Getting started
OTPBase is a relay for one-time verification codes. Sources push codes in, the codes land on one page, and a read-only token lets your scripts pull the latest one back out.
The three moving parts
OTPBase sits in the middle of three things:
- A source PUSHES codes in. Your phone forwards an incoming SMS, or a self-hosted TOTP seed generates a rolling code.
- The codes LAND on /codes. Everything you have collected shows up on one page, newest first.
- A read token PULLS them out. Scripts, agents, and CI fetch the latest code over a read-only API.
That separation matters because the two tokens you will use are different and should never be confused:
| Token | Prefix | Direction | Who uses it |
|---|---|---|---|
| Device/ingest token | dvt_ |
Push codes in | Your phone |
| API read token | otpb_ |
Pull codes out | Scripts, agents, CI |
The fastest path
From a fresh account to reading a code in a terminal:
- Connect one source. Either pair a phone (see the iPhone or Android guide) or add a TOTP seed at
/totp/add. - Open
/codes. Trigger a real verification or watch a rolling TOTP code appear. - Create an API token at
/settings/api. It is read-only (scopecodes:read) and shown once, so copy it immediately. - Read the latest code with curl:
curl -H "Authorization: Bearer otpb_..." \
https://otpbase.com/api/codes/latest
That round trip — source in, page, token out — is the whole product.
A note on email
Email (IMAP) ingestion is on the roadmap. For now, codes come from forwarded SMS and self-hosted TOTP.
Where to next
- Pair an iPhone (Apple Shortcut) — forward SMS from an iPhone.
- Pair an Android phone — use a free SMS-forwarder app.
- Add a TOTP seed — paste an
otpauth://URI or import a Google Authenticator export.