startTwoFactorLoginWithId

Accepts freeform code/query input (requestBody.code)

Part of the Mcp Api MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.

// WHEN AI AGENTS USE THIS TOOL

AI agents invoke startTwoFactorLoginWithId to trigger processes or run actions in Mcp Api. Execute operations can have side effects beyond the immediate call -- triggering builds, sending notifications, or starting workflows. Rate limits and argument validation are essential to prevent runaway execution.

// WHY ENFORCE A POLICY ON STARTTWOFACTORLOGINWITHID

startTwoFactorLoginWithId can trigger processes with real-world consequences. An uncontrolled agent might start dozens of builds, send mass notifications, or kick off expensive compute jobs. Intercept enforces rate limits and validates arguments to keep execution within safe bounds.

// RECOMMENDED POLICY

Execute tools trigger processes. Rate-limit and validate arguments to prevent unintended side effects.

io-fusionauth-mcp-api.yaml

tools:
  startTwoFactorLoginWithId:
    rules:
      - action: allow
        rate_limit:
          max: 10
          window: 60
        validate:
          required_args: true

See the full Mcp Api policy for all 310 tools.

// DETAILS

Tool Name startTwoFactorLoginWithId

Category Execute

MCP Server Mcp Api MCP Server

Risk Level High

// MORE MCP API TOOLS

Destructive cancelActionWithId Destructive changePasswordWithId Destructive deleteAPIKeyWithId Destructive deleteApplicationRoleWithId Destructive deleteApplicationWithId Destructive deleteConnectorWithId Destructive deleteConsentWithId Destructive deleteEmailTemplateWithId

View all 310 tools →

// RELATED READING

// FAQ

What does the startTwoFactorLoginWithId tool do? +

Start a Two-Factor login request by generating a two-factor identifier. This code can then be sent to the Two Factor Send API (/api/two-factor/send)in order to send a one-time use code to a user. You can also use one-time use code returned to send the code out-of-band. The Two-Factor login is completed by making a request to the Two-Factor Login API (/api/two-factor/login). with the two-factor identifier and the one-time use code. This API is intended to allow you to begin a Two-Factor login outside a normal login that originated from the Login API (/api/login).. It is categorised as a Execute tool in the Mcp Api MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.

How do I enforce a policy on startTwoFactorLoginWithId? +

Add a rule in your Intercept YAML policy under the tools section for startTwoFactorLoginWithId. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Mcp Api MCP server.

What risk level is startTwoFactorLoginWithId? +

startTwoFactorLoginWithId is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.

Can I rate-limit startTwoFactorLoginWithId? +

Yes. Add a rate_limit block to the startTwoFactorLoginWithId rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block startTwoFactorLoginWithId completely? +

Set action: deny in the Intercept policy for startTwoFactorLoginWithId. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides startTwoFactorLoginWithId? +

startTwoFactorLoginWithId is provided by the Mcp Api MCP server (@fusionauth/mcp-api). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.

startTwoFactorLoginWithId

Enforce policies on Mcp Api