Guide to secure your SmartAPI Account with two factor authentication

babitakundu

@Ashok yes I saw the changes but then also I am getting the same error.

aj_Brk

@ivar i don't think you need to paas totp everytime. I tested get profile and other apis. It is working like before. Only login has changes.

aj_Brk

@admin i too had to build the new code manually. Can you get the code merged to main?

punit

@mudit236 AB's release management is a joke which we all know

punit

@aj_Brk Secret is time based one generated by local app or code using the secret key or QR code. It will be authenticated against the masterkey with AB servers. So it is possible

punit

@anil_patel You can generate using code locally . for example for Python, use pyotp package

punit

@ravitandur It is same API, so should be working. only extra totp need to be sent.

aj_Brk

@Ashok what i meant is you can't get this secret by just username and password as Anil is asking. One has to go to enable otp page to get this code one time.

punit

@aj_Brk correct

aj_Brk

@babitakundu i guess you have to manually download the repo and run python setup.py install. I dont see the code yet updated on pip

punit

@aj_Brk Admins are adding in pip. If you want to try meanwhile, edit directly in local or download from github.

Meenavenkit

@babitakundu just replace the generatesession def with new one. it worked for me. You have to manually edit in source file

milind017

@aj_Brk code generated from "pyotp" not working for me, getting below output with your code. Any suggestion. If I am using the code from DUO app I am able to login successfully
data = obj.generateSession(clientCode, password, totp.now())
print(data)

Shell output:
pyotp: 586380
{'status': False, 'message': 'Invalid totp', 'errorcode': 'AB1050', 'data': None}

punit

@milind017 this need to do like this.

totp = pyotp.TOTP(s='secret key in qr uri after qr generation'

And then the generate session.

milind017

@Ashok Yes did the same. Still getting the same
obj = SmartConnect(api_key=historyApiKey)

totp = pyotp.TOTP(s='secret key in qr uri after qr generation')
print("pyotp",totp.now())

attempts = 5
while attempts > 0:
attempts = attempts-1
data = obj.generateSession(clientCode, password, totp.now())
print(data)
if data['status']:
break
time.sleep(2)

SSumit

@gautamnaik1994 https://smartapi.angelbroking.com/topic/2383/automate-totp-login-using-python-module-pyotp

milind017

@SSumit
I have tried with shared link code, still getting the same

Shell Output:
with TOTP: 932310
With parse_uri: 932310
{'status': False, 'message': 'Invalid totp', 'errorcode': 'AB1050', 'data': None}

aj_Brk

@milind017 I see that you have put condition in if data['status'] , is it going in retry at all ?

aj_Brk

@milind017 try with this condition

if not data['message'].contains('Invalid totp'):
break

punit

@milind017 @aj_Brk why retry, it passed almost always on first time. Anyway. Not sure why parse_uri is needed.. also just pass totp as a string