> ## Documentation Index > Fetch the complete documentation index at: https://developer.nomba.com/llms.txt > Use this file to discover all available pages before exploring further. # Request OTP before saving a user's card > Use this endpoint to request an OTP to be sent to be sent to the users phone number to authenticate the user before saving the card. This endpoint is called after payment is successful, and the user requested to save their card for later. ## OpenAPI ````yaml post /v1/checkout/user-card/auth openapi: 3.0.1 info: description: '' title: Vendor API version: 1.0.0 servers: - description: Production url: https://api.nomba.com - description: Sandbox url: https://sandbox.nomba.com security: [] tags: - name: Authenticate - name: Accounts - name: Virtual Accounts - name: Online Checkout - name: Charge - name: Transfers - name: Direct Debits - name: Terminals - name: Transactions - name: Airtime and Data Vending - name: Electricity Vending - name: CableTV Subscription - name: Betting Vending paths: /v1/checkout/user-card/auth: post: tags: - Charge summary: Request OTP before saving a user's card description: >- Use this endpoint to request an OTP to be sent to be sent to the users phone number to authenticate the user before saving the card. This endpoint is called after payment is successful, and the user requested to save their card for later. operationId: 'Request user OTP to authenticate user ' requestBody: content: application/json: schema: $ref: '#/components/schemas/CheckoutAuthenticateUserRequest' description: Request OTP before saving a user's card required: true responses: '200': content: application/json: schema: type: object properties: code: type: string example: '00' description: Response Code description: type: string example: Success description: Response description data: $ref: '#/components/schemas/CheckoutDataResponse' required: - code - description - data description: OK - your request was successful. headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: string example: '40' X-Rate-Limit-Remaining: description: The number of remaining requests in the current period schema: type: string example: '39' X-Rate-Limit-Window: description: The specified rate limit window schema: type: string example: 1s '400': content: application/json: schema: $ref: '#/components/schemas/RequestError' description: The request body sent by merchant did not pass the validation checks '401': content: application/json: schema: $ref: '#/components/schemas/AuthenticationError' description: >- The access_token provided to access the resource is missing or invalid. '403': content: application/json: schema: $ref: '#/components/schemas/AuthorizationError' description: The client does not have the permissions to access this resource '404': content: application/json: schema: $ref: '#/components/schemas/RecordNotFoundError' description: The record that the client is trying to access does not exist. '429': content: application/json: schema: $ref: '#/components/schemas/RateLimitError' description: >- The client has maxed out the number of calls within a time period on this resource. '500': content: application/json: schema: $ref: '#/components/schemas/ServerError' description: Downstream system error. security: - BearerAuth: [] components: schemas: CheckoutAuthenticateUserRequest: type: object properties: orderReference: type: string description: order reference example: c4307d58-2513-41d8-b7f7-dfecd5f9fdbe phoneNumber: type: string description: customer's phone number example: '08012345678' required: - orderReference - phoneNumber CheckoutDataResponse: type: object properties: success: type: boolean description: true is the transaction was successful example: 'true' message: type: string description: details response message example: success required: - success - message RequestError: type: object description: Request Error response. properties: code: type: string description: API error code. example: '400' description: type: string description: Additional details about the error. example: Request failed. AuthenticationError: type: object description: Authentication Error response. properties: code: type: string description: API error code. example: '401' description: type: string description: Additional details about the error. example: Unauthorized AuthorizationError: type: object description: Permissions error response. properties: code: type: string description: API error code. example: '403' description: type: string description: Additional details about the error. example: Forbidden RecordNotFoundError: type: object description: Record-Not-Found error response. properties: code: type: string description: API error code. example: '404' description: type: string description: Additional details about the error. example: Record not found RateLimitError: type: object description: Rate-limit error response. properties: code: type: string description: API error code. example: '429' description: type: string description: Additional details about the error. example: Too many requests ServerError: type: object description: Server error response. properties: code: type: string description: API error code. example: '500' description: type: string description: Additional details about the error. example: Server error securitySchemes: BearerAuth: description: >- Nomba authenticates API calls with [OAuth2 HTTP bearer tokens](http://tools.ietf.org/html/rfc6750). There are two methods of authentication; [Client-Credentials method](https://www.rfc-editor.org/rfc/rfc6749) and [PKCE (Proof Key for Code Exchange)](https://www.rfc-editor.org/rfc/rfc7636) method. In each of the methods, You will get an `ACCESS_TOKEN`. You need to use an `"Authorization"` HTTP header to provide your `ACCESS_TOKEN`. For example: `Authorization: {ACCESS_TOKEN}`. scheme: bearer type: http bearerFormat: JWT ````