[GNC-dev] USAA

Mon Feb 8 14:47:02 EST 2021

Scott,

To expand a bit more on your research, it turns I got myself locked out working via command line (had a typo in my password,) but I got a new response:

=============
HTTP/2 200
date: Mon, 08 Feb 2021 19:21:46 GMT
content-type: application/x-ofx
content-length: 661
vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
set-cookie: visid_incap_2454689=VL3kNBr2SlSW0WJCqhj8bUqPIWAAAAAAQUIPAAAAAAAItMvflIE03TK597RZBrSG; expires=Tue, 08 Feb 2022 16:54:56 GMT; HttpOnly; path=/; Domain=.1fsapi.com; Secure; SameSite=None
set-cookie: nlbi_2454689=GUGEXaoMYhyU6CN+hXBnAwAAAACJYu0m0lufamEaMlpy8lh6; path=/; Domain=.1fsapi.com; Secure; SameSite=None
set-cookie: incap_ses_1286_2454689=sP1YdCv3cxxFphfCS8rYEUqPIWAAAAAADjWNiSpDNqhTw/8uqYqZkA==; path=/; Domain=.1fsapi.com; Secure; SameSite=None
x-cdn: Incapsula
x-iinfo: 3-12758011-12758012 NNNN CT(8 5 0) RT(1612812105972 0) q(0 0 0 -1) r(1 1) U6

OFXHEADER:100
DATA:OFXSGML
VERSION:103
SECURITY:NONE
ENCODING:USASCII
CHARSET:NONE
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:NONE

<OFX><SIGNONMSGSRSV1><SONRS><STATUS><CODE>2000<SEVERITY>ERROR<MESSAGE>You're locked out due to multiple tries, you'll need to verify your information. Get Access ID and PIN here https://df3cx-services.1fsapi.com/casm/usaa/enroll</STATUS><DTSERVER>20210208142146.714[-5:EST]<LANGUAGE>ENG<FI><ORG>USAA Federal Savings Bank<FID>67811</FI></SONRS></SIGNONMSGSRSV1><SIGNUPMSGSRSV1><ACCTINFOTRNRS><TRNUID>096F9A5D-A1A6-4FF7-A75E-222F55F834CFc<STATUS><CODE>15500<SEVERITY>ERROR</STATUS></ACCTINFOTRNRS></SIGNUPMSGSRSV1></OFX>
=============

I am even getting this response in the Quicken OFX logs at the moment.  Followed the link in the MESSAGE above and it just showed me the creds page with the user/passwd I'd preciously setup.

I was able to automate some of the changing fields (DTCLIENT and TRNUID) in the request:

=============
echo -en "OFXHEADER:100\r\nDATA:OFXSGML\r\nVERSION:103\r\nSECURITY:NONE\r\nENCODING:USASCII\r\nCHARSET:NONE\r\nCOMPRESSION:NONE\r\nOLDFILEUID:NONE\r\nNEWFILEUID:NONE\r\n\r\n<OFX>\r\n<SIGNONMSGSRQV1>\r\n<SONRQ>\r\n<DTCLIENT>`date +%Y%m%d%H%M%S`\r\n<USERID>XXXX362\r\n<USERPASS>XXXX66\r\n<LANGUAGE>ENG\r\n<FI>\r\n<ORG>USAA Federal Savings Bank\r\n<FID>67811\r\n</FI>\r\n<APPID>QMOFX\r\n<APPVER>2300\r\n<CLIENTUID>XXXXXXXX-DB64-4AC0-A835-XXXXXXXXXXXX\r\n</SONRQ>\r\n</SIGNONMSGSRQV1>\r\n<SIGNUPMSGSRQV1>\r\n<ACCTINFOTRNRQ>\r\n<TRNUID>`uuidgen | id=_ && echo ${id^^}`c\r\n<ACCTINFORQ>\r\n<DTACCTUP>19900101\r\n</ACCTINFORQ>\r\n</ACCTINFOTRNRQ>\r\n</SIGNUPMSGSRQV1>\r\n</OFX>\r\n" | curl -isS -X POST -H "Content-Type: application/x-ofx" -A InetClntApp/3.0 --data-binary @- https://df3cx-services.1fsapi.com/casm/usaa/access.ofx
=============

Not sure how long I will be locked out, but will get back to it when I can.

Regards,

Bob