Two-factor codesyour agent can use.
Save the 2FA seed once. Your agent fetches the current 6-digit code on demand and finishes the login. The seed never leaves Loomal, never lands in a prompt, never sits on a phone the agent can't reach.
Most automations break the moment a sign-in screen asks for a code from your authenticator app. Loomal stores the 2FA seed encrypted, and only ever returns the current 6-digit code through an authenticated API call. Your agent finishes the login and keeps moving. The seed cannot be cloned to another device, and every code request writes an audit entry.
How it works
Four steps. Most fire in under a second.
Save the 2FA seed once
Scan the QR code from the service enabling 2FA, or paste the secret. Loomal stores it encrypted.
Agent asks for the current code
When a sign-in screen needs a code, the agent calls Loomal and gets the live 6-digit code. The seed stays where it is.
Audit every code use
Every request shows up in your activity log with project, agent, time, and source IP. Filter by service or by date.
What you get
Built for developers who already shipped.
Codes without your phone
Agent requests the current 6-digit code over REST. No SMS, no authenticator app, no human stuck in the loop.
Seed stays sealed
Loomal stores the TOTP seed encrypted at rest. Only the rotating 6-digit code is returned. The seed itself cannot be exported.
Every code is logged
Each request records project, time, source IP, and which agent asked. Compliance teams can answer 'who logged in when' instantly.
FAQ
Things builders ask.
How is this different from 1Password or Authy?
What about backup codes?
Does it work for any service?
Can a stolen API key drain all my 2FA codes?
Built with 2FA
Real things developers build
on top of 2FA.
Ready to ship 2fa?
Sign up for free. No card required. Read the docs while you wait.