Guide to secure your SmartAPI Account with two factor authentication

saimathew123

does anybody using tradetron here...?

dstelangre

@admin what about C# SDK update ?

Vignesha

Looks like the automation code provided by @aj_Brk worked. Thanks for that and 1 thing I had to change the IF condition as data['status'] (to make my code simpler to read - just my choice)
if data['status']: #it should be TRUE if successfully connected
break

Full code:

obj = SmartConnect(apikey)
totp = pyotp.TOTP(s='key_below_the_qr')
attempts = 5
while attempts > 0:
data = obj.generateSession(username, pwd, totp.now())
attempts = attempts-1
print(totp.now()) #printed the opt just to cross check with google auth
if data['status']:
break
time.sleep(2)`
refreshToken = data['data']['refreshToken']

Overall it is good @aj_Brk thanks once again.

@admin thanks for the effort of making the API trading safer much appreciated and if you're working on anything new then I would suggest

1. trying to fix already existing bugs like recent auto API deletion and other issues
2. making documentation easier to read with all the latest updates
3. Issue with this website where clicking these icons while typing doesn't have any format effect and i have to type `` for code and ** ** for bold.(Not sure if I'm doing anything wrong)

vijayyande

please update C# api also its very important

dstelangre

@priya , I have automated this process in C#

ravindra.e

For Python, below code works like charm.

admin

@Ashok @msg2biswajit said in Guide to secure your SmartAPI Account with two factor authentication:

Please update the PHP API for TOTP and share the example for PHP Smart API Because, presently this not working with PHP Smart API

I am sorry but modifying PHP library is not on our list. Our SDKs are all open source, and we encourage pull requests and other contributions from the community.

smrtsaravanan

@ravindra-e TypeError: 'NoneType' object is not subscriptable error came

smrtsaravanan

@admin Hi admin, when I try to validate totp i got below error.
refreshToken= data['data']['refreshToken']
TypeError: 'NoneType' object is not subscriptable

ivar

@admin TOTP required only once. Thanks for keeping it simple.

ivar

@aj_Brk thanks

msg2biswajit

@msg2biswajit :

Dear All,

I able to solve PHP API TOTP Login issue and it's working fine for me. Please find the solution as follows for PHP API :

1. Download "GoogleAuthenticator.php" file from https://github.com/PHPGangsta/GoogleAuthenticator

2. Include the file in your login generation PHP file to create the TOTP automatically as follows 

	require_once("GoogleAuthenticator.php");

3. Now generate the TOTP Automatically as follows :

	$authenticator = new PHPGangsta_GoogleAuthenticator();
	$secret = "YOUR SECRET CODE, WHICH SHOWS DURING ENABLE TOTP UNDER GOOGLE BAR CODE";
	$totp = $authenticator->getCode($secret);

4. Update the PHP API function in "SmartApi.php" file as follows :

	public static function GenerateSession($clientcode, $password, $totp)

5. Update the API Parameter in "SmartApi.php" file as follows :

	$api_parameter = ['clientcode'=>$clientcode,'password'=>$password,'totp'=>$totp];

Enjoy PHP API and login. Thanks.

Sukhwant280

@ravindra-e Thanks for the code.. Its working for me but it fails when I pass this token to next steps i.e.
smartApi.getProfile(refreshToken)
smartApi.generateToken(refreshToken)
Error is: Invalid json response.

My understanding is that he refresh token is valid until 5 AM next day, hence I can use the same refresh Token whenever I want to make API calls.

Please correct me if my understanding is wrong here. Thanks in advance

@admin , @Ashok - Please help.

smrtsaravanan

@smrtsaravanan it is working fine now. Ignore it.

I have made a couple of changes. 1st I have declared it like below

obj=SmartConnect(api_key=apikey)
totp = pyotp.TOTP(s='yourkey')
print("pyotp",totp.now())
attempts = 5
while attempts > 0:
attempts = attempts-1
data = obj.generateSession(username, pwd, totp.now())
print(data)
if data['status']:
break
tt.sleep(2)

and entered my new API key.

Hope it helps!

webseos

@aj_Brk I have used similar code as given below , but got the following exception
Exception : Object of type TOTP is not JSON serializable

but then I solved the problem

But then I added last two lines and problem solved the last two lines given at the end of the following code- qrOtp is the code generated here : https://smartapi.angelbroking.com/enable-totp below the QR Code. So you have to generate your own qrOtp code here in this site. Then Install pyotp using command line "pip install pyotp"

My Code Below ( Last line totp = totp.now() is very important)

from smartapi import SmartConnect #or from smartapi.smartConnect import SmartConnect
import config
import pyotp

client_code = "aaaaaa"
client_pass = "bbbbbb"

apiKey="yyyyyyy"
qrOtp = "xxxxxxxx"
totp = pyotp.TOTP(qrOtp)
totp = totp.now()

smartapiObj =SmartConnect(apiKey)

data = smartapiObj.generateSession(client_code,client_pass,totp)
print(data)

A Former User

@admin What about golang library it is updated for totp changes.

admin

Hi @patisupa , we have modified the goLang. Please refer here - https://github.com/angel-one/smartapigo

A Former User

@admin thanks for update

ravindra.e

@smrtsaravanan Can you please paste your code here?

ravindra.e

@Sukhwant280 said in Guide to secure your SmartAPI Account with two factor authentication:

smartApi.generateToken(refreshToken)

Why would you need smartApi.generateToken(refreshToken)?