diff --git a/src/openapi/onetimetokens/onetimetokens.yaml b/src/openapi/onetimetokens/onetimetokens.yaml
new file mode 100644
index 0000000..784023c
--- /dev/null
+++ b/src/openapi/onetimetokens/onetimetokens.yaml
@@ -0,0 +1,45 @@
+openapi: 3.0.1
+info:
+  title: Integratielaag APIs for one time tokens for a HTM customer
+  description: >-
+   Integratielaag APIs for one time tokens for a HTM customer. So that the a customer can be redirected between touchpoints, and the source of the request can be validated. NOTE : this is only to validate the redirect and the source of the redirect, touchpoint needs to make another call to take over the entra session.
+  version: "1.0"
+servers:
+  - url: https://api.integratielaag.nl/v1/touchpoint
+tags:
+  - name: OneTimeTokens
+    description: >-
+      Service Engine APIs for HTM Customers. These are NOT the CRUD APIs to access raw data in the database.
+      To be used by touchpoints to get information about HTM customers.
+paths:
+  /onetimetokens:
+    post:
+      tags:
+        - OneTimeTokens
+      summary: Create a one time token, to be included in the redirect
+      description: |
+        Create a one time token, to be included in the redirect
+      body:
+      {
+        "nonce": "randomNonce123"
+      }
+      responses:
+        "200":
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/oneTimeTokenResponse"
+components:
+  schemas:
+    unavailable:
+      type: object
+    oneTimeTokenResponse:
+      type: object
+      properties:
+        token:        
+          type: string
+          example: "handoff-xyz987"
+        expires_in:        
+          type: integer
+          example: 120
\ No newline at end of file