Guide to secure your SmartAPI Account with two factor authentication

vijayyande

please update C# api also its very important

dstelangre

@priya , I have automated this process in C#

ravindra.e

For Python, below code works like charm.

admin

@Ashok @msg2biswajit said in Guide to secure your SmartAPI Account with two factor authentication:

Please update the PHP API for TOTP and share the example for PHP Smart API Because, presently this not working with PHP Smart API

I am sorry but modifying PHP library is not on our list. Our SDKs are all open source, and we encourage pull requests and other contributions from the community.

smrtsaravanan

@ravindra-e TypeError: 'NoneType' object is not subscriptable error came

smrtsaravanan

@admin Hi admin, when I try to validate totp i got below error.
refreshToken= data['data']['refreshToken']
TypeError: 'NoneType' object is not subscriptable

ivar

@admin TOTP required only once. Thanks for keeping it simple.

ivar

@aj_Brk thanks

msg2biswajit

@msg2biswajit :

Dear All,

I able to solve PHP API TOTP Login issue and it's working fine for me. Please find the solution as follows for PHP API :

1. Download "GoogleAuthenticator.php" file from https://github.com/PHPGangsta/GoogleAuthenticator

2. Include the file in your login generation PHP file to create the TOTP automatically as follows 

	require_once("GoogleAuthenticator.php");

3. Now generate the TOTP Automatically as follows :

	$authenticator = new PHPGangsta_GoogleAuthenticator();
	$secret = "YOUR SECRET CODE, WHICH SHOWS DURING ENABLE TOTP UNDER GOOGLE BAR CODE";
	$totp = $authenticator->getCode($secret);

4. Update the PHP API function in "SmartApi.php" file as follows :

	public static function GenerateSession($clientcode, $password, $totp)

5. Update the API Parameter in "SmartApi.php" file as follows :

	$api_parameter = ['clientcode'=>$clientcode,'password'=>$password,'totp'=>$totp];

Enjoy PHP API and login. Thanks.

Sukhwant280

@ravindra-e Thanks for the code.. Its working for me but it fails when I pass this token to next steps i.e.
smartApi.getProfile(refreshToken)
smartApi.generateToken(refreshToken)
Error is: Invalid json response.

My understanding is that he refresh token is valid until 5 AM next day, hence I can use the same refresh Token whenever I want to make API calls.

Please correct me if my understanding is wrong here. Thanks in advance

@admin , @Ashok - Please help.

smrtsaravanan

@smrtsaravanan it is working fine now. Ignore it.

I have made a couple of changes. 1st I have declared it like below

obj=SmartConnect(api_key=apikey)
totp = pyotp.TOTP(s='yourkey')
print("pyotp",totp.now())
attempts = 5
while attempts > 0:
attempts = attempts-1
data = obj.generateSession(username, pwd, totp.now())
print(data)
if data['status']:
break
tt.sleep(2)

and entered my new API key.

Hope it helps!

webseos

@aj_Brk I have used similar code as given below , but got the following exception
Exception : Object of type TOTP is not JSON serializable

but then I solved the problem

But then I added last two lines and problem solved the last two lines given at the end of the following code- qrOtp is the code generated here : https://smartapi.angelbroking.com/enable-totp below the QR Code. So you have to generate your own qrOtp code here in this site. Then Install pyotp using command line "pip install pyotp"

My Code Below ( Last line totp = totp.now() is very important)

from smartapi import SmartConnect #or from smartapi.smartConnect import SmartConnect
import config
import pyotp

client_code = "aaaaaa"
client_pass = "bbbbbb"

apiKey="yyyyyyy"
qrOtp = "xxxxxxxx"
totp = pyotp.TOTP(qrOtp)
totp = totp.now()

smartapiObj =SmartConnect(apiKey)

data = smartapiObj.generateSession(client_code,client_pass,totp)
print(data)

A Former User

@admin What about golang library it is updated for totp changes.

admin

Hi @patisupa , we have modified the goLang. Please refer here - https://github.com/angel-one/smartapigo

A Former User

@admin thanks for update

ravindra.e

@smrtsaravanan Can you please paste your code here?

ravindra.e

@Sukhwant280 said in Guide to secure your SmartAPI Account with two factor authentication:

smartApi.generateToken(refreshToken)

Why would you need smartApi.generateToken(refreshToken)?

patanjali196

@admin I am unable to login to smartapi.angelbroking.com/enable-totp URL , But I am able to login to https://smartapi.angelbroking.com/apps with my credentials. But to ToTP i am not able to login, Its saying invalid userid or password. Please help me to resolve this issue.
Thanks.

ganesh

@aj_Brk not working for me

ganesh

@gokul i am also getting same error