Developer Programs
Vendor Integration Program (VIP)
Direct access to Jack Henry's technical integration resources.
Technical Account Manager (TAM)
Get technical integration help from a single point of contact.
Learn
Shared Responsibility
Learn about shared roles and responsibilities of customers and Jack Henry in open banking.
Developer Use Cases
Find a use case that fits your development needs.
Developer Video Gallery
Watch the latest demos, webinars, and more.
Developer Conference
Connect with industry leaders, gain insights from expert speakers, and explore our latest innovations.
Docs
Admin API
Create solutions for an institution's back office support tools.
Authentication Framework
Map customer identities to your existing system IDs.
Consumer API
Access financial data for user accounts, transactions, and more.
Data Broker
Get deeper access to financial institution data.
Enterprise Event System
Respond to events in real-time using this powerful pub/sub-based solution.
jXchange - REST API
Translate business information between Jack Henry and third-party applications using a REST-based API.
jXchange - SOAP API
Translate business information between Jack Henry and third-party applications using a SOAP-based API.
Operational Data Integration (ODI)
Get customized queries for bulk data needs.
Payments
Embed check deposits, ACH, bill pay, cards, and real-time payments.
Plugin Framework
Embed the best of the fintech world directly into your user's dashboard.
SymXchange
Query Symitar core member accounts, post transactions, run PowerOn scripts, and more.
Xperience
Modern UI that provides consistent visual integration across Jack Henry products.
Important notification about upcoming changes to the DMZ environment. Please read.
More info

Two-Way, Publisher Provided OTP Verification

Enterprise SOAP API > Tutorials > > Out of Band Validate > Two-Way, Publisher Provided OTP Verification

An ENS publisher desires to send an OOB challenge to one of its recipient user’s mobile phone using a publisher-provided, OTP verification value. The publisher elects the ENS provider to verify the recipient’s response to the OOB challenge. The publisher elects to use a verification salt value.

Publisher Completed Pre-requites

The publisher has previously completed the following pre-requisites:

  • Deployed its “Omni-Channel OOB Challenge” notification to ENS.
  • Added the recipient and subscription information in ENS, which includes:
    • The recipient and subscription information records.
    • Recipient’s “Home phone” and “Work phone” contact ID’s and contact points in the recipient record.
    • Both contact ID’s assigned for the SMS channel in the recipient’s subscription to the notification.
  • Subscribed to receive ENS enterprise events.

Publisher Use Case Options

This tutorial example applies the following four publisher options:

  1. Recipient-subscription integration level.
  2. Two-way verification.
  3. Publisher-provided, OTP verification value.
  4. Published notification message body.

Steps

  1. Publisher generates a random OTP verification value.
  2. Publisher presents the recipient OOB challenge instructions from its application user interface:
    • Select which mobile phone number should receive the OOB notification.
    • Press the “Verify Log In” button to trigger the OOB challenge notification.
    • Respond in the application user interface using the publisher–generated OTP verification value provided in the message body.
  3. Publisher sends the <OOBValidateRq> notification request to the Enterprise OOB Service provided by ENS, which includes the verification and salt values.
  4. ENS validates the publisher’s request and returns the <OOBValidateRs> message to the publisher.
  5. ENS adds a new OOB session for the publisher’s two-way use case.
  6. ENS sends the OOB notification as an SMS message to the recipient’s mobile phone.
  7. Recipient responds via SMS text message as instructed in the OOB notification using the OTP verification value shown in the publisher’s application user interface.
  8. ENS verifies the recipient’s response containing the OTP verification value.
  9. ENS sends a “90040 – ENS Publisher Feedback” enterprise event confirming that the recipient successfully verified the OOB challenge.
  10. Publisher receives the enterprise event and confirms successful OOB verification to recipient user.

Flowchart

Click image to view on different tab

Example Messages

OOBValidate Request

This request sample below:

  • Includes the publisher-provided OTP as a standard substitution parameter.
  • Provides an optional salt value as an additional security measure to the verification value.
XML
<SOAP-ENV:Body>
    <OOBValidateRq xmlns=“http://jackhenry.com/jxchange/TPG/2008”>
        <MsgRqHdr>
            <jXchangeHdr>
                <AuditUsrId>AuditUsrId1</AuditUsrId>
                <AuditWsId>AuditWsId1</AuditWsId>
            </jXchangeHdr>
        </MsgRqHdr>
        <AlrtName>Omni-Channel OOB Challenge</AlrtName>
        <OOBRecipInfoRec>
            <ConsmRecipId>CIF07965</ConsmRecipId>
            <OOBRecipInfoArray>
                <OOBRecipConIdInfoRec>
                    <RecipConId>Home phone</RecipConId>
                </OOBRecipConIdInfoRec>
            </OOBRecipInfoArray>
        </OOBRecipInfoRec>
        <VerifVal>65832</VerifVal>
        <EncryptVerifValSalt>Ov@t1on0125</EncryptVerifValSalt>
    </OOBValidateRq>
</SOAP-ENV:Body>

OOBValidate Response

XML
<SOAP-ENV:Body>
    <OOBValidateRs xmlns=“http://jackhenry.com/jxchange/TPG/2008”>
        <MsgRsHdr>
            <jXchangeHdr>
                <AuditUsrId>AuditUsrId1</AuditUsrId>
                <AuditWsId>AuditWsId1</AuditWsId>
            </jXchangeHdr>
        </MsgRsHdr>
        <AlrtPkgId>2f26c0bf-5762-40a2-a5e7-ca6ffcef06e9</AlrtPkgId>
        <RsStat>Success</RsStat>
    </OOBValidateRs>
</SOAP-ENV:Body>

Referenced and Associated Operations

It is highly recommended that as part of referencing this use case that a user becomes familiar with the following jXchange operations and their function. While the user may elect to not use the listed operation as part of their programming or workflow, knowledge of the operations listed below is essential to understanding the process set forth with this use case.

Detailed information about the operation, the request structure/response, error messages and other useful information can be obtained by clicking the operation name below.

Operation NameDescriptionXSD/WSDL Container
OOBValidateService designed to enhance Enterprise Notifications Services (ENS) to become a fully capable Enterprise Out of Band (OOB) service provider.IMS
Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Last updated Tue Jun 11 2024