2FA API deploys with Service Account
1) What rights does a user need to install software via the API. Does the service account need to be an administrator? Does the Read Only Administrator give sufficient privileges (if so, I may be able to get 2FA turned off for this user)
2) Are there any ways to provide the authentication code in an automated way that has been successful for anyone with KACE?
Since I am not sure how much of the task you have accomplished using the API.
How to authenticate when 2fa is enabled when using the API is covered here.