Cloud Stack Ninja

Initiating an HTTP post request I am getting an error:

'Access Denied: Invalid token, wrong code'. I have tried every possible solution but I can't pass this error.

Details for this challenge:


The URL is protected by HTTP Basic Authentication, which is explained on Chapter 2 of RFC2617, so you have to provide an Authorization: header field in your POST request

For the userid of HTTP Basic Authentication, use the same email address you put in the JSON string. For the password, provide a 10-digit time-based one time password conforming to RFC6238 TOTP. Authorization password For generating the TOTP password, you will need to use the following setup:

You have to read RFC6238 (and the errata too!) and get a correct one time password by yourself. TOTP's Time Step X is 30 seconds. T0 is 0. Use HMAC-SHA-512 for the hash function, instead of the default HMAC-SHA-1. Token shared secret is the userid followed by ASCII string value "HENNGECHALLENGE003" (not including double quotations).

const axios = require('axios');
const base64 = require('base-64');
const utf8 = require('utf8');
const { totp } = require('otplib');

const ReqJSON = {
  "github_url":    "ABC",
  "contact_email": "ABC"

const stringData = JSON.stringify(ReqJSON);
const URL = "ABC";
const sharedSecret = ReqJSON.contact_email + "HENNGECHALLENGE003";

totp.options = { digits: 10, algorithm: "sha512", epoch: 0 };

const MyTOTP = totp.generate(sharedSecret);
const isValid = totp.check(MyTOTP, sharedSecret);

console.log("Token Info:", {MyTOTP, isValid});

const authStringUTF = ReqJSON.contact_email + ":" + MyTOTP;
const bytes = utf8.encode(authStringUTF);
const encoded = base64.encode(bytes);

const createReq = async () => {
    try {
        const config = {
            headers: {
                'Content-Type': 'application/json',
                "Authorization": "Basic " + encoded

        console.log("Making request", {URL, ReqJSON, config});

        const response = await, stringData, config);
    } catch (err) {


Read more here:

Content Attribution

This content was originally published by Kamishiwa at Recent Questions - Stack Overflow, and is syndicated here via their RSS feed. You can read the original post over there.

%d bloggers like this: