search

Chavithra / degiro-connector

This is yet another library to access Degiro's API.
BSD 3-Clause "New" or "Revised" License
220 stars 48 forks source link

Account blocked due to too many login attempts #98

Closed fernandobrito closed 1 year ago

fernandobrito commented 2 years ago

Hi!

Has anyone ever had their account blocked due to "too many login attempts"? Did you do any changes in your workflow or code to prevent it from happening?

Sometimes during development, I end up running my scripts several times in a row (debugging mode, making small changes and running it again, etc). Every time I run the script, I'm effectively logging in with:

api_client = TradingAPI(credentials=credentials)
api_client.connect()

From time to time, I think I do it too often and then my account gets blocked. If I try to log in from the browser, I get a message saying "account blocked due to too many login attempts, please call support". After calling support, they ask a few security questions and then unblock my account.

To try to mitigate that, recently I started to use requests-cache just to cache the api_client.connect() step. By now my code should only be calling https://trader.degiro.nl/login/secure/login/totp once every 30 minutes (my cache TTL), and I tested that it is working as I intended, but I still got blocked again recently.

My main questions are:

For extra context: I have 2FA enabled and I'm using totp_secret_key on my Credentials().

Related ticket: https://github.com/Chavithra/degiro-connector/issues/89. But I decided to create a new thread because I've had this issue even before 1st of October, so although related, I would say it's not exactly the same concern.

fernandobrito commented 1 year ago

Ah, that was my mistake, sorry. My cache actually prevents me from having this issue. My problem was that I had my code deployed in a "stage" environment that I forgot and from there it was behaving unexpectedly (trying to log in using old credentials, which would bypass the cache and then exceed the DeGiro limits). Since I have fixed my "stage" environment, I haven't had my account blocked again.

By the way, in case it might be useful for someone else, that's how I enabled cache for authenticating on DeGiro (using the requests_cache library):

        api_client = TradingAPI(credentials=credentials)

        with requests_cache.enabled(
                hours=0.5, allowable_methods=["GET", "HEAD", "POST"], ignored_parameters=["oneTimePassword"]
        ):
            api_client.connect()