diff --git a/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtApplication.java b/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtApplication.java
index 60fcb4783..3cc0d385f 100644
--- a/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtApplication.java
+++ b/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtApplication.java
@@ -43,6 +43,7 @@ import org.springframework.context.annotation.ComponentScan;
     "org.maxkey.web.contorller",
     "org.maxkey.web.apps.contorller",
     "org.maxkey.web.endpoint",
+    "org.maxkey.web.api.endpoint",
     "org.maxkey.authn",
     "org.maxkey.persistence",
     "org.maxkey.web",
diff --git a/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtConfig.java b/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtConfig.java
index 5ca7efa1b..6f302c47b 100644
--- a/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtConfig.java
+++ b/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtConfig.java
@@ -26,6 +26,7 @@ import org.maxkey.authz.oauth2.provider.token.store.JdbcTokenStore;
 import org.maxkey.authz.oauth2.provider.token.store.RedisTokenStore;
 import org.maxkey.constants.ConstantsProperties;
 import org.maxkey.jobs.DynamicGroupsJob;
+import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
 import org.maxkey.password.onetimepwd.impl.TimeBasedOtpAuthn;
 import org.maxkey.persistence.db.LoginHistoryService;
 import org.maxkey.persistence.db.LoginService;
@@ -131,11 +132,11 @@ public class MaxKeyMgtConfig  implements InitializingBean {
         return authenticationRealm;
     }
 
-	@Bean(name = "tfaOptAuthn")
-    public TimeBasedOtpAuthn tfaOptAuthn() {
-	    TimeBasedOtpAuthn tfaOptAuthn = new TimeBasedOtpAuthn();
+	@Bean(name = "timeBasedOtpAuthn")
+    public AbstractOtpAuthn timeBasedOtpAuthn() {
+		AbstractOtpAuthn tfaOtpAuthn = new TimeBasedOtpAuthn();
 	    _logger.debug("TimeBasedOtpAuthn inited.");
-        return tfaOptAuthn;
+        return tfaOtpAuthn;
     }
 	
     /**
diff --git a/maxkey-web-manage/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java b/maxkey-web-manage/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java
new file mode 100644
index 000000000..8bfa0ba2b
--- /dev/null
+++ b/maxkey-web-manage/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+
+package org.maxkey.web.api.endpoint;
+
+import org.maxkey.crypto.password.PasswordReciprocal;
+import org.maxkey.domain.UserInfo;
+import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
+import org.maxkey.persistence.service.UserInfoService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+
+@Api(tags = "基于时间令牌验证 API文档模块")
+@Controller
+@RequestMapping(value={"/im/api/otp"})
+public class RestTimeBasedOtpController {
+
+	@Autowired
+    @Qualifier("timeBasedOtpAuthn")
+    protected AbstractOtpAuthn timeBasedOtpAuthn;
+    
+    @Autowired
+    @Qualifier("userInfoService")
+    private UserInfoService userInfoService;
+    
+    @ApiOperation(value = "基于时间令牌验证 API文档模块", notes = "传递参数username和token",httpMethod="GET")
+    @ResponseBody
+    @RequestMapping(value = "/timebased/validate", method = RequestMethod.GET)
+    public boolean getUser(@RequestParam String username,
+    							 @RequestParam String token) {
+    	
+    	UserInfo validUserInfo = userInfoService.loadByUsername(username);
+    	if(validUserInfo != null) {
+    		 String sharedSecret = 
+                     PasswordReciprocal.getInstance().decoder(validUserInfo.getSharedSecret());
+             validUserInfo.setSharedSecret(sharedSecret);
+             validUserInfo.setSharedCounter(validUserInfo.getSharedCounter());
+    		if(timeBasedOtpAuthn.validate(validUserInfo, token)) {
+    			return true;
+    		}
+    	}
+    	
+        return false;
+    }
+
+ 
+}
diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java
index 3ca020746..5367ebf2c 100644
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java
@@ -164,8 +164,8 @@ public class MaxKeyConfig  implements InitializingBean {
         return authenticationRealm;
     }
     
-	@Bean(name = "tfaOtpAuthn")
-    public TimeBasedOtpAuthn tfaOptAuthn() {
+	@Bean(name = "timeBasedOtpAuthn")
+    public TimeBasedOtpAuthn timeBasedOtpAuthn() {
 	    TimeBasedOtpAuthn tfaOtpAuthn = new TimeBasedOtpAuthn();
 	    _logger.debug("TimeBasedOtpAuthn inited.");
         return tfaOtpAuthn;