Unable to get an bearer token in a CURL call that used to work

ivan · 25 April 2026 01:48

Hello!

I have been using this code for a while to get a bearer token to then delete a file by file ID.

curl --request POST --header “Content-Type: application/json” --data “{“username":"xxxx@forscotland.com”,“password”:“xxxx”}” “https://forscotland.com:6443/api/2.0/authentication.json”

And the token response used to be in the body.

Now I just see

{“count”:1,“status”:0,“statusCode”:201,“response”:{“token”:null,“tfa”:true}}

It seems I authorize OK, but no token comes back.

The Document server has global MFA enabled including for the xxxx@forscotland.com user in the POST.

I recall 3 years back seeing something similar.

Do I need to alter the POST to get the token when the account I want the bearer token for is MFA protected?

onlyoffice-communityserver 12.7.1.1942

onlyoffice-controlpanel 3.5.4.541

onlyoffice-documentserver 9.3.1-10

Ubuntu 24.04 LTS

Many thanks for any pointers

Constantine · 27 April 2026 14:12

Hello @ivan

I believe you are using Workspace, thus I’ve changed the category of this topic. Feel free to correct me.

Try specifying it as userName with a capital N.

ivan · 14 June 2026 03:34

Hi Constantine… grabbed soem time to look at this again… still no joy with son=$(curl -k --request POST --header “Content-Type: application/json” --data “{“userName":"onlyoffice@forscotland.com”,“password"xxxxxx”}” “https://forscotland.com:6443/api/2.0/authentication.json”) …………… I get this still % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 143 100 76 100 67 100 88 --:–:-- --:–:-- --:–:-- 188

json={“count”:1,“status”:0,“statusCode”:201,“response”:{“token”:null,“tfa”:true}}

ivan · 14 June 2026 03:50

I’m using TFA on the onlyoffice account…. how can I setup PAT for the onlyoffice account (fixed code) I can use? Not perfect security wise I know…

This is workspace as opposed to Docspace

Thanks

ivan · 16 June 2026 20:31

BUMP.. hi, how do I set a PAT token for an account when I have BLANKET TFA for all accounts on the workspace server? P.S> ALL SW is current release

ivan · 18 June 2026 19:07

I just added my INTERNAL network to TRUSTED networks under TFA advanced settings, that way TFA wasnt needed and I got my tokens… thanks. Please close.

system · 19 June 2026 07:08

This topic was automatically closed 12 hours after the last reply. New replies are no longer allowed.