Back to blog
Technical Reference6 minPublished 2026-03-18Reviewed 2026-04-08

What Is an otpauth URL? A Quick Reference for QR-Based TOTP Setup

A concise reference on the otpauth URL format used inside authenticator QR codes.

otpauth URLauthenticator QR code formatTOTP QR payload

Support Note

This page stays available for users but is currently excluded from search indexing while we expand it into a more comprehensive resource.

Quick Summary

  • An otpauth URL packages the secret and TOTP settings used by authenticator apps.
  • Ignoring non-default fields can break compatibility.
  • This reference is available on-site but excluded from indexing until a deeper technical guide is published.

Key Takeaways

  • The secret is only one part of the payload.
  • Digits, period, algorithm, and issuer metadata can all matter.
  • Local decoding is safer than uploading sensitive QR codes elsewhere.

What the format contains

A typical otpauth://totp/ URL contains a secret plus metadata such as issuer, label, digits, period, and algorithm.

Most consumer services use defaults, but a decoder should preserve the whole payload instead of assuming them.

Why users should care

When imports fail, the missing piece is often not the secret but one of the settings around it.

Reading the full payload helps you verify compatibility before trusting a generated code.

FAQ

Is the secret key inside the otpauth URL?

Yes. The URL usually includes the secret plus the settings needed to generate compatible codes.

Can I paste an otpauth URL directly into Swift2FA?

That is the intended workflow for compatible parsers because it preserves more setup detail than manual copying.

Keep Exploring

Continue with the 2FA generator, inspect an authenticator setup in the QR decoder, or browse related guides below.