> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mx.com/llms.txt
> Use this file to discover all available pages before exploring further.

# MFA credentials

> Best practice is to use the list member challenges endpoint to list challenges that need to be answered; however, MX continues to support partners who use the mfa credentials endpoint for this purpose.<br></br> Institutions often require MFA (multi-factor authentication) in order to refresh a member. This form of authentication is typically a question/answer about the user - similar to "Where did you go to high school?" or "Where would you like an authentication token to be sent?". <br></br> In the event that we do not have the answer to the question being asked by the institution, the aggregation job will be returned with a "CHALLENGED" status. This will require the user to answer the mfa question(s) to aggregate the member. <br></br>This endpoint will return the credentials that need to be created (questions that need to be answered) to aggregate the member.



## OpenAPI

````yaml openapi/nexus/v1.yaml GET /jobs/{job_guid}/mfa_credentials
openapi: 3.0.0
info:
  contact:
    name: Nexus API
    url: https://www.mx.com
  version: 1.0.0
  title: Nexus API
  description: >-
    Legacy clients can use Nexus API for all their connectivity needs. If you
    are a new client refer to our Platform API. Review our [Nexus API
    Guides](/nexus) for more information.
servers:
  - url: https://int-data.moneydesktop.com/
  - url: https://data.moneydesktop.com/
security:
  - sessionToken: []
tags:
  - name: accounts
  - name: beats
  - name: budgets
  - name: categories
  - name: extended transaction history
  - name: goals
  - name: holdings
  - name: identity
  - name: insights
  - name: institutions
  - name: jobs
  - name: member credentials
  - name: members
  - name: merchants
  - name: microdeposits
  - name: monthly cash flow profile
  - name: notifications
  - name: scheduled payments
  - name: sessions
  - name: spending plan
  - name: taggings
  - name: tags
  - name: transaction rules
  - name: transactions
  - name: user
  - name: verification
paths:
  /jobs/{job_guid}/mfa_credentials:
    get:
      tags:
        - jobs
      summary: MFA credentials
      description: >-
        Best practice is to use the list member challenges endpoint to list
        challenges that need to be answered; however, MX continues to support
        partners who use the mfa credentials endpoint for this purpose.<br></br>
        Institutions often require MFA (multi-factor authentication) in order to
        refresh a member. This form of authentication is typically a
        question/answer about the user - similar to "Where did you go to high
        school?" or "Where would you like an authentication token to be sent?".
        <br></br> In the event that we do not have the answer to the question
        being asked by the institution, the aggregation job will be returned
        with a "CHALLENGED" status. This will require the user to answer the mfa
        question(s) to aggregate the member. <br></br>This endpoint will return
        the credentials that need to be created (questions that need to be
        answered) to aggregate the member.
      operationId: listJobMfaCredentials
      parameters:
        - name: job_guid
          description: The unique identifier for the job. Defined by MX.
          required: true
          in: path
          schema:
            type: string
      responses:
        '200':
          description: OK
          content:
            application/vnd.mx.nexus.v1+json:
              schema:
                $ref: '#/components/schemas/CredentialsResponseBody'
components:
  schemas:
    CredentialsResponseBody:
      properties:
        credentials:
          items:
            $ref: '#/components/schemas/CredentialsResponse'
          type: array
      type: object
    CredentialsResponse:
      properties:
        answer_field_type:
          nullable: true
          example: null
          description: >-
            The field type for the answer field when this credential is used for
            MFA challenges.
        created_at:
          example: '2016-09-21T22:08:59.000Z'
          description: >-
            Date and time the institution was created, represented in ISO 8601
            format with timestamp
        display_name:
          example: null
          nullable: true
          description: The human-readable name to display for this credential field.
        display_order:
          example: 1
          description: >-
            The order in which this credential field should be displayed to the
            user.
        editable:
          example: true
          type: boolean
          description: >-
            Indicates whether this credential field can be edited after initial
            creation.
        escaped:
          example: null
          nullable: true
          description: >-
            Indicates whether special characters in the credential value should
            be escaped.
        field_name:
          example: LOGIN
          description: >-
            The internal name of the credential field type (e.g., LOGIN,
            PASSWORD).
        field_type:
          example: 3
          description: >-
            The numeric identifier for the credential field type. See credential
            field types table for mappings.
        field_type_name:
          example: LOGIN
          description: The string name corresponding to the field_type numeric identifier.
        guid:
          example: CRD-9f61fb4c-912c-bd1e-b175-ccc7f0275cc1
          description: A unique identifier for the institution. Defined by MX.
        institution_guid:
          example: INS-1572a04c-912b-59bf-5841-332c7dfafaef
          description: >-
            The unique identifier for the institution this credential belongs
            to. Defined by MX.
        label:
          example: Username
          description: The label text to display next to the credential input field.
        max_length:
          example: null
          nullable: true
          description: >-
            The maximum character length allowed for this credential field
            value.
        meta_data:
          example: null
          nullable: true
          description: Additional metadata associated with this credential field.
        mfa:
          example: false
          type: boolean
          description: >-
            Indicates whether this credential is used for multi-factor
            authentication.
        optional:
          example: false
          type: boolean
          description: >-
            Indicates whether this credential field is optional when creating or
            updating a member.
        optional_mfa:
          example: null
          nullable: true
          description: >-
            Indicates whether this credential is optional when answering MFA
            challenges.
        size:
          example: null
          nullable: true
          description: The display size (width) for the credential input field.
        updated_at:
          example: '2016-09-21T22:08:59.000Z'
          type: string
          description: >-
            Date and time the credential was last updated, represented in ISO
            8601 format with timestamp.
        value_identifier:
          example: null
          nullable: true
          description: >-
            An identifier used to reference the credential value in certain
            contexts.
        value_mask:
          example: null
          nullable: true
          description: >-
            A pattern or mask to apply when displaying the credential value
            (e.g., for passwords).
  securitySchemes:
    sessionToken:
      description: >
        ### MX Session Token 

        - Request an API token using the read API token endpoint in the MX SSO
        API.

        - Exchange an API token for a session token. 
          - A session token is obtained by sending a POST request to /sessions
          - The session token will be used in each request made for the user. It should be passed in an `MD-SESSION-TOKEN` HTTP header as shown below.
          - This session token is valid for 30 minutes from the time it was created. The 30 minute expiration counter is refreshed with each call.
          - If you send a request with an expired session token you'll receive an error code of `4011`.

        ```

        curl -i https://int-data.moneydesktop.com/accounts \

        -H 'MD-SESSION-TOKEN:
        CWforZl1Vn2vC_v6H4rnQRT1DoWpDouJAV-_5TBmiQRAtA8rsOG_BoajTiOSsL0A3bd-bmHXlA-eQzc9ywItKg'
        \

        -H 'Content-Type: application/vnd.mx.nexus.v1+json' \

        -H 'Accept: application/vnd.mx.nexus.v1+json'

        ```


        In documentation code examples, replace `<API_KEY_VALUE>` with the
        session token.
      type: apiKey
      name: MD-SESSION-TOKEN
      in: header

````