Citrix Sharefile Generate Api Key

I am trying to connect to the Sharefile API with Powershell, I am using the instructions found at https://jstrong013.github.io/Invoke-RestMethod-with-ShareFile-API/ to do this.

BaseFileId is a used to check conflict in file during File Upload. BaseFileId is passed by client and contains value of their local copy itemId. API will check if the fileId passed is still current.

Citrix currently provides the API, Developer Services and Program free of charge. Notwithstanding, Citrix reserves the right to change its pricing policies for the API, Developer Services and/or Program at any time in its sole discretion and will provide you reasonable notice of any such changes. LICENSES AND RESTRICTIONS. The user/password are used once by the connector to create the needed API key and then completely removed. Create ShareFile API key Client Id and Client Secret for the connector to use Login to using your ShareFile admin credentials. Navigate to 'Get an API Key'. When using the Private Token method of authentication, the Private API token needs to be encoded using BASE64 encoding. This can be done with your own scripts, or with the use of a free BASE64 encoding tool. Once you have an Encoded Key, you will need to include the encoded Private API token in your header of any API you are making. Called Citrix support for API Key generation for Sharefile API. Our Super Admin cannot generate the key and getting the error -You do not have enough per. This means that the client application waits for a response from the NITRO web service before executing another NITRO API. The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix ShareFile API Provider Setup. To authenticate a Citrix ShareFile connector instance you must register an app with Citrix ShareFile. When you authenticate, use the Client Id, Client Secret, and Redirect URI as the Sharefile API Key, Sharefile API Secret, and Callback URL.

Citrix Sharefile Generate Api Key Login

My problem is that when I enter the username and password for my account I keep getting told that it is incorrect. Could this be because my account is authenticated via SSO from Azure AD? Is there any way to use the API if that is the case or will I need to set up a local sharefile account just for this?

Here is the exact error message:

Invoke-RestMethod : {'error':'invalid_grant','error_description':'invalid username or password'}
At C:UsersxxxxxxFor Work LaptopGet API Key for Citrix.ps1:18 char:13
+ $response = Invoke-RestMethod $tokenroute -Method POST -Body $creds - ..
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

Applicable Products

  • ShareFile

Objective

Article Contents (click a link to skip to that section)

About Two-Step Verification

Two-Step Verification uses your phone to provide an extra layer of security for your username. After you log in, you are asked to enter a verification code that is sent to your phone via text message (SMS) or voice call, and supported Authenticator apps like Google and Microsoft as an option instead of your usual password.
This feature is available to both Client and Employee Users. Two-Step Verification is supported on iOS and Android mobile devices.
Note: Some apps require an app-specific password that must be generated each time you want to sign into the app
Note 2: This feature is not available for trial accounts.

Enforcing Two-Step Verification

By enabling this feature, you make the Two-Step Verification option available to all users on the account. ShareFile Admins have the option to set policies requiring specific groups of users to enroll in Two-Step Verification.

Important!
All ShareFile accounts will default to requiring two-step verification for employee users. Administrators will not be able to disable this setting until after the account's Master Administrator completes a legally binding opt-out waiver.

You may find the opt-out waiver located in the Admin Settings > Security > Login & Security Policy > Two-Step Verification section.

Once you click on the Fill out the waiver link, you are guided through the following screens:

After you have completed the opt-out waiver, you may uncheck the Require for employee users checkbox and click Save.

Instructions

FAQ

  1. What backup capabilities are available for users in case they don’t have the phone registered for Two-Step Verification?

Users have the following choices for backup:

  • Using Authenticator App – users can configure supported Authenticator app like Microsoft or Google by following the instructions under Personal Settings-> Personal Security -> Two Step Verification.
  • All standard Authenticator apps that use the HOTP algorithm and accept a QR code are supported.
  • Using Backup Codes as shown prior
  • Enter a Backup Phone (Voice for example if you use SMS / Text previously)
  1. What is the expiration time frame for the text / SMS or voice based passcode?
The text / SMS or voice based passcode will expire in 2 minutes
  1. Can I disable Text / SMS / Voice option for Two-Step Verification if I have setup an Authenticator app?
At this time, the authenticator app support serves as a backup where the phone is the primary option. We are validating the right set of capabilities to enable authenticator app as the primary option with phone as a backup.

Enabling Two-Step Verification

Two-Step Verification settings are managed at Personal Settings > Personal Security > Two Step Verification.


You are prompted to enter your country as well as the phone number you would like ShareFile to send an SMS or voice message to. You do not need to enter your country code,. You can choose to receive either a text (SMS) message or a voice call to your provided phone number.
Pressing Send will send a code via the selected method to the provided number. Generate round key from other round key. Enter the code on the next screen in order to complete the setup of two-step verification. You are given the option to trust the computer you are currently using. Use this if you do not want to be prompted for another verification code when using this computer and browser in the future. The option to trust the computer can be disabled by the ShareFile Administrator for Client Users.



Can I force my users to use Two-Step Verification?

ShareFile Administrators can set policies as follows to require user enrollment for Two-Step Verification:

Require Two-Step Verification will require that the user group (Client Users as shown in the example above) enroll and opt in for Two-Step Verification. When enabled, the setting will be enabled for all Employee Users or Client Users or both.
For new users, the activation process will require that the user enter a phone number that is enabled for text message (SMS) or voice. For example:

For existing users, the user is prompted to enter the phone number that is enabled for text message (SMS) or voice on the next login from the Web App, client tools like Citrix Files for Windows, or mobile app like Citrix Files for iOS. See the Web App example:



Two-Step Verification for ShareFile apps

Once enabled, the most popular ShareFile apps follow the same two-step verification process as the ShareFile website. These apps include:

  • ShareFile Sync for Windows
  • ShareFile Sync for Mac
  • Citrix Files for Windows
  • Citrix Files for Mac
  • Citrix Files for Outlook
  • Citrix Files for iOS
  • Citrix Files for Android

Citrix Files for Outlook users may need to re-link their plugin after enabling Two-Step Verification.

Set application-specific password for other apps

Some other applications that run outside a browser are not compatible with Two-Step Verification, and you will need to create a separate password. When logging in, please enter this password instead of your regular password. After enabling Two-Step Verification, your typical ShareFile password will no longer be accepted by these apps. These apps include:

  • FTP - when using an app specific password, short usernames are not supported. Please use the full username format (i.e. subdomain/email address).
  • API - use app specific password.
  • Storage zones controller - use app specific password.

You can access creation of application passwords under Personal Settings > Personal Security > Two-Step Verification > Application Specific Passwords, using the Create a Password button. On the new screen, you will be prompted to enter a label. This label will help you identify the app if you ever desire to revoke access to it. After clicking Generate, click the Copy button to copy the app-specific password to your clipboard. Next, Paste the new password into the password field of your app.



ShareFile Apps that do not support Two-Step Verification

Please note that the following apps do not support the Two-Step Verification feature. If Two-Step Verification is enabled for your user, you will not able to use these apps.

  • ShareFile Desktop Sync for Windows (Adobe AIR)
  • ShareFile Desktop Sync for Mac (Adobe AIR)
  • Enterprise Sync Manager (Adobe AIR)


Backup codes

ShareFile allows you to generate a set of backup codes that can be used in the event that you will be unable to access your phone. Generate these codes using the Generate Backup Codes button. These codes may each be used only once. They will become invalid when a new set of codes is generated using this button.


Disabling Two-Step Verification

If Two-Step Verification policies are not set for the user group you belong to, you can disable the feature using the Disable/battlefield-4-premium-key-generator.html. button at the bottom of the page. You will need to reenter your password to verify.
You can disable this feature for all users on your ShareFile account at Admin Settings > Security > Login & Security Policy > Two Step.
If the Two-Step Verification policy for the user group was set, the Disable button will not be shown to the user group.

Login with Two-Step Verification

After you have set up your Two-Step Verification, you will be prompted for your verification code after logging in to ShareFile on a computer you have not opted to trust. You must enter the code you have received most recently in order to proceed to your ShareFile account. If you do not receive the code, you can select I didn’t receive a code for more options. If you are still unable to get in to your ShareFile account, please contact your ShareFile administrator.

NOTE: When Enable “trust this device” for Clients Users is set to no, the trust option checkbox is not visible for Client Users as shown here.
If you have generated backup codes prior from the following:
You will see an additional option for the verification code:

Reset User Phone Numbers

If a user has to change their primary phone number used for two-step verification, the account master admin may initiate the reset. To do so, navigate to People >

Citrix Sharefile Generate Api Key For Google Map

Browser Employees and click on the user’s name that requires the reset. This will direct you to that employee’s profile page where the master admin can click Reset two-step verification under Actions.

A confirmation message will be displayed and after clicking Reset, the user will be emailed a hyperlink that expires in 15 minutes.
After the user clicks the hyperlink in the email, they will be directed to the login page to enter their credentials. Once authenticated, they will be able to enter their new phone number and complete the two-step verification setup.
Master admins requiring their phone number to be reset will need to contact support.