Two-Factor Authentication (2FA) is required to create API tokens and process withdrawals from your dashboard. This security measure protects your account and funds. You can use any Time-based One-Time Password (TOTP) authenticator app, such as Google Authenticator, Microsoft Authenticator, 1Password, Authy, or any other compatible TOTP application.

Open Profile in the left sidebar.

Click the API tab.

Click Manage Tokens.

Press Authenticate to start the 2FA setup.

In the 2FA modal:

Scan the QR code with your authenticator app, or copy the secret code and add it manually.
Enter the 6-digit code from your app.
Click Confirm and Activate.

Done! Return to Manage Tokens to create an API token with the permissions you need.

If you can’t scan the QR code (manual key entry)

The Google Authenticator (or any TOTP app) generates time-based 6-digit codes. To add your PayZu account manually:

Install a TOTP app from your phone’s store (Google Play or App Store).
Open the app and tap the “+” button to add a new account.
Choose “Enter a setup key” / “Enter code manually.”
Copy the secret code shown in the PayZu 2FA modal and paste it into the app exactly as displayed, e.g.:
```
<YOUR-SECRET-CODE>
```
Give it a label (e.g., PayZu).
The app will generate a 6-digit code that refreshes every 30 seconds. Use this code to Confirm and Activate.

Security tip: Store your authenticator setup / recovery info safely. You’ll need it if you change or lose your phone.

Video tutorials

Tips

If the code is “invalid,” ensure your phone’s time is set automatically and try again.
Keep your 2FA setup safe. If you switch devices, you’ll need to re-configure 2FA.