OTP Verification and Secure API

General
, ,
1

I’m currently working on a case type for an E-Seva Aadhaar Update application in Pega Platform. As part of the user verification process, I want to send an OTP to the Aadhaar registered mobile number of the citizen before allowing them to proceed with the update.

My current setup:

  • Case Type: AadhaarUpdate

  • Stage: Verification

  • I’ve captured the Aadhaar Number from the user

  • I want to trigger an OTP to the mobile number linked with Aadhaar (ideally from UIDAI or a secure API)

What I Need Help With:

  1. Is there a standard or recommended approach in Pega to send an OTP to the Aadhaar-linked mobile number?

  2. Does Pega provide any built-in integration or connector to UIDAI or similar government services?

  3. If an external API (e.g., UIDAI’s OTP service) is needed, how should I configure the connector rule (REST integration) and handle the authentication?

  4. How can I store the OTP temporarily and validate it against the user input in the next step?

  5. Any best practices for managing security (masking, expiration, retry limits)?

2

@JINNALAH17259236

To send an OTP to the Aadhaar-linked mobile number in your AadhaarUpdate case, you need to use an external API like UIDAI’s OTP service since Pega does not have a built-in connector. First, create a REST connector using the API URL provided by UIDAI, and set up authentication with headers like client ID and secret. After capturing the Aadhaar number, call this connector to send the OTP. Store the transaction ID and timestamp temporarily on a case-level clipboard page. In the next step, ask the user to enter the OTP and validate it by calling UIDAI’s OTP verification API using another REST connector. Make sure to add security measures like masking the Aadhaar number, setting an expiry time for OTP (e.g., 5 minutes), and limiting retry attempts (e.g., max 3 times). Also, do not save OTP or Aadhaar data in the database without encryption