topic Re: /auth endpoint always returns stat OK regardless of passcode value? in APIs https://community.cisco.com/t5/apis/auth-endpoint-always-returns-stat-ok-regardless-of-passcode/m-p/4883852#M548 <DIV class="duo-migrated-content"><P><CODE>OK</CODE> means the auth request was successfully sent. Look at the <CODE>result</CODE> value and you shouls see it is <CODE>deny</CODE>. Please review the “Response Formats” table at <A href="https://duo.com/docs/authapi#/auth" class="inline-onebox" rel="nofollow noopener">Auth API | Duo Security</A>.</P> <P>If your post to /auth used <CODE>async</CODE> then you need to poll <CODE>auth_status</CODE> using the <CODE>txid</CODE> returned by /auth to see that <CODE>deny</CODE> result.</P></DIV> Thu, 12 Sep 2019 13:34:59 GMT DuoKristina 2019-09-12T13:34:59Z /auth endpoint always returns stat OK regardless of passcode value? https://community.cisco.com/t5/apis/auth-endpoint-always-returns-stat-ok-regardless-of-passcode/m-p/4883851#M547 <DIV class="duo-migrated-content"><P>I am using /auth/v2/auth endpoint for my API to do 2FA.</P> <P>I am doing a HTTP POST<BR /> <A href="http://api-somenumber.duosecurity.com/auth/v2/auth" class="onebox" target="_blank" rel="nofollow noopener">■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■/auth/v2/auth</A><BR /> factor=passcode&amp;passcode=123456&amp;username=someuser</P> <P>I get stat=Ok in the response regardless the value of passcode.<BR /> But from my Duo2FA mobile, the passcode for this user is clearly no 123456</P> <P>But when I look at the administation log form Duo admin webpage it says:<BR /> Denied<BR /> Invalid passcode</P> <P>Is the usage correct or there is something wrong on the Duo side?</P></DIV> Wed, 11 Sep 2019 16:49:45 GMT https://community.cisco.com/t5/apis/auth-endpoint-always-returns-stat-ok-regardless-of-passcode/m-p/4883851#M547 sc_admin_admin 2019-09-11T16:49:45Z Re: /auth endpoint always returns stat OK regardless of passcode value? https://community.cisco.com/t5/apis/auth-endpoint-always-returns-stat-ok-regardless-of-passcode/m-p/4883852#M548 <DIV class="duo-migrated-content"><P><CODE>OK</CODE> means the auth request was successfully sent. Look at the <CODE>result</CODE> value and you shouls see it is <CODE>deny</CODE>. Please review the “Response Formats” table at <A href="https://duo.com/docs/authapi#/auth" class="inline-onebox" rel="nofollow noopener">Auth API | Duo Security</A>.</P> <P>If your post to /auth used <CODE>async</CODE> then you need to poll <CODE>auth_status</CODE> using the <CODE>txid</CODE> returned by /auth to see that <CODE>deny</CODE> result.</P></DIV> Thu, 12 Sep 2019 13:34:59 GMT https://community.cisco.com/t5/apis/auth-endpoint-always-returns-stat-ok-regardless-of-passcode/m-p/4883852#M548 DuoKristina 2019-09-12T13:34:59Z