diff --git a/requirements.txt b/requirements.txt
index 9bd0db03..7c80dccd 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,3 +3,5 @@ websocket_client
 ./dist/NorenRestApiPy-0.0.20-py2.py3-none-any.whl
 pandas
 pyyaml
+pyotp
+load_dotenv
diff --git a/test_api.py b/test_api.py
index 565d0e26..3467cf3c 100644
--- a/test_api.py
+++ b/test_api.py
@@ -1,5 +1,6 @@
 from api_helper import ShoonyaApiPy
 import logging
+from dotenv import load_dotenv
  
 #enable dbug to see request and responses
 logging.basicConfig(level=logging.DEBUG)
@@ -7,13 +8,21 @@
 #start of our program
 api = ShoonyaApiPy()
 
-#credentials
-user    = <uid>
-pwd     = <password>
-factor2 = <2nd factor>
-vc      = <vendor code>
-app_key = <secret key>
+#create .env file to securely access user credentials in program
+load_dotenv('/home/akash/Documents/Projects/.env')
+
+#totp from shoonya dashboard security totp section
+token = os.getenv('totp')
+otp = pyotp.TOTP(token).now()
+
+#os.getenv() will fetch values from .env file 
+#credentials 
+uid     = os.getenv('userid')
+pwd     = os.getenv('password')
+vc      = os.getenv('vendor_code')
+app_key = os.getenv('api_key')
 imei    = <imei>
+factor2 = otp
 
 #make the api call
 ret = api.login(userid=uid, password=pwd, twoFA=factor2, vendor_code=vc, api_secret=app_key, imei=imei)