it really is a bit of a pain 2fa with API... For example, adding several lists, I have to put 2fa code, but I have a batch with several lists to add members too, then the 2fa expires, etc. I end up disabling 2fa.
I suggest an alternative pwd just for API... or no 2fa for API...