Ad
Verify a code
otpauth:// URL (for QR code)
Common use cases
- Test 2FA flows during development
- Generate TOTP codes from a secret without an authenticator app
- Verify a code your user submitted
- Build the otpauth URL to share via QR
Frequently asked questions
Is the secret stored?
No. The secret is sent to the server only to compute the current code, then discarded. We don't log it.
Is this compatible with Google Authenticator / Authy / 1Password?
Yes — uses RFC 6238 with SHA-1, 30-second window, 6-digit codes. The otpauth:// URL works with any TOTP app.
What if the code doesn't verify?
Check that your secret is base32 (only A-Z and 2-7) and that your system clock is accurate. TOTP relies on time sync.