diff --git a/docs/Next-Step-Server-REST-API-Reference.md b/docs/Next-Step-Server-REST-API-Reference.md
index 3d3806916..bcaed23cc 100644
--- a/docs/Next-Step-Server-REST-API-Reference.md
+++ b/docs/Next-Step-Server-REST-API-Reference.md
@@ -8837,6 +8837,8 @@ The list of expected status codes:
 }
 ```
 
+**The `credentialName` parameter is optional and should not be used or it has to be the same as used for OTP generation.**
+
 #### Response 200
 
 - Headers:
diff --git a/powerauth-nextstep-model/src/main/java/io/getlime/security/powerauth/lib/nextstep/model/request/CombinedAuthenticationRequest.java b/powerauth-nextstep-model/src/main/java/io/getlime/security/powerauth/lib/nextstep/model/request/CombinedAuthenticationRequest.java
index 6cd478b20..db4348624 100644
--- a/powerauth-nextstep-model/src/main/java/io/getlime/security/powerauth/lib/nextstep/model/request/CombinedAuthenticationRequest.java
+++ b/powerauth-nextstep-model/src/main/java/io/getlime/security/powerauth/lib/nextstep/model/request/CombinedAuthenticationRequest.java
@@ -34,7 +34,6 @@
 @Data
 public class CombinedAuthenticationRequest {
 
-    @NotBlank
     @Size(min = 2, max = 256)
     private String credentialName;
     @NotBlank
diff --git a/powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/service/AuthenticationService.java b/powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/service/AuthenticationService.java
index 49fb6bed0..665556362 100644
--- a/powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/service/AuthenticationService.java
+++ b/powerauth-nextstep/src/main/java/io/getlime/security/powerauth/app/nextstep/service/AuthenticationService.java
@@ -551,6 +551,10 @@ public CombinedAuthenticationResponse authenticateCombined(CombinedAuthenticatio
         final IdGeneratorService idGeneratorService = serviceCatalogue.getIdGeneratorService();
 
         final OtpEntity otp = otpService.findOtp(request.getOtpId(), request.getOperationId());
+        if (!request.getCredentialName().equals(otp.getCredentialDefinition().getName())) {
+            throw new InvalidRequestException("Mismatched credentialName for OTP: " + otp.getOtpId() + "'. The credentialName must match the one used for OTP generation.");
+        }
+
         if (otp.getOtpDefinition().isDataAdapterProxyEnabled()) {
             logger.info("Combined authentication proxied through Data Adapter, OTP ID: {}", request.getOtpId());
             return authenticateCombinedCustom(otp.getCredentialDefinition(), otp.getOtpId(), request.getOtpValue(), request.getCredentialValue(), otp.getOperation().getOperationId(), otp.getUserId(), request.getAuthMethod());