | Value |
|---|---|
| clientid | <your-client-id> |
| client-secret | <your-client-secret> |
| state-cd | <first-two-digits-of-your-gstin> |
| ip-usr | XXX.XXX.XXX.XXX |
| txn | <random-transaction-id> |
| Content-Type | application/json |
| X-Asp-Auth-Token | <your-X-Asp-Auth-Token> |
| X-Asp-Auth-Signature | <your-X-Asp-Auth-Signature> |
Note that the details of how to construct the X-Asp-Auth-Token is covered in greater details in Building a Vayana GSP Auth Token
Request Payload#
To Understand how Request and Response payloads should be, refer to GST Developer Portal
The initial payload shall be like follows
{
"action": "OTPREQUEST",
"username": "your_username",
"app_key": "app_key_you_generated_for_this_request_encrypted_by_provided_public_key"
}
The values for app_key will need to be encrypted using the public key. The resultant payload with encrypted values looks like follows.
{
"action": "OTPREQUEST",
"app_key": "48Kw7zR3L9nsbBJI3BJBmg8K0cx/XoGzR6uJHcBCuEPUlBTDPLochguhJk1DTvvHYQqQwaU0yhOqfZHgalD9sGMikaEBmY7Y1YcjP5drvwhmmcqQmCLK3D1FE18ditvlqV4DWou5feLM07QwWTj/i8mDwc5YgWz0cYnr6r7wnd2nlbmMxdHOYbKjOP6SxOdD2Gb6GZDI5+RFkkfGSPKwtvXR9NfZQaLaTIY1w8O0X0NI56C9oqjcqT5+FgdpTnLYc3rodHJuEFVgqfeTpWSk3QfAcnQg9P1N9Azcx2OI+AXbLLhcLLbSpfveelhaK02uEdUDYgGHfztr//9RPfqOzg==",
"username": "AkashSingh01"
}
This request has to be dispatched upon which you will get a response from the server that if all is successful will look somewhat like follows
Response payload#
{
"status_cd": "1"
}
GST system sends the OTP to the taxpayer’s primary business credentials through Email and SMS. You now have to use it to make the Authorization token generation call.
What you need to save#
We suggest you store these values so that they can be used until your authentication token is valid. These values are
- username and/or gstin: This is the username for which the following values have been generated
- app_key: This was an app_key that you generated when making the API calls