I understand your challenge with implementing two-factor authentication via REST API without accessing the Keycloak login page. While Keycloak doesn't natively provide a REST endpoint for generating QR codes for 2FA setup, I'd like to recommend a custom extension that might help solve your problem.

Take a look at the khode-two-factor-auth extension: https://github.com/chornthorn/khode-two-factor-auth

This extension provides additional REST endpoints for Keycloak, including one that allows you to generate QR codes for two-factor authentication setup without needing to access the Keycloak login page. It's designed to work with custom login page UIs, which seems to fit your use case perfectly.

The extension offers the following features:

1. Generate QR code for 2FA setup
2. Verify OTP code
3. Enable/disable 2FA for a user
4. Check if 2FA is enabled for a user

By using this extension, you should be able to implement the 2FA setup process entirely through your own login page UI, communicating with Keycloak via REST API calls.