The Mi-Token API service is a component that exposes a RESTful web service over the HTTP (port 80)/HTTPS protocol (port 443) providing several methods for managing and validating tokens and OTPs. (One-Time-Passwords) without a graphical user interface.


Although this service can be used to integrate 2FA into your in-house developed solutions, it is primarily utilized by the Mi-Token Credential Provider (enabling 2FA for the Windows Login Screen - see screen capture below) to validate a user's credentials.


Mi-Token Credential Provider Plugin


The service is not installed as an IIS-dependant web service, but as a Windows Server service that dispatches authentication requests over the HTTP and HTTPS protocols, allowing clients to use the service with or without SSL, therefore the HSTS header is not enabled by design.


Mi-Token API Service at the Windows Server services window