Guide to secure your SmartAPI Account with two factor authentication
-
@admin said in Guide to secure your SmartAPI Account with two factor authentication:
https://apiconnect.angelbroking.com/rest/auth/angelbroking/user/v1/loginByPassword
Is this API is working?
When I am trying to use POST method with the above URL and sending the data, getting 415 error. -
@aj_Brk How can I automate this through node js. How can i generate the secret required to generate totp
-
@aj_Brk obj.generateSession() is throwing an error.
TypeError: generateSession() takes 3 positional arguments but 4 were given.
Are you getting the same?
-
@labeebta How to do it in python automatically? can you please brief , sorry im new to python
-
@aj_Brk after generating this at code scan it with Google authenticator app. Then in authenticator app there will be OTP changing every minutes. While login put this current OTP . And it's done.
-
@babitakundu are you providing 4 fields. It only needs 3. I didnt face this exception.
-
@imakr shared the code in the forum. Uses pyotp library
-
@anil_patel i don't think that is possible as the secret is generated by angel servers, logic of which is not shared. We can't do this without secret shared by them.
-
@aj_Brk i passed obj.generateSession(usrname,pwd,totp)
-
I am using the .NET SDK and Now I am getting the Invalid Token error!!
What we can do as I am using the .NET SDK?
-
@babitakundu @admin facing the same error, has the smartapi-python library been updated for totp changes?
-
@mudit236 Yes, the files are updated in github, need to checkout the changes are make them manually.
-
@Ashok Okay thanks, not sure why these changes wouldnt be committed to main from angel one's side as it is a pretty major procedural change
-
@Ashok yes I saw the changes but then also I am getting the same error.
-
@ivar i don't think you need to paas totp everytime. I tested get profile and other apis. It is working like before. Only login has changes.
-
@admin i too had to build the new code manually. Can you get the code merged to main?
-
@mudit236 AB's release management is a joke which we all know
-
@aj_Brk Secret is time based one generated by local app or code using the secret key or QR code. It will be authenticated against the masterkey with AB servers. So it is possible
-
@anil_patel You can generate using code locally . for example for Python, use pyotp package
-
@ravitandur It is same API, so should be working. only extra totp need to be sent.