Beeceptor

TOTP Generator

Automate the Two-Factor Authentication (2FA) with ease

Replace the Google Authenticator with this 2FA-TOTP generator. Upload a screenshot of your application containing a QR code and instantly generate the current time-based OTP.

How it works?
  1. Upload a screenshot of your application where you see the QR code for 2FA setup.
  2. Beeceptor will analyze the image and extract the secret from the QR code.
  3. The Time-based One-Time Password (TOTP) will be generated and displayed here along with a unique link.

tick
Take Screenshot

Log in to your application and open the 2FA setup screen. Take a screenshot of the QR code.

tick
Upload Here

Upload the screenshot containing the QR code in the above form and submit.

tick
Copy TOTP

Use the generated OTP to complete the 2FA setup. Bookmark the link to generate OTPs for future logins.

Effortless 2FA Code Generation via API

Programmatically generate 2FA codes with the following APIs. This is ideal for development and testing workflows. Beeceptor stores your secrets and assigns a unique ID for 2FA code retrieval, valid for up to 90 days.

tickSetup the secret

You can generate time-based one-time passwords (TOTPs) for a given. Simply provide the issuer name and secret key in a JSON payload. On success, the API returns the generated OTP and a unique identifier.

POST https://tools.beeceptor.com/2FA/TOTP/

Content-Type: application/json

Request Payload:
{
  "issuer": "your-app.com",
  "secret": "2OLRLATN3OQZOCPA",
  "algorithm":"SHA256"
}

Response Payload: 
{
  "id": "e2cb7165-55a5-44ce-8f7d-c4ff093bcd39",
  "otp": "002881",
  "expiresAt": "2024-05-15T02:46:30.000Z"
}

tickRetrieve 2FA code

Use the generated identifier with this API to generate future 2FA codes using the pre-stored secret. Please note that any unused codes will be automatically purged 90 days after their last usage.

GET https://tools.beeceptor.com/2FA/TOTP/{id}

Content-Type: application/json

Request Payload:
{empty}

Response Payload: 
{
  "id": "e2cb7165-55a5-44ce-8f7d-c4ff093bcd39",
  "otp": "002881",
  "expiresAt": "2024-05-15T02:46:30.000Z"
}

Example: 

GET https://tools.beeceptor.com/2FA/TOTP/e2cb7165-55a5-44ce-8f7d-c4ff093bcd39
The APIs are rate-limited per IP address per minute, and fair usage is expected from the community. For higher usage requirements with paid plans, please contact our support team.

Why Choose Beeceptor?

Experience the power of automated 2FA with Beeceptor's 2FA Code Generator.

Ease of Use

No user registration and no API keys required. These APIs are built for the community, making it easy to get started. Get started now with this Postman collection.

Comprehensive Coverage

Beeceptor supports JSON payloads and QR code uploads, providing comprehensive coverage for your integration needs. These APIs are CORS-enabled for any origin, ensuring smooth integration with your automation suite.

Secure

Beeceptor automatically purges any unused secrets after 90 days and uses HTTPs to keep your data secure during transmission.

Frequently Asked Questions

What is Two-Factor Authentication (2FA)?
Two-Factor Authentication (2FA) is a security process that requires two distinct forms of identification before granting access to an account or system. It is crucial because it adds an extra layer of security, making it significantly harder for unauthorized users to gain access even if they have one of the credentials.

What security protocols does Beeceptor employ?
Beeceptor encrypts data both at rest and during transmission. It adheres to SOC2 Type II controls. Instead of linking secrets to specific users, Beeceptor assigns each a unique ID for future 2FA code retrieval. Moreover, IP-based rate limiting is implemented to thwart brute force attacks. TOTP secrets stored at Beeceptor are purged if not used for 90 days.

How does Time-Based One-Time Password (TOTP) work as a form of 2FA?
TOTP is a form of 2FA that generates a temporary passcode, which changes at a set interval, typically every 30 seconds. The dynamic nature of TOTP makes it a robust security measure against replay attacks. This tool currently supports generation of TOTP codes.

What are the main differences between TOTP and other forms of 2FA, such as SMS-based verification?
Besides TOTP, other 2FA methods include HOTP, and OTPs via SMS and email. TOTP codes are generated offline and are more secure, as they don't rely on cellular networks like SMS, which can be intercepted more easily.

What are best practices for implementing TOTP in an application?
When implementing TOTP, it's essential to use libraries aligned with RFC 6238 standard, maintain precise time synchronization, and securely store secrets. Additionally, implementing backup recovery options is recommended to help users regain access if they lose their TOTP generator.

Why are QR codes used in setting up 2FA/TOTP?
QR codes are used in the setup process of TOTP to simplify the transfer of secret keys. When setting up a TOTP-based 2FA, the server generates a secret key, which is encoded into a QR code. Users then scan this QR code with a TOTP-generating app on their mobile device, which stores the secret and starts generating OTPs.

What devices can generate TOTPs?
TOTPs can be generated on smartphones and tablets using apps like Google Authenticator, Authy, and Microsoft Authenticator. Hardware security tokens like YubiKey are also capable of generating TOTPs. For software development, testing, and automation, Beeceptor offers a practical alternative.