This API generates a wallet token after successful OTP verification, enabling secure and seamless wallet transactions.
Environment
| Environment | URL |
|---|---|
| Test | https://test.mobikwik.com/tokengenerate |
| Production | https://walletapi.mobikwik.com/tokengenerate |
Method: POST
Request parameters
| Parameter | Description | Example |
|---|---|---|
midmandatory | String Unique parent merchant ID | MBK9006 |
cellmandatory | String Mobile number of the user | 9311032820 |
msgcodemandatory | String Message code to be sent | 504 |
merchantnamemandatory | String Alias for the merchant | TestMerchant |
amountmandatory | Integer Maximum cap amount (not transaction amount) | 200 |
otpmandatory | Integer OTP received on registered mobile number | 123456 |
tokentypemandatory | Integer Token type (1 for token generation) | 1 |
checksummandatory | String Calculated checksum for validation | calculated_hash |
aggregatedMerchantIdoptional | String Unique ID for aggregated merchants (For Aggregators Only) | AGG123 |
Notes:
- The
amountparameter represents the maximum cap amount, not the actual transaction amount- Token validity is 365 days (one year) by default, but can be customized per merchant requirements
- If the user doesn't have a MobiKwik account, it will be created after submitting OTP
Checksum generation
For aggregators
Format: 'amount''cell''merchantname''mid''msgcode''otp''tokentype''aggregatedMerchantId'
For direct merchants
Format: 'amount''cell''merchantname''mid''msgcode''otp''tokentype'
Algorithm: HMAC SHA256
Secret Key: Provided by Mobikwik during merchant onboarding
📘 Note: For merchant MBK9006, the secret key is ju6tygh7u7tdg554k098ujd5468o. Each merchant will receive their unique secret key.
Sample request
POST https://test.mobikwik.com/tokengenerate
Content-Type: application/x-www-form-urlencoded
mid=MBK9006&cell=9311032820&msgcode=504&merchantname=TestMerchant&amount=200&otp=123456&tokentype=1&checksum=calculated_hash_valueResponse parameters
| Field | Description | Example |
|---|---|---|
| messagecode | String Message code from request | 504 |
| status | String Transaction status | SUCCESS |
| statuscode | String Numeric status code | 0 |
| statusdescription | String Description of the status | Token generated successfully |
| token | String Generated wallet token | MBK_TOKEN_123456789 |
| checksum | String Response checksum for validation | 8feac7700a4efd1ef08ea0ec5bf5921c3f1fc3398944421978794b9ada1c2c47 |
Response attributes
| Status | Status Code | Status description |
| FAILURE | 22 | Merchant does not Exist |
| FAILURE | 50 | Order Id already processed with this merchant |
| FAILURE | 53 | Parameter email is invalid |
| FAILURE | 54 | Parameter amount must be numeric with max 2 decimal places only |
| FAILURE | 55 | Parameter cell is invalid. It must be numeric, have 10 digits and start with 7,8 or 9 |
| FAILURE | 99 | Unexpected Error |
| FAILURE | 150 | Invalid Message code specified in Input |
| FAILURE | 155 | EIther OTP missing or Invalid OTP |
| FAILURE | 158 | Please Provide either registered mobikwik Email or Mobile (Not Both) to uniquely identify you |
| FAILURE | 181 | Either Email or Mobile is required for OTP generation |
| FAILURE | 190 | Token Or OTP missing |
| FAILURE | 198 | Either Token missing or Invalid Token or Token Expired |
| FAILURE | 200 | Provide Either OTP or Token |
| SUCCESS | 0 | Transaction completed successfully |
| FAILURE | 157 | Either Email or Mobile is required for OTP generation |
| FAILURE | 161 | Invalid OTP generated Wrong transaction details |
| FAILURE | 162 | Invalid OTP generated Wrong transaction amount |
| FAILURE | 163 | Invalid OTP generated OTP Exired |
| FAILURE | 164 | Either Invalid OTP (Expiry or OTP mismatch) or OTP mismatched due to mismatch in order id or transaction amount |
| FAILURE | 200 | Provide Either OTP or Token |
| FAILURE | 450 | OTP is expired. Please retry again. |
| FAILURE | 198 | Either Token missing or Invalid Token or Token Expired |
| FAILURE | 199 | Either Invalid Token (Expiry or Token mismatch) or Token mismatched due to transaction amount exceeding authorized amount |
| FAILURE | 200 | Provide Either OTP or Token |
| FAILURE | 154 | Invalid OTP Type Selected |
📘 Note: Always validate the response checksum to ensure data integrity and security.
Sample response
Notes:
- Always validate the response checksum for security
- Store tokens securely and implement proper token lifecycle management
- The generated token is required for wallet debit operations
Success response
{
"messagecode": "504",
"status": "SUCCESS",
"statuscode": "0",
"statusdescription": "Token generated successfully",
"token": "MBK_TOKEN_123456789",
"checksum": "8feac7700a4efd1ef08ea0ec5bf5921c3f1fc3398944421978794b9ada1c2c47"
}Failure scenarios
- Failure response - Invalid OTP
{
"messagecode": "504",
"status": "FAILURE",
"statuscode": "101",
"statusdescription": "Invalid OTP provided",
"checksum": "f25ac916fe4806591e16269fc912771456437b784fa144a77fa9842d154920cc"
}- Failure response - OTP Expired
{
"messagecode": "504",
"status": "FAILURE",
"statuscode": "102",
"statusdescription": "OTP has expired",
"checksum": "e35bc916fe4806591e16269fc912771456437b784fa144a77fa9842d154920dd"
}Status codes
| Status | Status Code | Description |
|---|---|---|
| SUCCESS | 0 | Token generated successfully |
| FAILURE | 101 | Invalid OTP provided |
| FAILURE | 102 | OTP has expired |
| FAILURE | 103 | Maximum OTP attempts exceeded |
| FAILURE | Various | Other validation errors |
Token Management
Token Characteristics
- Default Validity: 365 days (1 year)
- Customizable: Validity period can be modified per merchant requirements
- Usage: Required for all wallet debit operations
- Security: Each token is unique and tied to specific user-merchant combination
Token Storage
- Store the generated token securely on your servers
- Use the token for subsequent wallet operations without requiring OTP
- Implement token refresh mechanisms before expiry