Left the old logic that uses the "challenge" system in case it still works, but added logic to handle RH's current MFA API using the login endpoint. I was getting a number of 400 and 405 errors and discovered that they now route SMS 2FA requests along with the entire json payload back to the login endpoint rather than https://api.robinhood.com/challenge... 2FA is working fine for me now.
Left the old logic that uses the "challenge" system in case it still works, but added logic to handle RH's current MFA API using the login endpoint. I was getting a number of 400 and 405 errors and discovered that they now route SMS 2FA requests along with the entire json payload back to the login endpoint rather than https://api.robinhood.com/challenge... 2FA is working fine for me now.