diff --git a/changelogs/client_server/newsfragments/1846.clarification b/changelogs/client_server/newsfragments/1846.clarification
new file mode 100644
index 000000000..6f57eb358
--- /dev/null
+++ b/changelogs/client_server/newsfragments/1846.clarification
@@ -0,0 +1 @@
+Clarify that per-request UIA for /login/get_token is an RFC 2119 MUST requirement.
diff --git a/data/api/client-server/login_token.yaml b/data/api/client-server/login_token.yaml
index a8ab12487..19fa350ee 100644
--- a/data/api/client-server/login_token.yaml
+++ b/data/api/client-server/login_token.yaml
@@ -45,7 +45,7 @@ paths:
         intend to log in multiple devices must generate a token for each.
 
         With other User-Interactive Authentication (UIA)-supporting endpoints, servers sometimes do not re-prompt
-        for verification if the session recently passed UIA. For this endpoint, servers should always re-prompt
+        for verification if the session recently passed UIA. For this endpoint, servers MUST always re-prompt
         the user for verification to ensure explicit consent is gained for each additional client.
 
         Servers are encouraged to apply stricter than normal rate limiting to this endpoint, such as maximum