Skip to content
Inkbox

Inkbox

ContactDocs
GuidesAPI Reference
GuidesAPI Reference

Jump to

Authenticator Accounts

An authenticator account represents a single OTP credential inside an authenticator app. You add accounts by providing an otpauth:// URI (the same URI encoded in QR codes), and then generate one-time passwords on demand.

Create account POST

POST /authenticator/apps/{app_id}/accounts

Add a new OTP account from an otpauth:// URI. The URI encodes the secret key, algorithm, digits, and period. Supports both TOTP and HOTP.

Path parameters

ParameterTypeDescription
app_idUUIDAuthenticator app ID

Request body

FieldTypeRequiredDescription
otpauth_uristringYesotpauth://totp/... or otpauth://hotp/... URI containing the OTP secret and parameters
display_namestringNoHuman-readable label for this account. Max 255 chars.
descriptionstringNoOptional description of what this account is for

Request example

JSONJSON

Response (201)

JSONJSON

Error responses

StatusDescription
400Valid otpauth:// URI but invalid OTP parameters (bad secret, unsupported algorithm, invalid digits/period)
403Organization ID missing from token
404Authenticator app not found
422Malformed request or invalid otpauth_uri format

Code examples

List accounts GET

GET /authenticator/apps/{app_id}/accounts

List all non-deleted accounts in an authenticator app.

Path parameters

ParameterTypeDescription
app_idUUIDAuthenticator app ID

Response (200)

JSONJSON

Code examples

Get account GET

GET /authenticator/apps/{app_id}/accounts/{account_id}

Get a single account by ID.

Path parameters

ParameterTypeDescription
app_idUUIDAuthenticator app ID
account_idUUIDAccount ID

Response (200)

Returns the full account object (see Account object below).

Code examples

Update account PATCH

PATCH /authenticator/apps/{app_id}/accounts/{account_id}

Update mutable fields on an account. Only supplied fields are modified.

Path parameters

ParameterTypeDescription
app_idUUIDAuthenticator app ID
account_idUUIDAccount ID

Request body

FieldTypeRequiredDescription
display_namestring | nullNoHuman-readable label. Max 255 chars. Set to null to clear.
descriptionstring | nullNoDescription. Set to null to clear.

Request example

JSONJSON

Response (200)

Returns the updated account object.

Code examples

Delete account DELETE

DELETE /authenticator/apps/{app_id}/accounts/{account_id}

Soft-delete an account. Returns 204 No Content on success.

Path parameters

ParameterTypeDescription
app_idUUIDAuthenticator app ID
account_idUUIDAccount ID

Code examples

Generate OTP POST

POST /authenticator/apps/{app_id}/accounts/{account_id}/generate-otp

Generate a one-time password for an account. For TOTP accounts, the code is time-based and valid_for_seconds indicates how long until it expires. For HOTP accounts, the internal counter is incremented atomically.

Path parameters

ParameterTypeDescription
app_idUUIDAuthenticator app ID
account_idUUIDAccount ID

Response (200)

JSONJSON

Response fields

FieldTypeDescription
otp_codestringThe generated one-time password
valid_for_secondsinteger | nullSeconds until the code expires (TOTP only, null for HOTP)
otp_typestringtotp or hotp
algorithmstringHash algorithm: sha1, sha256, or sha512
digitsintegerNumber of digits in the code
periodinteger | nullTOTP time step in seconds (null for HOTP)

Error responses

StatusDescription
403Not authorized for this authenticator app
404Authenticator app or account not found
500Internal error generating OTP code

Code examples

Account object

FieldTypeDescription
idUUIDUnique account identifier
authenticator_app_idUUIDParent authenticator app ID
otp_typestringOTP type: totp (time-based) or hotp (counter-based)
issuerstring | nullIssuer name extracted from the otpauth:// URI
account_namestring | nullAccount name extracted from the otpauth:// URI
display_namestring | nullHuman-readable label
descriptionstring | nullOptional description
algorithmstringHash algorithm: sha1, sha256, or sha512
digitsintegerNumber of digits in generated codes (typically 6)
periodinteger | nullTime step in seconds for TOTP (typically 30). null for HOTP.
counterinteger | nullCurrent counter value for HOTP. null for TOTP.
statusstringLifecycle status: active, deleted
created_atstringCreation timestamp (ISO 8601)
updated_atstringLast update timestamp (ISO 8601)

Inkbox

Copyright © 2026 Inkbox

This site is protected by reCAPTCHA.

Google Privacy Policy and Terms of Service apply.

Website

HomeContactDocs

Legal

Privacy PolicyTerms of Service

Contact

hello@inkbox.ai292 Main Street, Cambridge, MA 02142

Inkbox

Copyright © 2026 Inkbox

This site is protected by reCAPTCHA.

Google Privacy Policy and Terms of Service apply.

Website

HomeContactDocs

Legal

Privacy PolicyTerms of Service

Contact

hello@inkbox.ai292 Main Street, Cambridge, MA 02142