I see 2FA is now available in beta. That's great, and it works well for logging into the management UI. However I notice that there's no change to the management APIs, I can still access all the APIs using just a username and password. That makes the 2FA a bit... pointless at the moment. Maybe this is just because it's a beta though.

Are there any docs on how the API authentication will work (presumably there are plans to change authentication for the API?)