API docs
ShareOTP Public API
Automate account management and code delivery using admin-issued API keys. All API keys are admin-level and operate on a single organization.
Authentication
API requests authenticate using an admin-created API key. Keys are created in Admin → Settings → API access.
Authorization header
Send the key as a Bearer token. We also accept X-API-Key.
curl https://your-domain.com/api/v1/accounts \ -H "Authorization: Bearer sk_shareotp_..."
IP allowlist
Optionally restrict API access to specific IP addresses. Add one IP per line in Admin Settings. Requests must match exactly.
Endpoints
Method
Path
Description
GET
/api/v1/accounts
List accounts
POST
/api/v1/accounts
Create account
GET
/api/v1/accounts/{accountId}
Fetch account details
PATCH
/api/v1/accounts/{accountId}
Update account
DELETE
/api/v1/accounts/{accountId}
Delete account
GET
/api/v1/accounts/codes?ids=...
Fetch TOTP codes
POST
/api/v1/accounts/{accountId}/export
Export account secret
GET
/api/v1/accounts/{accountId}/permissions
List account access
POST
/api/v1/accounts/{accountId}/permissions
Grant or revoke access
GET
/api/v1/audit
List audit logs
Create an account
curl https://your-domain.com/api/v1/accounts \
-H "Authorization: Bearer sk_shareotp_..." \
-H "Content-Type: application/json" \
-d '{
"name": "GitHub",
"issuer": "GitHub",
"tags": ["engineering", "prod"],
"secret": "JBSWY3DPEHPK3PXP"
}'Fetch codes
curl "https://your-domain.com/api/v1/accounts/codes?ids=acct_123,acct_456" \ -H "Authorization: Bearer sk_shareotp_..."
Grant access
curl https://your-domain.com/api/v1/accounts/acct_123/permissions \
-H "Authorization: Bearer sk_shareotp_..." \
-H "Content-Type: application/json" \
-d '{
"action": "grant",
"email": "[email protected]"
}'Errors
Errors return JSON with an error message and a relevant HTTP status code.
{
"error": "Unauthorized"
}OpenAPI spec
Download the OpenAPI spec for tooling integrations or client generation.