...

1. App calls /transact with the right auth details

2. Provider responds with WaitingForOTP or PendingValidation as may be required

3. App calls /transact/validate to supply OTP if needed

4. Provider responds with any of the completion codes Successful or Failed.

5. To query the status of a transaction, the app can call /transact/query

6. Where the provider supports it, the app can call /transact/reverse to request a reversal

There are two scenarios to this:

Scenario 1: Provider does 2FA on transaction

Scenario 2: Provider MS does 2FA on transaction

INTERFACE SPECIFICATION (APP → ONEPIPE)

...