Effective:
- 27 February 2024 on Sandbox
- 20 March 2024 on Live
To reduce the risk of fraud, we are now limiting the number of times a one-time-password can be submitted incorrectly.
Secure UI Components
When the user inputs a wrong OTP, they will be shown an error message and will be allowed to re-enter a new OTP. If they reach the last try, a message will be shown specifying that is the last try. Once a wrong OTP is inputted for the last try the Secure UI Component will return an error event with code CHALLENGE_LIMIT_EXCEEDED.
Affected Secure UI Components:
API endpoints
We have introduced 2 new error codes for the HTTP 409 response:
ONE_CHALLENGE_LIMIT_REMAINING- returned when the user has one try leftCHALLENGE_LIMIT_EXCEEDED- returned when the user has exceeded their OTP retries
Affected API endpoints: