QR Code Generation
Before generating a session token with TOTP, it's essential to complete the TOTP setup by either scanning a QR code or manually entering a secret key in an authenticator app.
Initiate Process:
To begin, the following API endpoint can be called:
Request Parameters
client_id
Unique identifier for the client.
app_name
The name of the application for which TOTP is being set up
Request
This API response includes both a QR code and a secret key.
Setting Up with an Authenticator App:
install an authenticator app (e.g., Google Authenticator, Microsoft Authenticator).
Option 1: Scan the QR Code
The base64-encoded QR code can be converted into an image for display.
Scanning the displayed QR code using an authenticator app (such as Google Authenticator or Microsoft Authenticator) initiates the TOTP setup. Once scanned, the TOTP generator will automatically start, and one-time passcodes (OTP) will be received right away
Option 2: Use the Secret Key
Alternatively, the secret key provided by the API can be manually entered into the authenticator app. This key will facilitate the manual setup of the TOTP generator.
After entering the secret key, the app will generate OTP codes, similar to the process following a QR code scan.
Response
After completing the setup through either method, the authenticator app will continuously generate time-based OTPs. When a session token is generated, these codes will be used for secure access. Both methods provide a secure outcome, allowing flexibility in the setup process.
Last updated