diff --git a/go.mod b/go.mod
index 21efb5e..153033f 100644
--- a/go.mod
+++ b/go.mod
@@ -18,6 +18,7 @@ require (
 	github.com/miekg/dns v1.1.31 // indirect
 	github.com/nats-io/nats-streaming-server v0.21.1
 	github.com/paulmach/go.geo v0.0.0-20180829195134-22b514266d33
+	github.com/pquerna/otp v1.3.0
 	github.com/stoewer/go-strcase v1.2.0
 	github.com/stretchr/testify v1.6.1
 	github.com/ulikunitz/xz v0.5.8 // indirect
diff --git a/go.sum b/go.sum
index 2fc8c38..e5c9e7e 100644
--- a/go.sum
+++ b/go.sum
@@ -80,6 +80,8 @@ github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY=
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
 github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
+github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI=
+github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/caddyserver/certmagic v0.10.6 h1:sCya6FmfaN74oZE46kqfaFOVoROD/mF36rTQfjN7TZc=
 github.com/caddyserver/certmagic v0.10.6/go.mod h1:Y8jcUBctgk/IhpAzlHKfimZNyXCkfGgRTC0orl8gROQ=
 github.com/cenkalti/backoff/v4 v4.0.0 h1:6VeaLF9aI+MAUQ95106HwWzYZgJJpZ4stumjj6RFYAU=
@@ -471,6 +473,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pquerna/otp v1.3.0 h1:oJV/SkzR33anKXwQU3Of42rL4wbrffP4uvUf1SvS5Xs=
+github.com/pquerna/otp v1.3.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM=
 github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
diff --git a/otp/.gitignore b/otp/.gitignore
new file mode 100644
index 0000000..37ae984
--- /dev/null
+++ b/otp/.gitignore
@@ -0,0 +1,2 @@
+
+otp
diff --git a/otp/Dockerfile b/otp/Dockerfile
new file mode 100644
index 0000000..c10f7b1
--- /dev/null
+++ b/otp/Dockerfile
@@ -0,0 +1,3 @@
+FROM alpine
+ADD otp /otp
+ENTRYPOINT [ "/otp" ]
diff --git a/otp/Makefile b/otp/Makefile
new file mode 100644
index 0000000..925b4b1
--- /dev/null
+++ b/otp/Makefile
@@ -0,0 +1,26 @@
+
+GOPATH:=$(shell go env GOPATH)
+.PHONY: init
+init:
+	go get -u github.com/golang/protobuf/proto
+	go get -u github.com/golang/protobuf/protoc-gen-go
+	go get github.com/micro/micro/v3/cmd/protoc-gen-micro
+.PHONY: proto
+proto:
+	protoc --openapi_out=. --proto_path=. --micro_out=. --go_out=. proto/otp.proto
+
+docs:
+	protoc --openapi_out=. --proto_path=. --micro_out=. --go_out=. proto/otp.proto
+	@redoc-cli bundle api-otp.json
+	
+.PHONY: build
+build:
+	go build -o otp *.go
+
+.PHONY: test
+test:
+	go test -v ./... -cover
+
+.PHONY: docker
+docker:
+	docker build . -t otp:latest
diff --git a/otp/README.md b/otp/README.md
new file mode 100644
index 0000000..5e4e7e2
--- /dev/null
+++ b/otp/README.md
@@ -0,0 +1,23 @@
+# Otp Service
+
+This is the Otp service
+
+Generated with
+
+```
+micro new otp
+```
+
+## Usage
+
+Generate the proto code
+
+```
+make proto
+```
+
+Run the service
+
+```
+micro run .
+```
\ No newline at end of file
diff --git a/otp/generate.go b/otp/generate.go
new file mode 100644
index 0000000..7d9db91
--- /dev/null
+++ b/otp/generate.go
@@ -0,0 +1,3 @@
+package main
+
+//go:generate make proto
diff --git a/otp/handler/otp.go b/otp/handler/otp.go
new file mode 100644
index 0000000..f47e35d
--- /dev/null
+++ b/otp/handler/otp.go
@@ -0,0 +1,92 @@
+package handler
+
+import (
+	"context"
+	"time"
+
+	"github.com/micro/micro/v3/service/errors"
+	"github.com/micro/micro/v3/service/logger"
+	pb "github.com/micro/services/otp/proto"
+	"github.com/micro/services/pkg/cache"
+
+	"github.com/pquerna/otp"
+	"github.com/pquerna/otp/totp"
+)
+
+type Otp struct{}
+
+func (e *Otp) Generate(ctx context.Context, req *pb.GenerateRequest, rsp *pb.GenerateResponse) error {
+	if len(req.Id) == 0 {
+		return errors.BadRequest("otp.generate", "missing id")
+	}
+
+	// check if a key exists for the user
+	var secret string
+
+	if err := cache.Get(req.Id, &secret); err != nil {
+		// generate a key
+		key, err := totp.Generate(totp.GenerateOpts{
+			Issuer:      "Micro",
+			AccountName: req.Id,
+		})
+		if err != nil {
+			logger.Error("Failed to generate secret: %v", err)
+			return errors.InternalServerError("otp.generate", "failed to generate code")
+		}
+
+		secret = key.Secret()
+
+		if err := cache.Put(req.Id, secret, time.Now().Add(time.Minute*5)); err != nil {
+			logger.Error("Failed to store secret: %v", err)
+			return errors.InternalServerError("otp.generate", "failed to generate code")
+		}
+	}
+
+	// generate a new code
+	code, err := totp.GenerateCodeCustom(secret, time.Now(), totp.ValidateOpts{
+		Period:    60,
+		Skew:      1,
+		Digits:    otp.DigitsSix,
+		Algorithm: otp.AlgorithmSHA512,
+	})
+
+	if err != nil {
+		return errors.InternalServerError("otp.generate", "failed to generate code: %v", err)
+	}
+
+	// return the code
+	rsp.Code = code
+
+	return nil
+}
+
+func (e *Otp) Validate(ctx context.Context, req *pb.ValidateRequest, rsp *pb.ValidateResponse) error {
+	if len(req.Id) == 0 {
+		return errors.BadRequest("otp.generate", "missing id")
+	}
+	if len(req.Code) == 0 {
+		return errors.BadRequest("otp.generate", "missing code")
+	}
+
+	var secret string
+
+	if err := cache.Get(req.Id, &secret); err != nil {
+		logger.Error("Failed to get secret from store: %v", err)
+		return errors.InternalServerError("otp.generate", "failed to validate code")
+	}
+
+	ok, err := totp.ValidateCustom(req.Code, secret, time.Now(), totp.ValidateOpts{
+		Period:    60,
+		Skew:      1,
+		Digits:    otp.DigitsSix,
+		Algorithm: otp.AlgorithmSHA1,
+	})
+	if err != nil {
+		return errors.InternalServerError("otp.generate", "failed to validate code")
+	}
+
+	// set the response
+	rsp.Success = ok
+
+	return nil
+}
diff --git a/otp/main.go b/otp/main.go
new file mode 100644
index 0000000..cd0ccee
--- /dev/null
+++ b/otp/main.go
@@ -0,0 +1,24 @@
+package main
+
+import (
+	"github.com/micro/services/otp/handler"
+	pb "github.com/micro/services/otp/proto"
+
+	"github.com/micro/micro/v3/service"
+	"github.com/micro/micro/v3/service/logger"
+)
+
+func main() {
+	// Create service
+	srv := service.New(
+		service.Name("otp"),
+	)
+
+	// Register handler
+	pb.RegisterOtpHandler(srv.Server(), new(handler.Otp))
+
+	// Run service
+	if err := srv.Run(); err != nil {
+		logger.Fatal(err)
+	}
+}
diff --git a/otp/micro.mu b/otp/micro.mu
new file mode 100644
index 0000000..1d8f3ab
--- /dev/null
+++ b/otp/micro.mu
@@ -0,0 +1 @@
+service otp
diff --git a/otp/proto/otp.pb.go b/otp/proto/otp.pb.go
new file mode 100644
index 0000000..ebf08f0
--- /dev/null
+++ b/otp/proto/otp.pb.go
@@ -0,0 +1,357 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.26.0
+// 	protoc        v3.15.6
+// source: proto/otp.proto
+
+package otp
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Generate an OTP (one time pass) code
+type GenerateRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// unique id, email or user to generate an OTP for
+	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+}
+
+func (x *GenerateRequest) Reset() {
+	*x = GenerateRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_proto_otp_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GenerateRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GenerateRequest) ProtoMessage() {}
+
+func (x *GenerateRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_proto_otp_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GenerateRequest.ProtoReflect.Descriptor instead.
+func (*GenerateRequest) Descriptor() ([]byte, []int) {
+	return file_proto_otp_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *GenerateRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+type GenerateResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// 6 digit one time pass code
+	Code string `protobuf:"bytes,1,opt,name=code,proto3" json:"code,omitempty"`
+}
+
+func (x *GenerateResponse) Reset() {
+	*x = GenerateResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_proto_otp_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GenerateResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GenerateResponse) ProtoMessage() {}
+
+func (x *GenerateResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_proto_otp_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GenerateResponse.ProtoReflect.Descriptor instead.
+func (*GenerateResponse) Descriptor() ([]byte, []int) {
+	return file_proto_otp_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *GenerateResponse) GetCode() string {
+	if x != nil {
+		return x.Code
+	}
+	return ""
+}
+
+// Validate the code
+type ValidateRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// unique id, email or user for which the code was generated
+	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	// 6 digit one time pass code to validate
+	Code string `protobuf:"bytes,2,opt,name=code,proto3" json:"code,omitempty"`
+}
+
+func (x *ValidateRequest) Reset() {
+	*x = ValidateRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_proto_otp_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ValidateRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ValidateRequest) ProtoMessage() {}
+
+func (x *ValidateRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_proto_otp_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ValidateRequest.ProtoReflect.Descriptor instead.
+func (*ValidateRequest) Descriptor() ([]byte, []int) {
+	return file_proto_otp_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *ValidateRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *ValidateRequest) GetCode() string {
+	if x != nil {
+		return x.Code
+	}
+	return ""
+}
+
+type ValidateResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// returns true if successful
+	Success bool `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+}
+
+func (x *ValidateResponse) Reset() {
+	*x = ValidateResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_proto_otp_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ValidateResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ValidateResponse) ProtoMessage() {}
+
+func (x *ValidateResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_proto_otp_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ValidateResponse.ProtoReflect.Descriptor instead.
+func (*ValidateResponse) Descriptor() ([]byte, []int) {
+	return file_proto_otp_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *ValidateResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+var File_proto_otp_proto protoreflect.FileDescriptor
+
+var file_proto_otp_proto_rawDesc = []byte{
+	0x0a, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x6f, 0x74, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x12, 0x03, 0x6f, 0x74, 0x70, 0x22, 0x21, 0x0a, 0x0f, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61,
+	0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x22, 0x26, 0x0a, 0x10, 0x47, 0x65, 0x6e,
+	0x65, 0x72, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x12, 0x0a,
+	0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, 0x6f, 0x64,
+	0x65, 0x22, 0x35, 0x0a, 0x0f, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x22, 0x2c, 0x0a, 0x10, 0x56, 0x61, 0x6c, 0x69,
+	0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07,
+	0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x73,
+	0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x32, 0x7b, 0x0a, 0x03, 0x4f, 0x74, 0x70, 0x12, 0x39, 0x0a,
+	0x08, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x12, 0x14, 0x2e, 0x6f, 0x74, 0x70, 0x2e,
+	0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x15, 0x2e, 0x6f, 0x74, 0x70, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x08, 0x56, 0x61, 0x6c, 0x69,
+	0x64, 0x61, 0x74, 0x65, 0x12, 0x14, 0x2e, 0x6f, 0x74, 0x70, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64,
+	0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x6f, 0x74, 0x70,
+	0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x22, 0x00, 0x42, 0x0d, 0x5a, 0x0b, 0x2e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x3b, 0x6f,
+	0x74, 0x70, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_proto_otp_proto_rawDescOnce sync.Once
+	file_proto_otp_proto_rawDescData = file_proto_otp_proto_rawDesc
+)
+
+func file_proto_otp_proto_rawDescGZIP() []byte {
+	file_proto_otp_proto_rawDescOnce.Do(func() {
+		file_proto_otp_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_otp_proto_rawDescData)
+	})
+	return file_proto_otp_proto_rawDescData
+}
+
+var file_proto_otp_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
+var file_proto_otp_proto_goTypes = []interface{}{
+	(*GenerateRequest)(nil),  // 0: otp.GenerateRequest
+	(*GenerateResponse)(nil), // 1: otp.GenerateResponse
+	(*ValidateRequest)(nil),  // 2: otp.ValidateRequest
+	(*ValidateResponse)(nil), // 3: otp.ValidateResponse
+}
+var file_proto_otp_proto_depIdxs = []int32{
+	0, // 0: otp.Otp.Generate:input_type -> otp.GenerateRequest
+	2, // 1: otp.Otp.Validate:input_type -> otp.ValidateRequest
+	1, // 2: otp.Otp.Generate:output_type -> otp.GenerateResponse
+	3, // 3: otp.Otp.Validate:output_type -> otp.ValidateResponse
+	2, // [2:4] is the sub-list for method output_type
+	0, // [0:2] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_proto_otp_proto_init() }
+func file_proto_otp_proto_init() {
+	if File_proto_otp_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_proto_otp_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GenerateRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_proto_otp_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GenerateResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_proto_otp_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ValidateRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_proto_otp_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ValidateResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_proto_otp_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   4,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_proto_otp_proto_goTypes,
+		DependencyIndexes: file_proto_otp_proto_depIdxs,
+		MessageInfos:      file_proto_otp_proto_msgTypes,
+	}.Build()
+	File_proto_otp_proto = out.File
+	file_proto_otp_proto_rawDesc = nil
+	file_proto_otp_proto_goTypes = nil
+	file_proto_otp_proto_depIdxs = nil
+}
diff --git a/otp/proto/otp.pb.micro.go b/otp/proto/otp.pb.micro.go
new file mode 100644
index 0000000..0d2c15d
--- /dev/null
+++ b/otp/proto/otp.pb.micro.go
@@ -0,0 +1,110 @@
+// Code generated by protoc-gen-micro. DO NOT EDIT.
+// source: proto/otp.proto
+
+package otp
+
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	math "math"
+)
+
+import (
+	context "context"
+	api "github.com/micro/micro/v3/service/api"
+	client "github.com/micro/micro/v3/service/client"
+	server "github.com/micro/micro/v3/service/server"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ api.Endpoint
+var _ context.Context
+var _ client.Option
+var _ server.Option
+
+// Api Endpoints for Otp service
+
+func NewOtpEndpoints() []*api.Endpoint {
+	return []*api.Endpoint{}
+}
+
+// Client API for Otp service
+
+type OtpService interface {
+	Generate(ctx context.Context, in *GenerateRequest, opts ...client.CallOption) (*GenerateResponse, error)
+	Validate(ctx context.Context, in *ValidateRequest, opts ...client.CallOption) (*ValidateResponse, error)
+}
+
+type otpService struct {
+	c    client.Client
+	name string
+}
+
+func NewOtpService(name string, c client.Client) OtpService {
+	return &otpService{
+		c:    c,
+		name: name,
+	}
+}
+
+func (c *otpService) Generate(ctx context.Context, in *GenerateRequest, opts ...client.CallOption) (*GenerateResponse, error) {
+	req := c.c.NewRequest(c.name, "Otp.Generate", in)
+	out := new(GenerateResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *otpService) Validate(ctx context.Context, in *ValidateRequest, opts ...client.CallOption) (*ValidateResponse, error) {
+	req := c.c.NewRequest(c.name, "Otp.Validate", in)
+	out := new(ValidateResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// Server API for Otp service
+
+type OtpHandler interface {
+	Generate(context.Context, *GenerateRequest, *GenerateResponse) error
+	Validate(context.Context, *ValidateRequest, *ValidateResponse) error
+}
+
+func RegisterOtpHandler(s server.Server, hdlr OtpHandler, opts ...server.HandlerOption) error {
+	type otp interface {
+		Generate(ctx context.Context, in *GenerateRequest, out *GenerateResponse) error
+		Validate(ctx context.Context, in *ValidateRequest, out *ValidateResponse) error
+	}
+	type Otp struct {
+		otp
+	}
+	h := &otpHandler{hdlr}
+	return s.Handle(s.NewHandler(&Otp{h}, opts...))
+}
+
+type otpHandler struct {
+	OtpHandler
+}
+
+func (h *otpHandler) Generate(ctx context.Context, in *GenerateRequest, out *GenerateResponse) error {
+	return h.OtpHandler.Generate(ctx, in, out)
+}
+
+func (h *otpHandler) Validate(ctx context.Context, in *ValidateRequest, out *ValidateResponse) error {
+	return h.OtpHandler.Validate(ctx, in, out)
+}
diff --git a/otp/proto/otp.proto b/otp/proto/otp.proto
new file mode 100644
index 0000000..72f44fe
--- /dev/null
+++ b/otp/proto/otp.proto
@@ -0,0 +1,34 @@
+syntax = "proto3";
+
+package otp;
+
+option go_package = "./proto;otp";
+
+service Otp {
+	rpc Generate(GenerateRequest) returns (GenerateResponse) {}
+	rpc Validate(ValidateRequest) returns (ValidateResponse) {}
+}
+
+// Generate an OTP (one time pass) code
+message GenerateRequest {
+	// unique id, email or user to generate an OTP for
+	string id = 1;
+}
+
+message GenerateResponse {
+	// 6 digit one time pass code
+	string code = 1;
+}
+
+// Validate the code
+message ValidateRequest {
+	// unique id, email or user for which the code was generated
+	string id = 1;
+	// 6 digit one time pass code to validate
+	string code = 2;
+}
+
+message ValidateResponse {
+	// returns true if successful
+	bool success = 1;
+}
diff --git a/pkg/cache/cache.go b/pkg/cache/cache.go
new file mode 100644
index 0000000..b5e6efe
--- /dev/null
+++ b/pkg/cache/cache.go
@@ -0,0 +1,40 @@
+// Cache provides a simple marshaling layer on top of the store
+package cache
+
+import (
+	"encoding/json"
+	"time"
+
+	"github.com/micro/micro/v3/service/store"
+)
+
+func Get(key string, val interface{}) error {
+	recs, err := store.Read(key, store.ReadLimit(1))
+	if err != nil {
+		return err
+	}
+	if len(recs) == 0 {
+		return store.ErrNotFound
+	}
+	if err := json.Unmarshal(recs[0].Value, val); err != nil {
+		return err
+	}
+	return nil
+}
+
+func Put(key string, val interface{}, expires time.Time) error {
+	b, err := json.Marshal(val)
+	if err != nil {
+		return err
+	}
+	expiry := expires.Sub(time.Now())
+	return store.Write(&store.Record{
+		Key:    key,
+		Value:  b,
+		Expiry: expiry,
+	})
+}
+
+func Delete(key string) error {
+	return store.Delete(key)
+}