2FA API is running
Use /getcode (insecure demo) or POST /secure/getcode (recommended).