# Using 2FA in Front-End and API Scans

If your application login requires a TOTP code, Aikido can log in during scans as long as you provide the otpauth URL for that 2FA token.

This allows Aikido to generate the same 6 digit codes your authenticator app would.

## What is an otpauth URL

An otpauth URL contains the TOTP secret and configuration needed to produce time based codes.

It looks like this:

```
otpauth://totp/MyApp:user@example.com?secret=JBSWY3DPEHPK3PXP&issuer=MyApp
```

## How to get your otpauth URL

You can get the URL in one of these ways:

### 1. From the 2FA setup screen

Look for:

* Show secret
* Manual setup
* Enter key instead

Some providers show the otpauth URL directly. Others show only the Base32 secret.

If you only have the Base32 secret, you can build the URL yourself:

```
otpauth://totp/<Label>?secret=<BASE32SECRET>&issuer=<YourApp>
```

### 2. By scanning the QR code

If the setup shows a QR code:

* Use any QR reader that reveals the text content
* The scanned result will be the full otpauth URL

### 3. From your IdP or admin panel

Some IdPs expose the TOTP seed for service accounts.

Look for fields like:

* OTP URI
* TOTP configuration
* MFA seed

If your login uses SMS, push notifications, or hardware keys, you will not get an otpauth URL. Those are currently not supported by Aikido.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.aikido.dev/dast-surface-monitoring/using-2fa-in-front-end-and-api-scans.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.