Behavior Data with API Token calls

If we want to make calls to the /authn endpoint, how would adaptive MFA/Behavior Detection work? All the calls from an HTTP/Rest perspective will come from the same machine in the same location. Can we pass location/activity data in the /authn call so that we can get a " “status”: “MFA_REQUIRED” " response when appropriate?


If you have a behavior based on IP, maybe you can try passing the X-Forwarded-For header with the IP address of your choice.