OTPForge

This API provides One-Time Passwords (OTP) using both TOTP (time-based) and HOTP (counter-based) methods. You can use it in your authentication systems, apps, or for testing purposes. The API is rate-limited to 60 requests per minute per IP.

Endpoint: POST /get-otp

Content-Type: application/json

Request Format: send all parameters in one JSON block like this:

{
  "key": "JBSWY3DPEHPK3PXP",    // must, Base32 secret key
  "type": "time",                // "time" for TOTP, "counter" for HOTP
  "username": "alice",           // optional, used for HOTP counter tracking
  "counter": 0                   // optional, for HOTP testing, server auto-increments
}

All fields can be sent together or only the required ones. If key is omitted, a new one will be generated automatically.

TOTP generates a one-time password based on the current time. OTPs are valid for 30 seconds.

• Use the same key in authenticator apps like Google Authenticator or Authy.
• Field remaining_seconds shows how many seconds before the OTP changes.

{
  "status": "ok",
  "type": "time",
  "username": "alice",
  "key": "JBSWY3DPEHPK3PXP",
  "otp": "492039",
  "remaining_seconds": 18
}

HOTP generates OTPs using a counter. Each request increments the counter, ensuring OTPs are unique.

• Never reuse the same counter.
• Field counter_used shows which counter generated the OTP.
• Field next_counter indicates the next valid counter value.

{
  "status": "ok",
  "type": "counter",
  "username": "bob",
  "key": "JBSWY3DPEHPK3PXP",
  "otp": "583927",
  "counter_used": 0,
  "next_counter": 1
}

Get OTP