I got around to learning about the api_key. For those that don’t have much experience with HTTP (me included), here is what I hacked up to do dyn-DNS using the long-lived API key. $file follows the curl netrc file format with the TOTP secret appended to the end.
#!/bin/bash
# initialize list of API keys
declare -A APIkeylist
# get userid, password, and public name for server
# multiple names can map to the same server
for file in /etc/rc.local.d/*
do
read -r machine server logincmd username passwordcmd password secret<"$file"
sitename=`basename $file`
#make sure that we have not already authenticated to target MIAB userid
if [ -z ${APIkeylist[$username]} ]; then
# Set 2FA authentication token. Fix in future to not expose secret in "ps".
TOTP="X-Auth-Token: $(oathtool --totp -b -d 6 $secret)"
# authenticate to MIAB server. Get long lived API key.
APIkeylist[$username]="$(curl -s -X GET --netrc-file $file -H "$TOTP" "https://$server/admin/me" | jq -r '.api_key')"
fi
# set IPv4 and IPV6 names
curl -4 -X PUT -u "$username:${APIkeylist[$username]}" "https://$server/admin/dns/custom/$sitename/A"
curl -6 -X PUT -u "$username:${APIkeylist[$username]}" "https://$server/admin/dns/custom/$sitename/AAAA"
done