Access API after 2SA or 2FA has been activted

Question

Since a user activated the two factor authentication (which according to SM8 will be mandatory if linked with Xero), we cannot use the API to get data. Having raised the question with support I was advised to "ask on SO" as they have no idea on what is happening. Does anyone here have any working example of authentication via API after 2FA? We are running a background service that needs to connect and there is no user interface (not to mention the service runs through the night also).

Existing code to authenticate via API using username/password is working on all accounts where 2FA has not been set up.

There is no code example required, it’s a question of process. Existing account without multi factor authentication works.

Here is an extract from the ServiceM8 API Help site.

Authentication

Private Applications (HTTP Basic Auth)

Private applications are designed for use cases where you are connecting to your own ServiceM8 account, or to one specific customer’s account, and do not intend to promote/list your add-on on the ServiceM8 Add-ons Directory or promote it to a wider audience.

Getting Started with a Private Application

Private applications can connect directly to the ServiceM8 API using your ServiceM8 account username (email) and password.

The code I am using (successfully on some accounts, but fails on the ones with 2FA)

 public List<ServiceM8Customer> GetCustomers()
    {
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
        var client = new HttpClient();
        var request = new HttpRequestMessage(HttpMethod.Get, "https://api.servicem8.com/api_1.0/company.json");
        request.Headers.Add("Authorization",
            "Basic " + System.Convert.ToBase64String(System.Text.Encoding.GetEncoding("ISO-8859-1")
                .GetBytes(Username + ":" + Password)));
        var response = client.SendAsync(request).Result;
        response.EnsureSuccessStatusCode();
        return ServiceM8Customer.FromJsonList(response.Content.ReadAsStringAsync().Result);
    }

Answer 1

Paul I have had to do this myself after agreeing to the 2 factor thing a couple weeks ago, then nothing worked as far as accessing the Rest API. I now have it working successfully.

1. • First, yes you will have to use a Public App as Private App will not work with the OAuth2. It is rather easy though. You will need to go to this address https://www.servicem8.com/au/developer-registration and create a developer account. This will add a tab to your ServiceM8 dashboard called Developer.
2. • Now you just open the developer tab and create an add-on app. Don't worry you don't have to actually create an addon, but just a Name and Description. The following link explains.. https://developer.servicem8.com/docs/your-first-add-on After you save this addon you will be issued a ClientID and a ClientSecret. These are what you need to save somewhere safe. The next three steps require some coding but simply...
3. • Now you use httpRequest to Post to get authority code to this url.. "https://go.servicem8.com/oauth/authorize"
4. • Now you use that Authority code to get an Access Token and a Refresh Token from this url.. "https://go.servicem8.com/oauth/access_token"
5. • Now you use that Access Token in Header or requests, but it is like "Authorisation" "Bearer token-here" instead of before you would have used "Authorisation" "Basic + user & pword"

I have a working example of all this but it is written in VBA in an Excel Workbook. I am sure that at least it will give you the general idea for your c# coding. In the module you can check exactly how the strings are built for Auth Headers etc. At a couple button clicks I can get my Auth2 all done.(That is the part you will be interested in) Then a couple more selections from list-boxes and clicks and I can now easily edit any Rest API Json record.
I have another working Excel workbook that does a single bulk invoice at end of week for a client that insists on this.
I could share it with you if you like