What exactly is an otpauth URI?

It is a small text string that an authenticator app understands, and it carries everything the app needs to start generating one-time codes. A typical one looks like otpauth://totp/GitHub:alice@example.com?secret=JBSWY3DPEHPK3PXP&issuer=GitHub&algorithm=SHA1&digits=6&period=30. The app reads the secret, the issuer, the digit count and the period, then computes the live code. Most sites hide this string inside the 2FA QR code you scan during setup.

How do I get this URI into my authenticator app?

Turn the URI into a QR code and scan it. Authenticator apps add accounts by camera, not by pasting text, so build the URI here, copy it into a QR generator such as our qrcode-generator, then scan the resulting image with Google Authenticator or Authy. Some apps (1Password, Bitwarden) also let you paste the otpauth:// string directly into a setup field, which skips the QR step entirely.

How is this different from a TOTP code generator?

This tool builds the configuration, the other one produces the live codes. A TOTP generator (see our totp-generator) takes an existing Base32 secret and shows the 6-digit number that is valid right now. This otpauth URI generator goes one step earlier: it assembles the full setup string (issuer, label, secret, algorithm, digits, period) that you scan to register the account in the first place. Build the URI here, generate codes with the TOTP tool.

What is a Base32 secret and why that format?

The secret is the shared key both the server and your app use to compute codes. The otpauth standard requires it to be written in Base32 (RFC 4648), which uses only A to Z and 2 to 7, so it has no 0, 1, 8 or 9 to avoid confusion with O, I, B and g. A typical secret is 16 or 32 characters. Use the random secret button here to get a valid one, or paste the Base32 string a site gave you.

Is it safe to put a real secret in here?

The math runs entirely in your browser and the secret is never sent anywhere, never logged, and never written into the shareable URL, only the non-secret options like issuer and algorithm round-trip in the link. That said, treat any production 2FA secret like a password. For demos, screenshots or learning, use the random secret button to generate a throwaway value instead of pasting the real one from your bank or work account.

Should I use totp or hotp, and which algorithm?

Pick totp for almost everything, it is time-based and what every mainstream service uses. hotp is counter-based and only appears in a few legacy hardware tokens. For the algorithm, leave it on SHA1 unless the service explicitly says SHA256 or SHA512, because most authenticator apps only fully support SHA1 and a mismatch makes every code wrong. Same caution applies to digits (6 is standard) and period (30 seconds).

Set up 2FA when a site only gives you a secret

Some services show a Base32 secret key but no QR code, or the QR fails to scan. Paste the secret here, fill in the issuer and your account name, copy the otpauth:// URI, run it through a QR generator and scan that instead. You go from a bare key the site handed you to a working authenticator entry without any back-and-forth.

Migrate an account between authenticator apps

Switching from Authy to Google Authenticator and the old app will not export? If you still have the original secret saved, rebuild the otpauth:// URI with the right issuer and algorithm, make a QR code, and scan it into the new app. The codes line up because the secret and parameters are identical, no need to disable and re-enable 2FA on the site.

Generate test 2FA accounts for development

Building a login flow that supports authenticator apps? Click the random secret button, build a totp URI, and you have a disposable 2FA account to scan into a real authenticator for end-to-end testing. Generate a fresh one per test run so no secret leaks into your repo or screenshots.

Debug why an authenticator shows the wrong code

When a 2FA code never matches, the cause is usually a parameter mismatch. Paste the otpauth:// URI from the failing setup into the parse pane and read back the exact algorithm, digits and period the app was told to use. Nine times out of ten you will find a SHA256 or a period of 60 where the server expected SHA1 and 30.

otpauth URI Generator: Build a 2FA Setup Link

Build an otpauth:// 2FA setup URI from issuer, account and Base32 secret, parse one back, then turn it into a QR code, browser-only

Runs locally
Category Developer & DevOps
Best for Formatting, validating, shrinking, or inspecting code-adjacent text.

Account (label)

Issuer

Base32 secret

Local only. The secret stays in this tab and is never put in the URL. Do not paste a real production secret here, use a test one.

Type

Algorithm

Digits

Period (s)

Enter a Base32 secret to build the URI.

Parse an existing URI

What this tool does

Free otpauth:// URI generator for setting up two-factor authentication. An authenticator app like Google Authenticator, Authy, Microsoft Authenticator or 1Password adds an account by scanning a QR code, and the thing encoded inside that QR is an otpauth:// URI. This tool builds that exact URI from the parts you control: the account label, the issuer (provider name), a Base32 secret, the type (totp or hotp), the HMAC algorithm (SHA1, SHA256, SHA512), the digit count (6 or 8) and the period (usually 30 seconds). It encodes the label and issuer correctly so spaces and colons survive, and it can also run in reverse: paste an existing otpauth:// URI and the tool splits it back into clean fields. Generate a random Base32 secret with one click when you are wiring up a new account. Everything runs in your browser. The secret is never put in the shareable URL and never leaves the page. 100% client-side, no upload, no server.

Tool details

Input: Text + Numbers; The page exposes text boxes, numeric controls, file pickers, or structured inputs depending on the tool.
Output: Live result + Copy; The result area focuses on usable output, with copy, download, or preview actions when supported.
Privacy: Browser-side processing; The main tool logic does not call an external API, so inputs normally stay in the current tab.
Save / share: Shareable URL state; Key settings are encoded in the URL so another person can reopen the same setup.
Performance budget: Initial JS <= 9 KB; No WASM budget is declared, keeping the tool quick to open on mobile.
Best fit: Developer & DevOps · Developer; Category and role tags drive related tools, internal links, and quick fit checks.

How to use

1. Input

Paste or drop your content into the tool panel.
2. Process

Click the button. All processing is local in your browser.
3. Copy / Download

Copy the result or download to disk in one click.

How otpauth URI Generator fits into your work

Use it in the small gaps between coding, reviewing, debugging, and shipping.

Developer jobs

Formatting, validating, shrinking, or inspecting code-adjacent text.
Preparing snippets for documentation, tickets, commits, or handoff.
Checking a small payload quickly without switching tools.

Developer checks

Run irreversible transforms like minify or obfuscate on a copy.
Keep secrets out of pasted snippets unless the tool explicitly stays local.
Use your normal tests or linter before shipping transformed code.

Good next steps

These links move the current task into a more complete workflow.

Real-world use cases

Set up 2FA when a site only gives you a secret
Some services show a Base32 secret key but no QR code, or the QR fails to scan. Paste the secret here, fill in the issuer and your account name, copy the otpauth:// URI, run it through a QR generator and scan that instead. You go from a bare key the site handed you to a working authenticator entry without any back-and-forth.
Migrate an account between authenticator apps
Switching from Authy to Google Authenticator and the old app will not export? If you still have the original secret saved, rebuild the otpauth:// URI with the right issuer and algorithm, make a QR code, and scan it into the new app. The codes line up because the secret and parameters are identical, no need to disable and re-enable 2FA on the site.
Generate test 2FA accounts for development
Building a login flow that supports authenticator apps? Click the random secret button, build a totp URI, and you have a disposable 2FA account to scan into a real authenticator for end-to-end testing. Generate a fresh one per test run so no secret leaks into your repo or screenshots.
Debug why an authenticator shows the wrong code
When a 2FA code never matches, the cause is usually a parameter mismatch. Paste the otpauth:// URI from the failing setup into the parse pane and read back the exact algorithm, digits and period the app was told to use. Nine times out of ten you will find a SHA256 or a period of 60 where the server expected SHA1 and 30.

Common pitfalls

Choosing SHA256 or SHA512 to feel safer. Most authenticator apps only fully support SHA1, so a fancier algorithm makes every code wrong. Leave it on SHA1 unless the service documentation explicitly says otherwise.
Leaving spaces or a colon in the secret. A Base32 secret uses only A to Z and 2 to 7. Trailing spaces, lowercase letters or a stray colon copied from a web page break the key. This tool strips whitespace and upper-cases for you, but verify the cleaned value before scanning.
Forgetting the issuer, so every account shows up as a blank or duplicate name. The issuer (provider name) is what your authenticator displays in the list. Without it, three different work accounts all read as the same bare email and you cannot tell which code is which.

Privacy

Every step here, building the otpauth:// URI, parsing one back, and generating a random Base32 secret, is plain JavaScript that runs in your browser tab. The secret is never sent over the network, never logged, and never written into the shareable URL. Only the non-secret options (issuer, type, algorithm, digits, period) round-trip in the link so a shared URL reproduces your settings without ever exposing the key. Still, treat any real 2FA secret like a password and prefer the random secret button for demos, screenshots or testing.

FAQ

Tool combos

Folks in your role tend to reach for these alongside this tool.

Developer

Browse all tools for this role

otpauth URI Generator: Build a 2FA Setup Link

What this tool does

Tool details

How to use

1. Input

2. Process

3. Copy / Download

How otpauth URI Generator fits into your work

Developer jobs

Developer checks

Good next steps

Real-world use cases

Set up 2FA when a site only gives you a secret

Migrate an account between authenticator apps

Generate test 2FA accounts for development

Debug why an authenticator shows the wrong code

Common pitfalls

Privacy

FAQ

Unit Converter

Percentage Calculator

TOTP Generator

QR Code Generator

HMAC Generator

Backup Codes Generator

AI Eval Planner

API Key Generator

ASCII Table Generator

ASCII Table Reference

awk + sed Cheatsheet

AWS CLI Cheatsheet