You can use OTP Rules for API Save Requests.
When saving via APIs, OTP validation is required if the criteria match your configured OTP rule. In such cases, you must send the OTP value and the API request. Follow the below steps to send the OTP value with the API save request.
The accepted OTP format in APIs is OTPRULES_OTP_(rule id) or OTPRULES_OTP_(sanitized rule name), where all non-alphanumeric characters are removed from the rule name. For example, if the rule name is Test Rule 1 & Test 2 @ XYZ, it becomes TestRule1Test2XYZ.
You can include The OTP value in both request data and headers:
Note: This is case insensitive, meaning the characters can be in upper case, lower case, or the same case as the name. Headers sent with underscores will be converted to hyphens server-side.
Points to remember: