Skip to main content
Time-based one-time passcodes (TOTP) add a second factor by requiring users to enter a short-lived code from an authenticator app. This is ideal for high-risk actions like money movement or account changes where you want stronger assurance than SMS alone.

How TOTP works

  1. Your app enrolls the user and displays a QR code.
  2. The user scans it with an authenticator app (like Google Authenticator or Authy).
  3. The app generates a time-based code every ~30 seconds, which your backend verifies.

Next steps

API integration

Create, enroll, and authenticate TOTPs from your backend.