Skip to main content

Overview

Verifies the 6-digit OTP provided by the customer when collecting their order. Upon successful verification, the order is automatically marked as picked_up and the customer receives a confirmation notification. This endpoint can verify OTP in two ways:
  1. Automatic verification: Store enters the OTP provided by customer
  2. Manual confirmation: Store confirms customer showed valid OTP on their device

Authentication

Requires authentication with JWT token. Only available to store_employee role.

Endpoint

POST /api/orders/:id/verify-otp

Path parameters

id
string
required
The unique order ID (MongoDB ObjectId)

Request body

otp
string
The 6-digit OTP provided by the customer
manualConfirm
boolean
Set to true to manually confirm the OTP was verified visually on customer’s device
You must provide either otp or set manualConfirm to true.

Response

success
boolean
Indicates if the OTP was verified successfully
message
string
Human-readable status message
data
object

OTP verification flow

  1. Store marks order as ready → OTP is generated
  2. Customer receives OTP via email and push notification
  3. Customer arrives at store and shows OTP
  4. Store verifies OTP using this endpoint
  5. Order is marked as picked_up
  6. Customer receives pickup confirmation
  7. readyExpiresAt is cleared (no-show timer cancelled)
OTPs expire after 10 minutes. If the OTP has expired, the store must mark the order as ready again to generate a new OTP.

Example request

curl -X POST https://api.campusbite.com/api/orders/65f7a8b9c1234567890abcde/verify-otp \
  -H "Authorization: Bearer STORE_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "otp": "573842"
  }'

Example response

{
  "success": true,
  "message": "OTP verified. Order marked as picked up.",
  "data": {
    "order": {
      "id": "65f7a8b9c1234567890abcde",
      "orderNumber": "ORD-20240318-001",
      "orderStatus": "picked_up",
      "paymentStatus": "success",
      "totalAmount": 249.50,
      "items": [
        {
          "menuItemId": "65f7a8b9c1234567890abcdf",
          "name": "Paneer Burger",
          "price": 120,
          "quantity": 1,
          "total": 120
        },
        {
          "menuItemId": "65f7a8b9c1234567890abce0",
          "name": "French Fries",
          "price": 80,
          "quantity": 1,
          "total": 80
        }
      ],
      "isOtpVerified": true,
      "readyAt": "2024-03-18T14:45:00.000Z",
      "readyExpiresAt": null,
      "customer": {
        "id": "65f7a8b9c1234567890abce6",
        "name": "Rahul Sharma",
        "email": "[email protected]"
      },
      "store": {
        "id": "65f7a8b9c1234567890abce2",
        "name": "Campus Cafe"
      },
      "createdAt": "2024-03-18T14:30:00.000Z",
      "updatedAt": "2024-03-18T14:50:00.000Z"
    }
  }
}

Error responses

OTP format and expiry

  • Format: 6-digit numeric code (e.g., 573842)
  • Expiry: 10 minutes from generation
  • Generation: Automatically created when order status changes to ready
  • Delivery: Sent via email and push notification to customer

Verification methods

Automatic verification

Recommended for stores with POS systems or dedicated order management apps:
  1. Ask customer for their OTP
  2. Enter the 6-digit code in your system
  3. Call API with otp parameter
  4. System validates and marks order as picked up

Manual confirmation

Recommended for busy environments or when customer shows OTP on their device:
  1. Ask customer to show OTP on their phone
  2. Visually verify the OTP matches your records
  3. Call API with manualConfirm: true
  4. System trusts your verification and marks order as picked up
Manual confirmation still validates that the OTP hasn’t expired, but it doesn’t check if the OTP value matches. Use this method when you’ve visually verified the OTP on the customer’s device.

No-show prevention

When OTP is verified:
  • readyExpiresAt timestamp is cleared
  • No-show timer is cancelled
  • Customer’s trust tier is preserved
If customer doesn’t arrive within 20 minutes:
  • Order is automatically cancelled
  • No-show penalty is applied
  • Customer’s trust tier may decrease

Build docs developers (and LLMs) love

Get started for freeTalk to us