> ## Documentation Index > Fetch the complete documentation index at: https://developer.nomba.com/llms.txt > Use this file to discover all available pages before exploring further. # Submit user OTP > Use this endpoint to submit the user OTP send to the user's mobile number. This will result in the user's card being saved for later use. ## OpenAPI ````yaml post /v1/checkout/user-card openapi: 3.0.1 info: description: '' title: Vendor API version: 1.0.0 servers: - description: Production url: https://api.nomba.com - description: Sandbox url: https://sandbox.nomba.com security: [] tags: - name: Authenticate - name: Accounts - name: Virtual Accounts - name: Online Checkout - name: Charge - name: Transfers - name: Direct Debits - name: Terminals - name: Transactions - name: Airtime and Data Vending - name: Electricity Vending - name: CableTV Subscription - name: Betting Vending paths: /v1/checkout/user-card: post: tags: - Charge summary: Submit user OTP description: >- Use this endpoint to submit the user OTP send to the user's mobile number. This will result in the user's card being saved for later use. operationId: Submit User OTP requestBody: content: application/json: schema: $ref: '#/components/schemas/CheckoutSubmitUserOTPRequest' description: Submit User OTP required: true responses: '200': content: application/json: schema: type: object properties: code: type: string example: '00' description: Response Code description: type: string example: Success description: Response description data: $ref: '#/components/schemas/CheckoutDataResponse' required: - code - description - data description: OK - your request was successful. headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: string example: '40' X-Rate-Limit-Remaining: description: The number of remaining requests in the current period schema: type: string example: '39' X-Rate-Limit-Window: description: The specified rate limit window schema: type: string example: 1s '400': content: application/json: schema: $ref: '#/components/schemas/RequestError' description: The request body sent by merchant did not pass the validation checks '401': content: application/json: schema: $ref: '#/components/schemas/AuthenticationError' description: >- The access_token provided to access the resource is missing or invalid. '403': content: application/json: schema: $ref: '#/components/schemas/AuthorizationError' description: The client does not have the permissions to access this resource '404': content: application/json: schema: $ref: '#/components/schemas/RecordNotFoundError' description: The record that the client is trying to access does not exist. '429': content: application/json: schema: $ref: '#/components/schemas/RateLimitError' description: >- The client has maxed out the number of calls within a time period on this resource. '500': content: application/json: schema: $ref: '#/components/schemas/ServerError' description: Downstream system error. security: - BearerAuth: [] components: schemas: CheckoutSubmitUserOTPRequest: type: object properties: orderReference: type: string description: order reference example: c4307d58-2513-41d8-b7f7-dfecd5f9fdbe phoneNumber: type: string description: customer's phone number example: '08012345678' otp: type: string description: otp send to the customer's mobile phone example: '1234' required: - orderReference - phoneNumber - otp CheckoutDataResponse: type: object properties: success: type: boolean description: true is the transaction was successful example: 'true' message: type: string description: details response message example: success required: - success - message RequestError: type: object description: Request Error response. properties: code: type: string description: API error code. example: '400' description: type: string description: Additional details about the error. example: Request failed. AuthenticationError: type: object description: Authentication Error response. properties: code: type: string description: API error code. example: '401' description: type: string description: Additional details about the error. example: Unauthorized AuthorizationError: type: object description: Permissions error response. properties: code: type: string description: API error code. example: '403' description: type: string description: Additional details about the error. example: Forbidden RecordNotFoundError: type: object description: Record-Not-Found error response. properties: code: type: string description: API error code. example: '404' description: type: string description: Additional details about the error. example: Record not found RateLimitError: type: object description: Rate-limit error response. properties: code: type: string description: API error code. example: '429' description: type: string description: Additional details about the error. example: Too many requests ServerError: type: object description: Server error response. properties: code: type: string description: API error code. example: '500' description: type: string description: Additional details about the error. example: Server error securitySchemes: BearerAuth: description: >- Nomba authenticates API calls with [OAuth2 HTTP bearer tokens](http://tools.ietf.org/html/rfc6750). There are two methods of authentication; [Client-Credentials method](https://www.rfc-editor.org/rfc/rfc6749) and [PKCE (Proof Key for Code Exchange)](https://www.rfc-editor.org/rfc/rfc7636) method. In each of the methods, You will get an `ACCESS_TOKEN`. You need to use an `"Authorization"` HTTP header to provide your `ACCESS_TOKEN`. For example: `Authorization: {ACCESS_TOKEN}`. scheme: bearer type: http bearerFormat: JWT ````