Does API handle two-step authentication?

  • 2
  • Question
  • Updated 1 week ago
I currently utilize the API for downloading a scheduled file from a folder. Since it will be mandatory to switch to two-step authentication on 1/21/2020, I turned this feature on a head of the date and now API doesn't work. Will the API support two-step authentication?
Photo of Atticus Admin

Atticus Admin

  • 4 Posts
  • 0 Reply Likes

Posted 1 month ago

  • 2
Photo of Dale Smith

Dale Smith, Software Engineer

  • 195 Posts
  • 31 Reply Likes
Hi,

I assume by the api not working, you mean the call to get an oauth token is failing? If you are using the token grant type, with Two Factor Auth, you must log into the web app and generate an application specific password in the Personal Two Step Verification Settings for the user you are authorizing as. Then use that application specific password instead of the normal password for that user.

Hope this helps,
Dale
Photo of Atticus Admin

Atticus Admin

  • 4 Posts
  • 0 Reply Likes
Dale, thank you so much for your help. I generated the application specific password this morning and everything worked GREAT! Very much appreciated. :)
Have a GREAT Day!
Photo of Daniel D

Daniel D

  • 5 Posts
  • 0 Reply Likes
Would be great if this was documented in the api docs, if it is.. I missed it.
Photo of Atticus Admin

Atticus Admin

  • 4 Posts
  • 0 Reply Likes
That is correct. I will try your remedy and let you know if it works out. Thanks.
Have a GREAT Day!
Photo of Atticus Admin

Atticus Admin

  • 4 Posts
  • 0 Reply Likes
Dale, thank you so much for your help. I generated the application specific password this morning and everything worked GREAT! Very much appreciated. :)
Have a GREAT Day!
Photo of Prabakaran V

Prabakaran V

  • 3 Posts
  • 0 Reply Likes
I am getting  "Error 122 : Username or Password was incorrect."  error in rest API with application specific password.  Any help? 

I used username as "subdomain\email".  this was mentioned here https://support.citrix.com/article/CTX208336


Photo of Dale Smith

Dale Smith, Software Engineer

  • 195 Posts
  • 31 Reply Likes
Using subdomain\email is only for FTP access. You would still just use your normal username or email address for any application using the password grant type.

Dale
Photo of danziggy

danziggy

  • 2 Posts
  • 1 Reply Like
Dale Smith's response only addresses the "token" grant_type. How would we handle 2 factor auth if we're using the "password" grant_type? The API documentation doesn't mention 2 factor authentication at all.

We have been getting this error trying to authenticate ever since 2 factor auth was turned on:

{"code":"Unauthorized","message":{"lang":"en-US","value":"[AUTH] Invalid Authentication"},"reason":"NotAuthenticated"}
Photo of Dale Smith

Dale Smith, Software Engineer

  • 195 Posts
  • 31 Reply Likes
Sorry, I mispoke, password grant on the token endpoint is what I meant. For this grant, if 2FA is enabled, you must use a generated app specific code.

Dale