I’m working on some software that contacts the checkvist API. The doc for the login call (/auth/login.json?version=2) seems to imply (the wording isn’t 100% clear) that a 2fa token is needed if the user has it enabled:
If user has 2-step verification enabled, API calls for obtaining the token should use Remote API key. Otherwise they should also contain 2-factor authentication code from the authentication app as the parameter token2fa. Open API | Checkvist
However I’m finding with my account (which does have 2FA enabled) I can get a token using just the username and remote_key. Have I missed something?
And a more general question while I’m on this topic - I haven’t seen much mention of the API on this Discourse. Is this the right place to ask questions about it? If so perhaps you could add a relevant category or tag - it’s probably not of much interest to most checkvist users.
I too built an integration to the Checkvist API recently. And though I have enabled 2FA in my account I think that you don’t need it for API auth. And it wouldn’t make much sense either I guess, since inputting a 2FA code is a real “human” activity and an API integration on the other hand should run autonomously in most times.
But yes the API docs isn’t clear here.
And a more general question while I’m on this topic - I haven’t seen much mention of the API on this Discourse. Is this the right place to ask questions about it? If so perhaps you could add a relevant category or tag - it’s probably not of much interest to most checkvist users.
+1
API stuff is probably a niche topic but a specific forum category could collect API posts together and maybe attract other users.
I’d be interested to hear anything you’re able to share about what you’ve integrated Checkvist with.
FWIW, mine is a commandline capture app for quickly pinging tasks off to a default list. It’s a bit of a toy project - in part it scratches an itch (thinking of something I quickly want to note in checkvist without heading over to a browser). In part it’s a learning project (new language). And I have thoughts down the line of doing something more ambitious with the API library I’m working on at some stage (ie. a Trello-ish view of a Checkvist list).
When I have the commandline app in a state manageable for regular users, I’ll post a github link here for others to use/try.
By the current design, if you pass OpenAPI key (not password), the 2FA code is not required.
If you want to use a real user password, you need to provide 2FA code as an extra parameter (Checkvist mobile app uses this approach).
OpenAPI key is not a very secure thing, it is a secret key which should be used very carefully.
A very good point. Before introducing this forum, we had started an Google Groups discussion for API talks - and we should definitely add an API category into this forum instead. Will consider this!