orderConfirmOtp

Overview

Use this mutation to confirm an OTP tied to an order (for example, COD verification). Provide the encryption key, phone, and country as expected by your backend. On success, you receive a token used for subsequent order operations.

• Type: GraphQL Mutation
• Endpoint: https://subdomain.com
• Authentication: Public (OTP confirmation)

Mutation

mutation OrderConfirmOtp($input: OrderOtpConfirmInput!) {
  orderConfirmOtp(input: $input) {
    success
    message
    token
  }
}

Variables

{
  "input": {
    "encryptionKey": "<ENCRYPTION_KEY>",
    "phone": "+966500000000",
    "country": "SA"
  }
}

Examples

cURL

curl -X POST \
  https://subdomain.com \
  -H "Content-Type": "application/json" \
  --data-binary @- << 'EOF'
{
  "query": "mutation OrderConfirmOtp($input: OrderOtpConfirmInput!) { orderConfirmOtp(input: $input) { success message token } }",
  "variables": {
    "input": {
      "encryptionKey": "<ENCRYPTION_KEY>",
      "phone": "+966500000000",
      "country": "SA"
    }
  }
}
EOF

JavaScript (fetch)

const res = await fetch('https://subdomain.com', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    query: `
      mutation OrderConfirmOtp($input: OrderOtpConfirmInput!) {
        orderConfirmOtp(input: $input) {
          success
          message
          token
        }
      }
    `,
    variables: {
      input: {
        encryptionKey: '<ENCRYPTION_KEY>',
        phone: '+966500000000',
        country: 'SA',
      },
    },
  }),
});
const json = await res.json();

Notes

• encryptionKey usually comes from createCheckoutToken or buyNow; ensure you pass the latest value.
• Treat the returned token like other auth tokens—store securely for the active session.
• Handle error messages for invalid/expired OTPs and prompt users to resend if needed.