Developer Programs
Vendor Integration Program (VIP)
Direct access to Jack Henry's technical integration resources.
Technical Account Manager (TAM)
Get technical integration help from a single point of contact.
Learn
Shared Responsibility
Learn about shared roles and responsibilities of customers and Jack Henry in open banking.
Developer Use Cases
Find a use case that fits your development needs.
Developer Video Gallery
Watch the latest demos, webinars, and more.
Developer Conference
Connect with industry leaders, gain insights from expert speakers, and explore our latest innovations.
Docs
Admin API
Create solutions for an institution's back office support tools.
Authentication Framework
Map customer identities to your existing system IDs.
Consumer API
Access financial data for user accounts, transactions, and more.
Data Broker
Get deeper access to financial institution data.
Enterprise Event System
Respond to events in real-time using this powerful pub/sub-based solution.
jXchange - REST API
Translate business information between Jack Henry and third-party applications using a REST-based API.
jXchange - SOAP API
Translate business information between Jack Henry and third-party applications using a SOAP-based API.
Operational Data Integration (ODI)
Get customized queries for bulk data needs.
Payments
Embed check deposits, ACH, bill pay, cards, and real-time payments.
Plugin Framework
Embed the best of the fintech world directly into your user's dashboard.
SymXchange
Query Symitar core member accounts, post transactions, run PowerOn scripts, and more.
Xperience
Modern UI that provides consistent visual integration across Jack Henry products.
Important notification about upcoming changes to the DMZ environment. Please read.
More info

One-Way, ENS Generated OTP Verification

Enterprise SOAP API > Tutorials > > Out of Band Validate > One-Way, ENS Generated OTP Verification

An explicit integration level, ENS consumer desires to send an OOB challenge to its recipient user’s mobile phone using an ENS-generated OTP verification value and consumer-provided message body. The consumer elects to verify the recipient’s response to the OOB challenge in its own application user interface.

Consumer Completed Pre-requites

The consumer has previously completed the following pre-requisites:

  • Determined the recipient’s mobile phone number to send in its OOB notification request.
  • Subscribed to receive ENS enterprise events.

Consumer Use Case Options

This tutorial example applies the following four consumer options:

  1. Explicit integration level.
  2. One-way verification.
  3. ENS-generated OTP verification value.
  4. Consumer-provided message body.

Steps

  1. Consumer presents the recipient OOB challenge instructions from its application user interface:
    • Select which mobile phone number should receive the OOB notification.
    • Press the “Verify Log In” button to trigger the OOB challenge notification.
  2. Consumer sends the <OOBValidateRq> notification request to the Enterprise OOB Service provided by ENS.
  3. ENS:
    • Validates the consumer’s request.
    • Generates a random 6-digit numeric OTP verification value
    • Returns the <OOBValidateRs> message with the verification value.
    • Returns the ENS–generated OTP in the <OTP> element of the <OOBValidateRs> message.
  4. ENS sends the OOB notification as an SMS message to the recipient’s mobile phone.
  5. Recipient responds to the OOB notification by entering the ENS-generated OTP value into the publisher’s application user interface.
  6. Publisher verifies recipient’s OOB challenge entry and confirms successful OOB verification to recipient user.

Flowchart

Click image to view on different tab

Example Messages

OOBValidate Request

This request sample below:

  • Specifies the consumer-provided message body containing the <%$otp%> system constant to:
    • Trigger ENS to generate a random OTP verification value.
    • Substitute the ENS-generated OTP value into the message body in replace of the system constant.
    • Return the ENS-generated OTP value in the <OOBValidateRs> message.
  • Specifies the “OneWay” canonical in the <OOBModeType> value.
XML
<SOAP-ENV:Body>
    <OOBValidateRq xmlns=“http://jackhenry.com/jxchange/TPG/2008”>
        <MsgRqHdr>
            <jXchangeHdr>
                <AuditUsrId>AuditUsrId1</AuditUsrId>
                <AuditWsId>AuditWsId1</AuditWsId>
            </jXchangeHdr>
        </MsgRqHdr>
        <PhoneNum>4175556652</PhoneNum>
        <SMSText>Ovation: Enter <%$otp%> in your Merchant Portal application to authorize log in. If receiving this msg unexpectedly, call 888-555-1212 for help.</SMSText>
        <OOBModeType>OneWay</OOBModeType>
    </OOBValidateRq>
</SOAP-ENV:Body>

OOBValidate Response

XML
<SOAP-ENV:Body>
    <OOBValidateRs xmlns=“http://jackhenry.com/jxchange/TPG/2008”>
        <MsgRsHdr>
            <jXchangeHdr>
                <AuditUsrId>AuditUsrId1</AuditUsrId>
                <AuditWsId>AuditWsId1</AuditWsId>
            </jXchangeHdr>
        </MsgRsHdr>
        <AlrtPkgId>a2a00a51-3a90-4d32-aa66-09997b82cf6f</AlrtPkgId>
        <OTP>851234</OTP>
        <RsStat>Success</RsStat>
    </OOBValidateRs>
</SOAP-ENV:Body>

Referenced and Associated Operations

It is highly recommended that as part of referencing this use case that a user becomes familiar with the following jXchange operations and their function. While the user may elect to not use the listed operation as part of their programming or workflow, knowledge of the operations listed below is essential to understanding the process set forth with this use case.

Detailed information about the operation, the request structure/response, error messages and other useful information can be obtained by clicking the operation name below.

Operation NameDescriptionXSD/WSDL Container
OOBValidateService designed to enhance Enterprise Notifications Services (ENS) to become a fully capable Enterprise Out of Band (OOB) service provider.IMS
Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Last updated Tue Jun 11 2024