diff --git a/src/routes/v1/account.ts b/src/routes/v1/account.ts
index 6b10b08..79d674f 100644
--- a/src/routes/v1/account.ts
+++ b/src/routes/v1/account.ts
@@ -1,13 +1,15 @@
 import { Request, Response, Router } from "express";
-import { validateSchema } from "@utils/error";
-import { registerValidation, verificationValidation } from "./validations/account";
-import { createAccount, verifyAccount } from "@controller/account";
+import { sendError, validateSchema } from "@utils/error";
+import { registerValidation, totpSetup, verificationValidation } from "./validations/account";
+import { createAccount, updateTOTP, verifyAccount } from "@controller/account";
+import { authenticate } from "@middlewares/auth";
+import speakeasy from "speakeasy";
 
 const app: Router = Router();
 
 app.post("/register", async (req: Request, res: Response) => {
     if (validateSchema(res, registerValidation, req.body)) return;
-    
+
     const account = await createAccount(req.body);
     if (account) return res.json(account);
 
@@ -23,4 +25,34 @@ app.post("/verify", async (req: Request, res: Response) => {
     res.json({ message: "Your account has been successfully verified." });
 });
 
+app.get("/totp/secret", authenticate, async (req: Request, res: Response) => {
+    res.json({
+        secret: req.user?.totpSecret,
+        url: `otpauth://totp/LicenseAPI%20%28${req.user?.username}%29?secret=${req.user?.totpSecret}`,
+    });
+});
+
+app.post("/totp/enable", authenticate, async (req: Request, res: Response) => {
+    if (validateSchema(res, totpSetup, req.body)) return;
+
+    const tokenCorrect = speakeasy.totp.verify({
+        secret: req.user?.totpSecret || "", encoding: "base32",
+        token: req.body.code,
+    });
+
+    if (!tokenCorrect) return sendError(res, 400, 1092, "Your provided code is invalid or has expired.");
+
+    const enabledError = await updateTOTP(req.user?._id, true);
+    if (enabledError) return res.json(enabledError);
+
+    res.json({ message: "TOTP has been successfully enabled on your account." });
+});
+
+app.post("/totp/disable", authenticate, async (req: Request, res: Response) => {
+    const enabledError = await updateTOTP(req.user?._id, false);
+    if (enabledError) return res.json(enabledError);
+
+    res.json({ message: "TOTP has been successfully disabled on your account." });
+});
+
 export default app;
\ No newline at end of file