From 361c5a3dd89ab3a63b44987bf48e0cbd7e666a88 Mon Sep 17 00:00:00 2001
From: Maxim Devaev <mdevaev@gmail.com>
Date: Mon, 23 Jan 2023 17:28:21 +0200
Subject: [PATCH] using 2fa with api

---
 docs/api.md | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/docs/api.md b/docs/api.md
index ac2186aa..d2e41b11 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -9,8 +9,28 @@ This document describes the PiKVM API. Since the system consists of microservice
 All APIs are restricted to authentication. To make requests, you either need to auth each request individually,
 or get a token and pass it as a cookie with each request.
 
-!!! note
-    With enabled [2FA](auth.md#two-factor-authentication), you will need to add the one-time code to the password without spaces. That is, if the password is `foobar` and the code is `123456`, then you need to use `foobar123456` as the password.
+With enabled [2FA](auth.md#two-factor-authentication), you will need to add the one-time code to the password without spaces.
+That is, if the password is `foobar` and the code is `123456`, then you need to use `foobar123456` as the password.
+
+The code can be generated using any TOTP library, for example in Python:
+
+```python
+import requests
+import pyotp
+
+user = "admin"
+passwd = "admin"
+secret = "3OBBOGSJRYRBZH35PGXURM4CMWTH3WSU"  # Can be found in /etc/kvmd/totp.secret
+
+print(requests.get(
+    url="https://pikvm/api/info",
+    verify=False,  # For self-signed SSL certificate
+    headers={
+        "X-KVMD-User": user,
+        "X-KVMD-Passwd": passwd + pyotp.TOTP(secret).now(),
+    },
+).text)
+```
 
 
 ### Single request auth