This project is not covered by Drupal’s security advisory policy.

Provides headless TFA support for Google Authenticator, using the TFA Module.

Features

The module exists of 4 endpoints:

/api/totp/generate

Generates an uri for a QR code and a seed.

/api/totp/status

Checks the status of the user, if TFA is enabled or not.

/api/totp/register

Registers the user so it can use TFA

/api/totp/login

Checks if the user is authorized to login with the given code.

Post-Installation

The endpoints can be enabled under Settings > Webservices > REST.

Additional Requirements

Depends on the module TFA.
Uses REST to provide the endpoints.
RESTUI is a nice to have.

Supporting organizations: 
Alserda Media
Funding, Development

Project information

Releases

2.2.2 released 13 November 2025
Works with Drupal: ^9 || ^10
Install:
2.1.3 released 10 November 2025
Works with Drupal: ^9 || ^10
Install:

Development version: 2.1.x-dev updated 10 Nov 2025 at 14:33 UTC

2.0.9 released 23 December 2024
Works with Drupal: ^9 || ^10
Install:

Development version: 2.0.x-dev updated 6 Oct 2025 at 09:26 UTC

1.0.6 released 1 August 2024
Works with Drupal: ^9 || ^10
Install:

Development version: 1.0.x-dev updated 1 Aug 2024 at 09:42 UTC

Using Composer to manage Drupal site dependencies