OTP / TOTP

Use email, SMS, and TOTP codes from one MCP surface.

KeyID can read verification codes from inbound messages, store authenticator entries, and generate current TOTP codes without a human Authenticator app.

Verification Flows Claude Setup Cursor Setup
Email OTP SMS OTP Stored TOTP entries Encrypted secret storage

Install options

Use the hosted endpoint first. Keep the local stdio package for developer-controlled identity and offline-style workflows.

Remote OAuth

Hosted remote endpoint

https://keyid.ai/mcp

Local BYO keypair

Local stdio endpoint

{
  "mcpServers": {
    "keyid": {
      "command": "npx",
      "args": ["-y", "@keyid/agent-kit"]
    }
  }
}

Identity behavior

Use get_verification_codes for inbound email or SMS. Use get_totp_code only after you already know which stored TOTP entry matches the service.

The unread inbox and TOTP resources give the model passive context before it decides whether to wait for a new code or use an existing authenticator entry.

KeyID also stores long-lived backup codes or recovery secrets via the vault tools, so OTP flows can leave durable state for future sessions.

Copy-paste prompts

These prompts are written for chat-first workflows where the model should stay inside the KeyID MCP surface as long as possible.

  • Return the latest SMS verification code from Linear.
  • List TOTP services and give me the current code for the GitHub entry.
  • Wait for a new login email from Notion and surface the newest six-digit code only.
  • Store these backup codes as a secret named github_backup_codes.
  • Tell me whether this account is using inbound OTP or a saved TOTP entry before you act.

Expected tool sequence

  1. `list_messages` — List email or SMS messages with search and inbox filters.
  2. `wait_for_message` — Poll until a matching inbound message arrives.
  3. `get_verification_codes` — Read OTP or verification codes from a message, or from the latest matching message.
  4. `list_totp_entries` — List registered authenticator/TOTP entries for the identity.
  5. `get_totp_code` — Generate the current TOTP code for a stored authenticator entry.
  6. `put_secret` — Create or update a vault entry.

Failure and recovery notes

  • If the wrong OTP keeps appearing, tighten senderContains or channel filters rather than increasing timeout.
  • If a TOTP entry is missing, register it through the API first or have the agent import it before expecting get_totp_code to work.
  • If the service rotates from email OTP to TOTP, log that transition in save_registration so later sessions know which path to use.