Time-based one-time passcodes (TOTP) add a second factor by requiring users to enter a short-lived code from an authenticator app. This is ideal for high-risk actions like money movement or account changes where you want stronger assurance than SMS alone.Documentation Index
Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
How TOTP works
- Your app enrolls the user and displays a QR code.
- The user scans it with an authenticator app (like Google Authenticator or Authy).
- The app generates a time-based code every ~30 seconds, which your backend verifies.
Next steps
API integration
Create, enroll, and authenticate TOTPs from your backend.