# TOTPGenerateUri() Generates an otpauth:// URI that can be rendered as a QR code for users to scan with their authenticator app (Google Authenticator, Authy, etc.) during two-factor authentication setup. **Requires Extension:** [Crypto Extension](https://download.lucee.org/#17AB52DE-B300-A94B-E058FC978BE4542D) ``` TOTPGenerateUri( secret=string, account=string, issuer=string, options=struct ); ``` **Returns:** string # Arguments | Argument | Type | Required | Description | Default | |----------|------|----------|-------------|---------| | secret | string | Yes | Base32-encoded secret (from TOTPSecret) | | | account | string | Yes | Account identifier, typically an email address | | | issuer | string | Yes | Issuer name, typically the application or service name | | | options | struct | No | Optional struct: digits (default 6), period (default 30), algorithm (SHA1\|SHA256\|SHA512, default SHA1) | | # Examples ```cfml // Generate an otpauth:// URI for use with authenticator apps (Google Authenticator, Authy, etc.) // Users can scan this as a QR code to add the account to their app secret = TOTPSecret(); uri = TOTPGenerateUri( secret, "user@example.com", "MyApp" ); // otpauth://totp/MyApp:user@example.com?secret=...&issuer=MyApp&algorithm=SHA1&digits=6&period=30 // You can generate a QR code from this URI using any QR library // The user scans it with their authenticator app and it's configured automatically // Custom options: change the number of digits, time period, or hash algorithm uri = TOTPGenerateUri( secret, "user@example.com", "MyApp", { digits: 8, // 8-digit codes instead of the default 6 period: 60, // new code every 60 seconds instead of 30 algorithm: "SHA256" // SHA256 instead of SHA1 }); // Special characters in the issuer name are URL-encoded automatically uri = TOTPGenerateUri( secret, "user@example.com", "My App & Co" ); ``` # Categories [Cryptography](../../categories/crypto.md) # See Also [TOTPSecret()](totpsecret.md), [TOTPVerify()](totpverify.md)