Developer Resources

API by Reference > Notification Services > Out of Band Validate > Developer Resources

Details

SoapAction	http://jackhenry.com/ws/OOBValidate
Input Name	OOBValidate
Output Name	OOBValidateResponse
Input Namespace	http://jackhenry.com/jxchange/TPG/2008
Group Name	IMS
Container	TPG_IMSMaster.xsd

Out of Band Validate Errors

ERROR CODE	MESSAGE
2001	The message request header is required.
2002	The audit workstation ID is required.
2003	The consumer product is required.
2005	Value does not match defined list of enumerations.
2016	The institution routing identifier is required.
2021	The audit user ID is required.
2205	The unique identifier is required.
2401	The valid consumer name is required.
2505	Access was denied. This error can be triggered by multiple events: {{ < line-break > }} InstRtId in Header does not match InstRtId in Body {{ < line-break > }} Invalid ValidConsmName {{ < line-break > }} Invalid ValidConsmProd ValidConsmProd does not match ConsumerProd in the Body {{ < line-break > }} Invalid InstRtId for ENS
2700	The business correlation ID is required.
3103	This field is required and cannot be null.
3121	The specified alert name is not valid for the applicable publisher {{ < line-break > }} library for the institution.
3124	PubVer not valid for this institution/publisher combination.
3126	The specified institution has no deployed publisher libraries for the {{ < line-break > }} specified publisher.
3147	The mobile number must be 10 digits in length.
3154	Either AlrtName or PhoneNum is required.
3155	Out of band validation is not enabled for this publisher.
3156	SMS text may not have both OTP and OTPA tags.
3157	SMS text cannot contain any ENS tags besides OTP tags.
3158	No verification value could be determined for two-way OOB {{ < line-break > }} validation (OTP or VerifVal).
3160	OOBValidate expiration seconds is outside of allowed range 15 1800.

XML Examples

Explicit One Way Request

XML

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
      xmlns:xsd="http://www.w3.org/2001/XMLSchema"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <SOAP-ENV:Header>
      </SOAP-ENV:Header>
      <SOAP-ENV:Body>
        <OOBValidate xmlns="http://jackhenry.com/jxchange/TPG/2008">
          <MsgRqHdr>
            <jXchangeHdr>
              <JxVer>2016.1.01</JxVer>
              <AuditUsrId></AuditUsrId>
              <AuditWsId></AuditWsId>
              <ConsumerName>{Insert}</ConsumerName>
              <ConsumerProd>{Insert}</ConsumerProd>
              <jXLogTrackingId>{Insert}</jXLogTrackingId>
              <InstRtId>003003003</InstRtId>
              <InstEnv>PROD</InstEnv>
              <ValidConsmName>{Insert}</ValidConsmName>
              <ValidConsmProd>{Insert}</ValidConsmProd>
            </jXchangeHdr>
          </MsgRqHdr>
          <InstRtId>003003003</InstRtId>
          <ConsumerProd>{Insert}</ConsumerProd>
          <PhoneNum>5555555555</PhoneNum>
          <OOBModeType>OneWay</OOBModeType>
        </OOBValidate>
      </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>

Explicit One Way Response

XML

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
      xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <s:Header>
        <o:Security s:mustUnderstand="1"
          xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
          <u:Timestamp u:Id="_0">
            <u:Created>2021-02-12T16:01:45.287Z</u:Created>
            <u:Expires>2021-02-12T16:06:45.287Z</u:Expires>
          </u:Timestamp>
        </o:Security>
      </s:Header>
      <s:Body>
        <OOBValidateResponse xmlns="http://jackhenry.com/jxchange/TPG/2008">
          <MsgRsHdr>
            <jXchangeHdr>
              <JxVer>R2017.4</JxVer>
              <AuditUsrId></AuditUsrId>
              <AuditWsId></AuditWsId>
              <ConsumerName></ConsumerName>
              <ConsumerProd></ConsumerProd>
              <Ver_1>
              </Ver_1>
              <jXLogTrackingId>JX-[GUID_9185728e-306d-4e99-9985-e64d0856bfc5]</jXLogTrackingId>
              <Ver_2>
              </Ver_2>
              <InstRtId>003003003</InstRtId>
              <InstEnv>PROD</InstEnv>
              <Ver_3>
              </Ver_3>
              <BusCorrelId>60c8d53b-dfc8-4b3d-8781-5af0f3b36c24</BusCorrelId>
              <Ver_4>
              </Ver_4>
              <Ver_5>
              </Ver_5>
              <ValidConsmName></ValidConsmName>
              <ValidConsmProd></ValidConsmProd>
            </jXchangeHdr>
          </MsgRsHdr>
          <AlrtPkgId>f1f453fd-85da-4b47-a34e-8ed93c3a54d6</AlrtPkgId>
          <OTP>318435</OTP>
          <RsStat>Success</RsStat>
          <Custom xsi:nil="true"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          </Custom>
        </OOBValidateResponse>
      </s:Body>
    </s:Envelope>

OOBValidate Use Case Examples

OOBValidate FAQs

Two-way Validation

Question: If we don’t include an OOB session expiration time, will it use the default session expiration of 5 mins?

Answer: Correct, it will use the default system configured setting, which is configured as 1,800 seconds (or 5 minutes).

Question: I’m assuming FIs cannot configure the OOB authentication parameters since they are within System Settings. Is the default session expiration ever changed (that you know of)?

Answer: Correct, FI’s cannot control the OOB parameters. I don’t think that value changes much, but you know what they say…”Never say never”…I don’t anticipate a change, but if there were a legitimate business or audit/security reason, it certainly could change.

Question: The recipient can attempt to enter the OTP until the OOB session expires?

Answer: False, if they enter the incorrect verification code, OOB fails and a new OOB session must be started. You will get a 90040 event for “OOB Verification failed” on an invalid pass code.

Question: We’ll get a 90040 event when either the session expires or the validation is successful?

Answer: You should receive one of these three responses on the 90040, but not all three: Failed, Success, or Expired.

Recipient Subscription

Question: Can use the system default messages?

Answer: You are allowed to use the system default message along with a recipient. You would define the ConsmRecipId, but not the AlrtName.

General Questions

Question: For explicit use (no recipient), we have to either send the full SMS text or use a system default message? Or can we do a hybrid where we send/use an alert with only the SMS number? I think the documentation may assume you are fully explicit or fully recipient/subscription based.

Answer: Correct on the first question. You will not be able to use an alert in your ENS publisher library unless you are sending it to a recipient that has been subscribed to the alert. It is fully recipient/subscription or explicit, it cannot be a combination of both.

Question: The system default message bodies can only use otp, not otpa (alphanumeric option)?

Answer: Correct

Flowcharts

OOBValidate Process Send One-Way, ExplicitMessage Flowchart

Click image to view on different tab

OOBValidate Process SendOne-Way, Published Notification Flowchart

Click image to view on different tab

OOBValidateProcessSendTwo-Way,ExplicitMessage_Flowchart

Click image to view on different tab

OOBValidateProcessSendTwo-Way,PublishedNotification_Flowchart

Click image to view on different tab

Have a Question?

Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Developer Office Hours where we answer technical Q&A from the audience.

Please ignore this field

Did this page help you?

Last updated Wed Mar 4 2026