OCS TOTP (Time-based One-time Password) Validation API


The OCS TOTP (Time-based One-time Password) Validation API allows administrator users to validate if a TOTP is valid.

Only admin accounts can use this API.
When 2FA (Two-Factor Authentication) is activated on an account, authorization with a username and password is not possible. Requests must authenticate via app passwords.


This API requires the 2-Factor Authentication app to be installed and enabled.

Validate TOTP

  • Path: ocs/v1.php/apps/twofactor_totp/api/v1/validate/<userid>/<totp>

  • Method: GET

Request Parameters

Attribute Type Description



The user id of the user to validate the TOTP for.



The TOTP to validate.

Code Example


The request returns either an XML (the default) or a JSON response, along with an HTTP 200 OK status code, which show whether:

  1. The TOTP is valid

  2. The TOTP is invalid

  3. The user was not found

The status of the TOTP is located in the ocs/data/result element. If the user was not found, then:

  1. ocs/meta/status will be set to failure.

  2. ocs/meta/statuscode will be set to 404.

Example Responses

TOTP Is Valid

TOTP Is Not Valid

User or Secret Not Found