# TOTP Authentication

* **QR Code Generation**:
  * A QR code is generated and scanned by an authenticator app to set up TOTP.
  * Alternatively, the secret key provided by the API can be manually entered into the authenticator app. This key will facilitate the manual setup of the TOTP generator.
* **TOTP Setup**: The process begins with setting up Two-Factor Authentication (TOTP). This ensures added security for API access.
* **TOTP Validation and Session Token Generation**: Once TOTP is set up, the user provides a TOTP code to generate a session token for accessing the Open API. Every time the user wants to access the API, they will use the OTP from their authenticator app to generate a secure session token.