Login API with user has 2FA activate

I’m trying to configure my accounting app, and I need to access my Ninja v5 installation.

Following the documentation I have been able to access it without problem, except that if the user used has 2FA, I get a 401

     "message": "Invalid one time password"

If I deactivate 2fa, I access perfectly.

I only see in the doc a strange endpoint whose value I cannot see since if I am not logged in or have an access token, I don’t know how to use it.

I’m working with Postman for test API endpoints over hosted version v5.6.4-C121


If 2FA is enabled the /login route requires a one time password.

Is there a reason you’re using that route?

1 Like


I use this route for get token for use in my apap.

My app connects with one InoviceNinja installation, and get clients, invoices, and process in my app, for synchro with my cloud accounting program, sage.

For this, I need a token X-API-TOKEN and this is on this route after login.

Is correct?

Why not create an API token from within the app?

Note: if you’re connecting to a separate app please review the license.

1 Like


A lot of thanks

I see my mistake. X-API-TOKEN is same that I use in login.
The other endpoints of API only need this token.

Over license, is a personal app created in Laravel to connect another provider, API (OVH), API of WHMCS (for hosting business), and other businesses (mine) with an InvoiceNinja as invoice system, and get data y process for upload and synchro to my owned account is Sage Cloud.

I think no problem with a license for this uses.

Appreciate for you help

Sounds good, let us know if you have any other questions.