If the account has two-factor authentication (2FA) enabled or the "twoFactor" parameter is explicitly set to true, the initial request will return a 400 status code.

{
  "error": {
    "errorId": "authorization.twoFactor",
    "errorMessage": "A valid two factor authentication code is required."
  }
}

When a 400 response is returned, it triggers the delivery of a 2FA code to the user's registered mobile number. Once the code is received, the request can be retried with the "code" included.

If 2FA is disabled, and "twoFactor" is either omitted or set to false, the request will succeed on the first attempt.

📘
A single account can generate and use multiple authorization tokens simultaneously.