/
Contact usSee pricingStart building
    Overview
    Installation
    Changelog

    Pre-built UI

    StytchLogin
      UI Configuration
      UI Callbacks
    StytchPasswordReset
    StytchPasskeyRegistration
    IdentityProviderBeta
      UI Configuration
      UI Callbacks

    Headless

    Users
      Get user
      Update user
      Delete authentication factors
    Email Magic Links
      Send
      Login or create
      Authenticate
    OAuth
      Start
      Google One Tap
      Authenticate
    Passwords
      Create
      Authenticate
      Reset by Email Start
      Reset by Email
      Reset by Existing Password
      Reset by Session
      Strength Check
    One-Time Passcodes (OTP)
      Login or create via SMS
      Send via SMS
      Login or create via Email
      Send via Email
      Login or create via WhatsApp
      Send via WhatsApp
      Authenticate
    Time-Based One-Time Passcodes (TOTP)
      Create
      Authenticate
      Get Recovery Codes
      Recover
    Session Management
      Get Session
      Authenticate Session
      Revoke Session
      Update Session
      Get Tokens
    Passkeys & WebAuthn
      Register
      Authenticate
      Update
      Browser supports autofill
    Crypto Wallets
      Authenticate
      Authenticate Start
    Impersonation
      Authenticate

    More Resources

    Cookies & session management
    SWR & caching
    TypeScript
    User privacy measures
    Multi-factor authentication
    Next.js
    CAPTCHA
Get support on SlackVisit our developer forum

Contact us

Consumer Authentication

/

Frontend SDKs

/

Headless

/

Time-Based One-Time Passcodes (TOTP)

/

Create

Create

Wraps Stytch's Create endpoint. Call this method to create a new TOTP instance for a user. The user can use the authenticator application of their choice to scan the QR code or enter the secret.

You can listen for successful user updates anywhere in the codebase with the stytch.user.onChange() method or useStytchUser() hook if you are using React.

Note: If a user has enrolled another MFA method, this method will require MFA. See the Multi-factor Authentication section for more details.

Method parameters

expiration_minutes int

Response fields

request_id string
status_code int
secret Secret
totp_id string
qr_code string
recovery_codes array[strings]
user_id string
user object
import { useCallback } from 'react';
import { useStytch } from '@stytch/react';

export const Login = () => {
  const stytch = useStytch();

  const trigger = useCallback(() => {
    stytch.totps.create({ expiration_minutes: 60 });
  }, [stytch]);

  return <button onClick={trigger}>Create TOTP</button>;
};
RESPONSE
200
​
{
    "status_code": 200,
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "secret": "BTGNX5RKJRMQWQFRQKTG34JCF6XDRHZS",
    "totp_id": "totp-test-41920359-8bbb-4fe8-8fa3-aaa83f35f02c",
    "qr_code": "data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAMgAAADIEAAAAADYoy0BAAAG8ElEQVR...8EAAD//7dQP/5Y00bRAAAAAElFTkSuQmCC",
    "recovery_codes": [
      "ckss-2skx-ebow",
      "spbc-424h-usy0",
      "hi08-n5tk-lns5",
      "1n6i-l5na-8axe",
      "aduj-eufq-w6yy",
      "i4l3-dxyt-urmx",
      "ayyi-utb0-gj0s",
      "lz0m-02bi-psbx",
      "l2qm-zrk1-8ujs",
      "c2qd-k7m4-ifmc"
    ],
    "user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
    "user": {...},
  }