Add a TOTP seed
TOTP support lets OTPBase host your rolling 2FA codes itself, alongside the codes forwarded from SMS. You add a seed once, and OTPBase generates the time-based code for you on /totp.
What TOTP means here
A TOTP seed is the secret behind an authenticator app's rolling 6-digit code. Hand OTPBase the seed and it becomes a self-hosted source: the code refreshes on a fixed period, and you read it on the same page as everything else.
Add a single seed
-
Open
/totp/add. -
Paste an
otpauth://URI, for example:otpauth://totp/Acme:you@example.com?secret=JBSWY3DPEHPK3PXP&issuer=AcmeThe
secretis the seed (Base32). The label andissuerbecome the name shown on/totp. -
Save it. The rolling code appears on
/totpimmediately.
Bulk-import from Google Authenticator
Google Authenticator can export all of its accounts at once as a single migration string, which OTPBase imports in bulk.
- In the Google Authenticator app, tap the menu and choose Transfer accounts → Export.
- Select the accounts and continue. The app produces an
otpauth-migration://offline?data=...string, shown as a QR code. - Capture that string (scan the QR with any reader to reveal the text) and paste it into
/totp/add. OTPBase decodes every account in the export and adds them together.
Supported parameters
OTPBase handles the standard TOTP range:
| Parameter | Supported values |
|---|---|
| Algorithm | SHA1, SHA256, SHA512 |
| Digits | 6 or 8 |
| Period | 15–120 seconds |
Most seeds use SHA1, 6 digits, and a 30-second period — the defaults that come through in a typical otpauth:// URI.
Security
Seeds are encrypted at rest with AES-256-GCM. The secret never appears in plaintext on /totp; only the current rolling code does.
Viewing your codes
Open /totp to see every seed and its current code. The page updates every second so the code is always live, and you can click a code to copy it.