When 2FA is enabled and mandatory for an Xplan site and basic authentication is needed to authenticate to Xplan's API
we will need to pass the One Time Password (OTP) along with the username and password in the
Authorization header. The password and the OTP are separated by \n\r\t\u0007. So the Authorization header
value will be Basic Base64EncodedString where the Base64EncodedString is the Base64 encoded string of the username, password and OTP in the
format USER:PASSWORD\n\r\t\u0007OTP.
USER = dummy-user
PASSWORD = dummy-pwd
OTP Secret = MR2W23LZFVXXI4C7ONSWG4TFOQ
OTP = 109885
String for Base64 encoding = dummy-user:dummy-pwd\n\r\t\u0007109885
Base64 Encoded String = ZHVtbXktdXNlcjpkdW1teS1wd2QKDQkHMTA5ODg1
Authorization Header = Basic ZHVtbXktdXNlcjpkdW1teS1wd2QKDQkHMTA5ODg1
Note: Once a session has been established please use the Cookies returned
(which will have the XPLANID session cookie) instead of the Authorization header.
For login using 2FA please see the class iress.xplan.api.ResourcefulAPIBasicAuth in iress/xplan/api.py.
Please use the community document
Two-factor Authentication
to set up 2FA and please select Software Token. Use the Secret Key provided for the OTP Secret.
Important Note: Please keep the Secret Key secure as this is the shared secret used to generate an OTP, if this
is compromised please generate a new one. This should only be used for backend applications that have their own
service account. Front-end apps should use oauth.