the one that is related to your Autodesk Identity account, which you use only when a Web browser is used to authenticate,
the legacy ShotGrid 2FA, which is used for API connections using the Python or REST API, along with your legacy login and passphrase (NOT your Autodesk Identity username and password)
For sites where ShotGrid’s 2FA is setup and enabled, you need to provide the auth_token param along with the ShotGrid legacy login and passphrase. The auth token is the current 2FA value that Duo/Authenticator gives you for that account and site.
That is what I’ guessing. Anyway, when I log in via a web browser, only the Autodesk 2FA. Does that mean the shotgrid 2FA is required only when logging in via API?
The ShotGrid 2FA was likely required for authentication on your site prior to the switch to Autodesk Identity. So that condition remained in effect for API calls.
There is currently a bug where the control for enabling/disabling ShotGrid-based 2FA is not visible. To have it turned off, you can open a support ticket so that we can turn it off for you.