#otp

Disposable / temporary email as an API — no key, no signup. Spin up a throwaway mailbox in one call (you get back the address plus a token), then receive real inbound email and read it: list the inbox, open any message with its full HTML and plain-text body and attachments, mark messages seen, delete a single message, or delete the whole mailbox when done. List the available mailbox domains and look up account details (quota, usage). Perfect for sign-up flows, OTP / verification-code capture, QA and end-to-end test automation, and throwaway registrations. Inbox endpoints use a per-mailbox token returned by /v1/account/new (pass it as ?token= or an Authorization: Bearer header). Every call is live (no cache). 9 endpoints, backed by the public mail.tm service. Mailboxes are ephemeral. No upstream key, no cache.

api.oanor.com/tempmail-api

Add and test two-factor authentication without wrangling a crypto library. Generate a fresh base32 secret with a ready-to-scan otpauth URI, compute the current time-based one-time code (RFC 6238), verify a code submitted by a user with an adjustable drift window, or build an otpauth:// URI for any secret. Supports SHA-1, SHA-256 and SHA-512, 6 to 8 digits and a custom period, and is fully compatible with Google Authenticator, Authy, 1Password and other authenticator apps. Pure server-side computation with no third-party upstream, so responses are instant and the service is always available. Ideal for adding 2FA to apps, authentication tooling, QA and testing, and no-code automation.

api.oanor.com/totp-api