Current TOTP code
API · /totp-api
TOTP / 2FA API
healthy
3,707 Subscribers
Add and test two-factor authentication without wrangling a crypto library. Generate a fresh base32 secret with a ready-to-scan otpauth URI, compute the current time-based one-time code (RFC 6238), verify a code submitted by a user with an adjustable drift window, or build an otpauth:// URI for any secret. Supports SHA-1, SHA-256 and SHA-512, 6 to 8 digits and a custom period, and is fully compatible with Google Authenticator, Authy, 1Password and other authenticator apps. Pure server-side computation with no third-party upstream, so responses are instant and the service is always available. Ideal for adding 2FA to apps, authentication tooling, QA and testing, and no-code automation.
api.oanor.com/totp-api
API health
healthy- Uptime
- 100.00%
- Server probes · 24h
- Avg latency
- 78 ms
- Server probes · 24h
- Subscribers
- 3,707
- active
- Total calls
- 76
- last 7 days
Pricing
Pick a tier — billed monthly, cancel anytime.
Free
Free
- 1,500 calls / month
- 3 requests / second
- Hard cap (429 above quota, no overage)
- 1,500 requests/month, 3 req/s
- Secret, code, verify & otpauth URI
- RFC 6238, Authenticator-compatible
- No credit card
Basic
€5.00 /month
- 30,000 calls / month
- 10 requests / second
- Hard cap (429 above quota, no overage)
- 30,000 requests/month, 10 req/s
- SHA1/256/512, 6-8 digits
- Adjustable drift window
- Commercial use, email support
Pro
€17.00 /month
- 250,000 calls / month
- 30 requests / second
- Hard cap (429 above quota, no overage)
- 250,000 requests/month, 30 req/s
- High-volume verification
- Custom period & issuer
- Priority email support
Mega
€46.00 /month
- 1,500,000 calls / month
- 80 requests / second
- Hard cap (429 above quota, no overage)
- 1,500,000 requests/month, 80 req/s
- Auth-platform scale
- Maximum concurrency
- Priority support
Built by
Related APIs
Other APIs with overlapping tags.
Temp Mail API
Disposable / temporary email as an API — no key, no signup. Spin up a throwaway mailbox in one call (you get back the address plus a token), then receive real inbound email and read it: list the inbox, open any message with its full HTML and plain-text body and attachments, mark messages seen, delete a single message, or delete the whole mailbox when done. List the available mailbox domains and look up account details (quota, usage). Perfect for sign-up flows, OTP / verification-code capture, QA and end-to-end test automation, and throwaway registrations. Inbox endpoints use a per-mailbox token returned by /v1/account/new (pass it as ?token= or an Authorization: Bearer header). Every call is live (no cache). 9 endpoints, backed by the public mail.tm service. Mailboxes are ephemeral. No upstream key, no cache.
api.oanor.com/tempmail-api
Bcrypt API
Hash and verify passwords with bcrypt, server-side. Generate a salted bcrypt hash at a cost factor you choose (4–14), check a plaintext password against an existing hash, or inspect a hash to read its bcrypt version, cost factor and salt. Fully compatible with bcrypt hashes from PHP ($2y$), Node, Python and others, so you can verify and migrate existing credentials. Pure server-side computation with no third-party upstream, so it is always available — and it offloads the deliberately CPU-intensive hashing work from your own servers. Ideal for adding password authentication, credential migration, auth tooling, testing and no-code backends.
api.oanor.com/bcrypt-api
JWT API
A fast, fully-local JSON Web Token toolkit: sign a JSON payload into a JWT, verify a token signature together with its exp and nbf claims using a constant-time comparison, and decode a token header and payload without verifying. Supports the HMAC algorithms HS256, HS384 and HS512, automatically adds the iat claim and an exp claim from expires_in. Built on Node crypto and secrets are never logged, so responses are instant, private and always available. Every endpoint accepts input via the query string or the request body. Ideal for authentication, API gateways, session and token tooling, microservices and webhooks.
api.oanor.com/jwt-api
Shentu API
Live on-chain data for Shentu (chain id shentu-2.2) — the security-focused Cosmos-SDK Layer-1 of the CertiK ecosystem, whose native token is CTK — served directly from public LCD/REST nodes with multi-node failover. The status endpoint returns the latest block height and time, chain id, the staking bond denom and the current minting inflation rate. The validators endpoint lists the active bonded validator set ranked by stake, each with its moniker, operator address, self-plus-delegated CTK, commission rate and jailed flag. The supply endpoint returns the total CTK supply, the amount bonded in staking and the resulting bonded ratio. The governance endpoint returns the most recent on-chain proposals with their id, title, status and voting window. Token amounts are converted from base micro-CTK (6 decimals) into whole CTK, and every figure is read live from the chain — nothing bundled or modelled — behind a short server-side cache with keep-warm so the feed stays fast and fresh. Ideal for staking dashboards, validator and delegator tooling, explorers, governance trackers and portfolio or analytics apps across the Cosmos and security-infrastructure ecosystem. Live keyless upstream. 5 endpoints.
api.oanor.com/shentu-api
Frequently asked questions
Quick answers about pricing, quotas, and integration.
How do I get an API key for TOTP / 2FA API?
Sign up for free at oanor.com, generate an API key from the developer dashboard, and call TOTP / 2FA API with the x-oanor-key header. No credit card needed for the free tier.
What's the rate limit for TOTP / 2FA API?
Free tier allows 1 request per second. Paid plans scale up to 50 requests per second on the Mega tier. Hard limits return HTTP 429 above the quota — no surprise overage charges.
How much does TOTP / 2FA API cost?
TOTP / 2FA API has a free tier with 100 calls / month. Paid plans start at €5.00 / month with higher quotas and faster rate limits.
Can I cancel my subscription anytime?
Yes. Plans are billed monthly and you can cancel anytime from your billing dashboard. No long-term contracts and no cancellation fee.
Is TOTP / 2FA API GDPR-compliant?
All requests to TOTP / 2FA API go through our EU-based gateway. Your upstream API key never leaves our server and no personal data is shared with the upstream provider beyond the request you send.
Pick an endpoint from the list on the left to see its details and try it.
Code snippets
Sign up to get an API key, then call any path under your slug.
curl https://api.oanor.com/totp-api/SOME_PATH \
-H "x-oanor-key: oanor_test_..."const res = await fetch("https://api.oanor.com/totp-api/SOME_PATH", {
headers: { "x-oanor-key": "oanor_test_..." }
});
const data = await res.json();$ch = curl_init("https://api.oanor.com/totp-api/SOME_PATH");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, ["x-oanor-key: oanor_test_..."]);
$response = curl_exec($ch);import requests
r = requests.get(
"https://api.oanor.com/totp-api/SOME_PATH",
headers={"x-oanor-key": "oanor_test_..."},
)
print(r.json())Ratings
Sign in to rate.
No reviews yet.
Discussion
Ask questions, share usage tips, get answers from the provider and other developers. Public — anyone can read.
Sign in to start a thread or reply.
Sign inNew thread
📌 Pinned
🔒 Locked
·
·
·
-
Provider answer
🔒 This thread is locked — no new replies.
-
·
- No threads yet — start the discussion.
Support
Private 1:1 support with the provider — billing questions, integration issues, account problems. Only you and the provider team can see these threads.
Sign in to open a support ticket.
Sign inOpen new ticket
Describe what you need help with. The provider team gets an email and replies on the ticket page.
-
·
Urgent - No tickets yet for this API.