When I call getContentServicesByContainerType2, the results indicate that content services 5 and 11765 (Wells Fargo - Bank and Ally Bank) have MfaTypeId 4. When I call addItemForContentService1 for either of these banks, however, authentication is successful and I can obtain account details without ever having to get or put an MFA request. Under normal circumstances, this wouldn't be a problem, except our MFA implementation is not ready to be released, and everything else is. We don't want to hold back on releasing everything else. Until our MFA system is ready, we would prefer not to list a bank in a search if it requires MFA. Are we misunderstanding MfaTypeId? Does an MfaTypeId of 4 never actually require that authentication? Does the data just need to be updated for those content services? Is there another way we can tell, without calling addItemForContentService1, which content services will require MFA?
I don't know if this makes a difference or not, but we observed this behavior in our private zone.
Thanks.
There are different aspects to MFA -
Now the two sites which you have mentioned may fall under #2 where for few users they ask MFA and for few they don't. In this case for users who don't have MFA will refresh fine even through normal flow.
Also until and unless Yodlee goes to end site with user credentials to scrape data for a new addition of an account we will not know if MFA will appear or not.
Hence Yodlee strongly recommend implementation of all types of MFA with correct MFA flow and all the request of a MFA site to be routed through the MFA flow. You can find the MFA flow in this document