QR Code Generation

Before generating a session token with TOTP, it's essential to complete the TOTP setup by either scanning a QR code or manually entering a secret key in an authenticator app.

Initiate Process:

To begin, the following API endpoint can be called:

Request Parameters

ATTRIBUTE	DESCRIPTION
client_id	Unique identifier for the client.
app_name	The name of the application for which TOTP is being set up

Request

This API response includes both a QR code and a secret key.

Setting Up with an Authenticator App:

install an authenticator app (e.g., Google Authenticator, Microsoft Authenticator).

Option 1: Scan the QR Code

• The base64-encoded QR code can be converted into an image for display.

• Scanning the displayed QR code using an authenticator app (such as Google Authenticator or Microsoft Authenticator) initiates the TOTP setup. Once scanned, the TOTP generator will automatically start, and one-time passcodes (OTP) will be received right away

Option 2: Use the Secret Key

• Alternatively, the secret key provided by the API can be manually entered into the authenticator app. This key will facilitate the manual setup of the TOTP generator.

• After entering the secret key, the app will generate OTP codes, similar to the process following a QR code scan.

Response

After completing the setup through either method, the authenticator app will continuously generate time-based OTPs. When a session token is generated, these codes will be used for secure access. Both methods provide a secure outcome, allowing flexibility in the setup process.