# Session Token with TOTP (Time-Based One-Time Password)

This API endpoint allows users to authenticate using TOTP (Time-based One-Time Password). Upon successful validation, it generates a **secure session token** that permits access to the Open API for a specified period.

**Endpoint**

{% code title="Base URL" overflow="wrap" fullWidth="false" %}

```
https://oapi-cug.torusdigital.com/api/v1/session/totp/generate
```

{% endcode %}

#### Header Parameters <a href="#header-parameters" id="header-parameters"></a>

| Name         | Value              |
| ------------ | ------------------ |
| Content-Type | `application/json` |

#### Request Parameters <a href="#header-parameters" id="header-parameters"></a>

<table><thead><tr><th width="163">ATTRIBUTE</th><th>DESCRIPTION</th></tr></thead><tbody><tr><td>API_KEY</td><td>The apiKey generated during Merchant Onboarding step for the specific merchant</td></tr><tr><td>TOTP</td><td><p></p><p>The one-time password generated by the authenticator app for this session. This code is time-sensitive and changes periodically.</p></td></tr></tbody></table>

#### **Request**

{% tabs %}
{% tab title="curl" %}
{% code title="cURL" overflow="wrap" fullWidth="true" %}

```javascript
curl --location 'https://oapi-cug.torusdigital.com/api/v1/session/totp/generate' \
--header 'Content-Type: application/json' \
--data '{
    "API_KEY": "<API_KEY>",
    "TOTP": "<TOTP>"
}'
```

{% endcode %}
{% endtab %}

{% tab title="Java" %}
{% code title="Java-Unirest" fullWidth="false" %}

```java
Unirest.setTimeouts(0, 0);
HttpResponse<String> response = Unirest.post("https://oapi-cug.torusdigital.com/api/v1/session/totp/generate")
  .header("Content-Type", "application/json")
  .body("{\n" +
        "    \"API_KEY\": \"<API_KEY>\",\n" +
        "    \"TOTP\": \"<TOTP>\",\n" +
        "}")
  .asString();
```

{% endcode %}
{% endtab %}

{% tab title="Go" %}
{% code title="Go-Native" overflow="wrap" fullWidth="false" %}

```go
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io/ioutil"
)

func main() {
  url := "https://oapi-cug.torusdigital.com/api/v1/session/totp/generate"
  method := "POST"

  payload := strings.NewReader(`{
    "API_KEY": "<API_KEY>",
    "TOTP": "<TOTP>"
  }`)

  client := &http.Client{}
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := ioutil.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
```

{% endcode %}
{% endtab %}

{% tab title="JavaScript" %}
{% code title="JavaScript-JQuery" overflow="wrap" %}

```javascript
var settings = {
  "url": "https://oapi-cug.torusdigital.com/api/v1/session/totp/generate",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json"
  },
  "data": JSON.stringify({
    "API_KEY": "<API_KEY>",
    "TOTP": "<TOTP>"
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
```

{% endcode %}
{% endtab %}
{% endtabs %}

On successful TOTP validation, the API responds with a **session token** that allows users to access the Open API:

**Response**

{% tabs %}
{% tab title="200" %}
{% code overflow="wrap" fullWidth="false" %}

```json
{
    "AccessToken": "<AccessToken>",
}
```

{% endcode %}
{% endtab %}
{% endtabs %}