We have introduced a new MFA step-up for API session (POST /v3/mfa/step-up
) endpoint.
Ideally, when you sign in with POST /v3/login
, set rememberMeId
and device
in your request to generate an MFA-trusted API session.
In case you sign in without rememberMeId
and device
in your request, you can use this POST /v3/mfa/step-up
endpoint to mark the current API session as MFA trusted.
NOTE
In addition, we have added a new field in the API login endpoint response. You now see a
trusted
field in the response. This field is set astrue
if the current API session is MFA-trusted.
See POST /v3/mfa/step-up in the API reference for more information.