During my exploration of the RMS API, I have been able to perform multiple actions using the client credentials OAuth flow and the SocketIO Status API including running commands on and up/downloading files to/from a TRB140 device.
The RMS API "POST /devices/passwords/set" however is the first action that errors out with a 403 with code MFA_REQUIRED.
This seems to be undocumented.
So is the MFA restriction on this specific API by design? If so, how should I include MFA TOTP either in the OAuth token request or the set-password API?