ValidateTOTP()
ts
function ValidateTOTP(code: string): boolean;Validates a TOTP code against the server's configured TOTP secret. Returns true if the code is valid and within its time window, false otherwise.
The algorithm used is SHA-512 with 6 digits, consistent with MakeTOTP(). A one-step skew window is applied, meaning codes from the immediately preceding or following 30-second window are also accepted to account for clock drift.
NOTE
ValidateTOTP uses Syncplify Server!'s own global TOTP secret (configured by the administrator), not any individual user's 2FA enrollment. To challenge a user with a TOTP prompt during keyboard-interactive login, use Session.AddQuestionTOTP() instead.
| Parameter | Type | Requirement | Explanation |
|---|---|---|---|
code | string | required | The 6-digit TOTP code to validate |
| Return value | Explanation |
|---|---|
true | The code is valid |
false | The code is invalid, expired, or the validation failed |
Example
ts
// Validate a code received in a custom HTTP webhook payload
var incomingCode = Session.GetCustomData('totp_code');
if (!ValidateTOTP(incomingCode)) {
Log('Invalid TOTP code — request rejected.');
Exit(1);
}
Log('TOTP validated, proceeding.');