06-16-2011 02:16 PM
We are having a problem where our user Account Login gets locked for "security reasons" and this shuts down our API access.
How can we decouple the Account Login from the API access?
We are using Basic Authentication in a few places on our site. Could this be the problem? Would updating to OAuth help solve this issue?
06-17-2011 08:12 AM
An account will get locked out for security reasons if there has been a number of repeated password failures to the account. Our system considers any password failure, whether it be from the UI, or the API, when it is locking out the account. Due to security reasons, we do not have the ability to remove the API from this security feature.
However, in order to minimize the chance of this happening, check all of your integrations that are using basic authentication that hard code the username and password, and verify that the username and password is correct.
OAuth also can lock out the account, but it is less likely to happen, and may be the path you would like to go down. When you initially create the access token, you must enter your username and password on our server. If you type the password in wrong multiple times, it will lock the account. However, once the token is made, even if you change the password it will not lock the account out, because the token is still valid.
If you have any questions please let me know.