EKYC 3.0 - Login & Resume: Backend Developer Guide

Overview
Existing API Endpoints
AuthenticateLogin Flow
OTP Generation & Validation Flows
Email OTP Flow
Resume / Redirect Flow
Stored Procedures
Database Tables
External API Integrations
BRD 3.0 Mapping & Gap Analysis

1. Overview

The Login module handles returning users resuming their EKYC journey. After registration, the user's OTP is verified via AuthenticateLogin, then the system determines which stage to redirect the user to. The module also handles email OTP generation/validation and session resume from any stage.

Existing Code Location D:\MO_Project\ekyc\existing_code\Joruney_imp_code\Registration\LoginController.cs
D:\MO_Project\ekyc\existing_code\Joruney_imp_code\Registration\LoginRepository.cs

2. Existing API Endpoints

Controller: LoginController — Route: api/Login/{action}

Action	HTTP	Auth	Purpose	Repository Method
`AUTHENTICATELOGIN`	POST	Anonymous	Main login: validate mobile OTP, authenticate user	`AuthenticateLogin()`
`GENERATEOTP`	POST	Anonymous	Generate and send mobile OTP for login/resume	`GenerateOTP()`
`SENDSMS`	POST	Anonymous	Send SMS message (OTP or notification)	`SendSMS()`
`GETJWTTOKENID`	POST	Anonymous	Generate JWT token after authentication	`GetJWTTokenId()`
`INIT`	POST	Authorized	Initialize session, fetch client details	`GetClientDetails()`
`GETEMAIL`	POST	Authorized	Retrieve email for authenticated user	`GetEmailDetails()`
`GETMOBILE`	POST	Anonymous	Get mobile number from request	`GetMobile()`
`GetHolderMobileDetails`	POST	Authorized	Get joint holder mobile details	`GetHolderMobileDetails()`
`GENERATEEMAILOTP`	POST	Authorized	Generate OTP for email verification	`GenerateEmailOTP()`
`VALIDATEOTPEMAIL`	POST	Authorized	Validate email OTP	`ValidateOTPEmail()`
`REDIRECTTOPAGE`	POST	Anonymous	Get next page for journey redirect	`RedirectToPage()`
`RESUMEFORM`	POST	Authorized	Resume incomplete application form	`RESUMEFORM()`
`LEADDELETECLOUD`	POST	Anonymous	Delete lead from SuperApp cloud	`LEADDELETECLOUD()`
`ISALLOWREDIRECT`	POST	Anonymous	Check if redirect is allowed	`IsAllowRedirect()`
`PUSHDATAINDRISHTI`	POST	Authorized	Push user data to Drishti system	`PushDataInDrishti()`

3. AuthenticateLogin Flow

Entry: LoginController.AUTHENTICATELOGIN() → LoginRepository.AuthenticateLogin()

Step-by-Step Backend Execution

Log API Entry — InsertUpdateAPI_Flagwise(userId, "Registration", "AUTHENTICATELOGIN")

Determine BRBA Login — If BranchEmpCode + AppLoginId present and IsDIY != "1", set IsBRBALogin = "1" (branch/RM assisted).

Check Offline Client — _accountOpening.Check_Direct_Offline_Client_EXP(userId)
SP: [DIY].[USP_Check_Direct_Offline_Client_EXP_SJET]
If exists → block with message: "You are our existing client of {Branch} branch."

Decrypt Password/OTP — Decrypt(_password) using AES decryption. The encrypted OTP from client is decrypted server-side.

Authenticate User — _accountOpening.RESUME_AUTHENTICATE_USER_OTP_PASS(userId, decryptedOTP, uniqueId, isTruecaller, ...)
This calls OAO_SSO_AUTHENTICATE_USER or equivalent SP. Returns DataSet with user details if OTP matches.

Truecaller Handling — If isTruecaller == "1", validates Truecaller data and logs callback response.

Max Attempt Check — If authentication fails, increments failure counter. On max attempts exceeded, locks the account.

LeadSquare / Zoho Lead Creation — For DIRECT + Non-Zoho leads: Creates LSQ opportunity. Gets LSQ Lead ID. Creates activity log.
For Zoho leads: Handled via IsZohoLead flag from AppSettings.

Get Redirection Page — USP_GET_REDIRECTION_PAGENAME_SJET determines which stage/page the user should be redirected to based on their current progress.

Generate JWT Token — _jWToken.GenerateEKYCToken() creates a JWT with UserId, BranchEmpCode, IsMobileApp, IPAddress, AppVersion, DeviceId, IsBRBALogin, AppName embedded as claims.

Return Response — GetLoginDetails with: UserId, Status, Message, Token, PageName (redirect), LSQLeadId, OpportunityId, IsBRBALogin, ISSUPERAPP.

4. OTP Generation & Validation (Mobile)

4.1 Generate Mobile OTP

Validate mobile number format

Call SP: SEND_RESUME_OTP — generates OTP, stores in DB, returns unique identifier

Get SMS template from SMSTemplate

Send SMS via SingleMessageService.SingleMessageAsync() (SOAP)

Log SMS send to DB: [DIY].[USP_INSERT_SMS_SEND_API_LOG_SJET]

4.2 Validate Mobile OTP

Decrypt submitted OTP

Call SP: [DIY].[USP_VALIDATE_UPDATE_OTP_MOBILE_SJET] — compares submitted OTP with stored OTP, checks expiry, increments attempt counter

On success: Proceed to AuthenticateLogin flow

On failure: Return error with remaining attempts

5. Email OTP Flow

5.1 Generate Email OTP

Suspicious Email Check — Usp_GetSuspiciousPhoneOrEMailId checks if email is flagged

Domain Restriction — [DIY].[USP_RESTRICT_EMAIL_DOMAIN_SJET] blocks restricted email domains

Real-time Email Validation — CYBRIDGE API validates email deliverability

Karza Email Validation — Secondary validation via Karza API

Bypass Check — [DIY].[USP_BYPASS_MOBILE_EMAIL_PAN_SJET] with TYPE='EMAIL' — checks if email duplicate can be bypassed

Generate OTP — Random OTP generated. Stored via [DIY].[USP_SEND_RESUME_EMAILOTP_SJET]

Send Email — sendMail_Netcore() sends OTP email via Netcore email API

5.2 Validate Email OTP

Extract UserId from JWT token claims

Call [DIY].[USP_VALIDATE_UPDATE_OTP_EMAIL_SJET] — validates OTP, checks expiry, attempt limits

On success:
• Update email stage: [DIY].[USP_UPDATE_OTPEMAIL_STAGE_SJET]
• If ISSUPERAPP=1: Call SuperApp API for ClientCode generation
• Update StageDetails for tracking

Dedupe check: [DIY].[USP_CHECK_NINTY_DAY_LOGIC_LSQ_SJET] — 90-day logic

Return redirect page info via [DIY].[USP_GET_REDIRECTION_PAGENAME_SJET]

6. Resume / Redirect Flow

6.1 RESUMEFORM Endpoint

Used when a user returns to continue their incomplete application (via link, RM assistance, or telecaller).

Input: UserId, AdminId, TokenKey, IsTeleCaller, IsDIY, ReturnUrl, FailureReturnUrl

Call SP: [DIY].[USP_REDIRECT_EKYC_REVAMP_EXP_SJET]

SP fetches user's current stage, personal details, application status

Returns DataTable with all fields needed to pre-populate the form at the user's current stage

6.2 REDIRECTTOPAGE Endpoint

Determines which page/stage the user should be sent to based on their progress.

Call SP: [DIY].[USP_GET_REDIRECTION_PAGENAME_SJET]

SP checks TBL_CLIENT_STAGEDETAILS for last completed stage

Returns page name + metadata for the next step in the journey

7. Stored Procedures — Login & Resume

Stored Procedure	Called From	Purpose	Key Tables
`RESUME_AUTHENTICATE_USER_OTP_PASS` CORE	AuthenticateLogin()	Core authentication. Validates OTP/password against stored credentials. Returns user details DataSet.	MOSL_SSO.tblUser TBL_DEDUPE_DATA_DUMP
`[DIY].[USP_Check_Direct_Offline_Client_EXP_SJET]`	AuthenticateLogin()	Checks if user is an existing offline client of a branch. If yes, blocks online journey.	Back-office client tables
`[DIY].[USP_GET_CLIENT_DETAILS_SJET]`	INIT endpoint	Fetches full client profile for session initialization	TBL_CLIENT_PERSONALDETAILS TBL_DEDUPE_DATA_DUMP
`[DIY].[USP_GET_EMAIL_DETAILS_SJET]`	GETEMAIL endpoint	Retrieves email address for authenticated user	TBL_CLIENT_PERSONALDETAILS
`[DIY].[USP_GET_MOBILE_DETAILS_SJET]`	GETMOBILE endpoint	Retrieves mobile number details	TBL_DEDUPE_DATA_DUMP
`[DIY].[USP_VALIDATE_UPDATE_OTP_MOBILE_SJET]`	GenerateOTP / Validate	Validates mobile OTP. Checks expiry and attempt counter. Updates on success/failure.	OTP tracking table
`[DIY].[USP_SEND_RESUME_EMAILOTP_SJET]`	GenerateEmailOTP()	Stores email OTP in DB, returns OTP details	Email OTP table
`[DIY].[USP_VALIDATE_UPDATE_OTP_EMAIL_SJET]`	ValidateOTPEmail()	Validates email OTP against stored value. Checks expiry and attempt limits.	Email OTP table
`[DIY].[USP_UPDATE_OTPEMAIL_STAGE_SJET]`	ValidateOTPEmail()	Updates email validation stage after successful OTP verification	TBL_CLIENT_STAGEDETAILS
`[DIY].[USP_GET_REDIRECTION_PAGENAME_SJET]`	AuthenticateLogin(), REDIRECTTOPAGE	Determines next page/stage based on user progress	TBL_CLIENT_STAGEDETAILS
`[DIY].[USP_REDIRECT_EKYC_REVAMP_EXP_SJET]`	RESUMEFORM	Fetches all user data for form resumption. Supports DIY and telecaller flows.	TBL_DEDUPE_DATA_DUMP TBL_CLIENT_PERSONALDETAILS TBL_OAO_DETAILS
`[DIY].[USP_GET_CLIENT_DETAILS_EXP_SJET]`	LoginRepository	Get expanded client details including all stage data	Multiple client tables
`[DIY].[USP_GET_APPSTATUS_SJET]`	LoginRepository	Get application status (active, dropped, completed, etc.)	TBL_OAO_DETAILS
`[DIY].[USP_GET_ISOTPVISIBLEFORCOMPAIGN_SJET]`	LoginRepository	Checks if OTP input should be visible for specific campaigns (some campaigns bypass OTP)	TBL_APPLICATIONCONFIG
`[DIY].[USP_INSERT_SMS_SEND_API_LOG_SJET]`	SendSMS()	Logs SMS send attempts for audit and debugging	SMS log table
`[DIY].[USP_RESTRICT_EMAIL_DOMAIN_SJET]`	GenerateEmailOTP()	Blocks restricted email domains (disposable email services, etc.)	Domain restriction table
`Usp_GetSuspiciousPhoneOrEMailId`	GenerateEmailOTP()	Checks if phone/email is flagged as suspicious	Suspicious list table
`[DIY].[USP_CHECK_NINTY_DAY_LOGIC_LSQ_SJET]`	ValidateOTPEmail()	90-day dormant lead check against DAD-to-Retail transfer table	Tbl_DAD_TO_RETAIL_TRANSFERRED_LEADS

8. Database Tables

Table	Used In	Purpose
`MOSL_SSO.dbo.tblUser`	AuthenticateLogin	SSO authentication — stores encrypted credentials
`TBL_DEDUPE_DATA_DUMP`	Multiple	Primary registration data. UserId lookup by mobile.
`TBL_CLIENT_STAGEDETAILS`	Redirection, Resume	Stage tracking — determines where user left off
`TBL_CLIENT_PERSONALDETAILS`	INIT, Resume	Client personal data (name, address, PAN, etc.)
`TBL_OAO_DETAILS`	Resume, App Status	Opportunity/application details
`TBL_LSQ_LEADID_STAGEDETAILS`	AuthenticateLogin	LSQ lead tracking
`Tbl_DAD_TO_RETAIL_TRANSFERRED_LEADS`	90-day check	DAD-to-Retail transfer tracking

9. External API Integrations

System	Purpose	When Called	Failure Handling
Netcore SMS (SOAP)	OTP delivery via `SingleMessageAsync`	GENERATEOTP	Logged to DB. Customer cannot proceed.
Netcore Email	Email OTP delivery via `sendMail_Netcore()`	GENERATEEMAILOTP	Logged. Customer retries.
CYBRIDGE	Real-time email deliverability validation	GENERATEEMAILOTP	Skip validation, proceed.
Karza	Email validation (secondary)	GENERATEEMAILOTP	Skip, proceed.
LeadSquare CRM	Create opportunity, activity log	AuthenticateLogin (DIRECT leads)	Async retry. Lead exists locally.
Zoho CRM	Create/update lead	AuthenticateLogin (Zoho leads)	Token refresh + retry.
SuperApp API	ClientCode generation, OtpKycDetails sync	ValidateOTPEmail (if ISSUPERAPP=1)	Non-blocking. Synced later.
Drishti	Push user data for account opening	PUSHDATAINDRISHTI	Logged. Retry.

10. BRD 3.0 Mapping & Gap Analysis

Key BRD Changes for Login/OTP Flow The BRD restructures login into Stage 2 (OTP Verification + Background Checks). The existing code's login flow maps partially but needs significant backend changes.

BRD 3.0 Requirement	Current Code	Gap
OTP stored in Redis only (TTL 5 min). Never written to DB.	OTP stored in database via `USP_VALIDATE_UPDATE_OTP_MOBILE_SJET`	HIGH — Migrate to Redis
Auto-submit on 4th digit (no Proceed button)	Backend accepts OTP validation request regardless	Backend OK — FE change only
5 wrong attempts → lead.state = DROPPED, DROP_OTP_LOCKED	Max attempt logic exists but different state codes	MEDIUM — Align codes
Max 3 resends in 30 min. 30-sec cooldown between resends.	Rate limiting exists but thresholds may differ	LOW — Config change
Background PAN checks (Zintlr, NSDL, CVL KRA) fire immediately after OTP verified	PAN check happens at a later stage, not immediately after OTP	HIGH — New parallel async pipeline
C-safe AML/PEP/SEBI check on PAN at Stage 2	`USP_GETCSAFEFLAG_SJET` exists but called later in journey	MEDIUM — Move earlier
KRA status stored as raw CVL code + derived internal status	KRA check exists but at PAN stage, not OTP stage	HIGH — Restructure timing
Resume: OTP sent to registered mobile → verified → return to last completed stage	`RESUMEFORM` + `USP_REDIRECT_EKYC_REVAMP_EXP_SJET` handles resume	LOW — Existing, enhance
JWT token with UserId, session claims	`GenerateEKYCToken()` already creates JWT with all needed claims	OK — Existing
Email OTP at Stage 3 (separate from mobile OTP)	`GENERATEEMAILOTP` + `VALIDATEOTPEMAIL` exist	LOW — Reuse with BRD alignment

Architecture Recommendation for EKYC 3.0 The BRD requires background PAN/KRA checks to fire immediately after OTP verification (Stage 2), running in parallel while the customer moves to Stage 3 (Email). This requires:
1. An async job/message queue (e.g., RabbitMQ, Azure Service Bus) triggered on OTP_VERIFIED
2. Workers calling Zintlr, Hyperverge, NSDL, CVL KRA, C-safe in parallel
3. Results stored on the lead record, consumed at Stage 4
4. The existing IBackgroundTaskQueue in the codebase could potentially be extended for this.

EKYC 3.0 — Login & Resume: Backend Developer Guide

Table of Contents

1. Overview

2. Existing API Endpoints

3. AuthenticateLogin Flow

Step-by-Step Backend Execution

4. OTP Generation & Validation (Mobile)

4.1 Generate Mobile OTP

4.2 Validate Mobile OTP

5. Email OTP Flow

5.1 Generate Email OTP

5.2 Validate Email OTP

6. Resume / Redirect Flow

6.1 RESUMEFORM Endpoint

6.2 REDIRECTTOPAGE Endpoint

7. Stored Procedures — Login & Resume

8. Database Tables

9. External API Integrations

10. BRD 3.0 Mapping & Gap Analysis