Skip to main content
PATCH
https://{tenantDomain}/api/v2
/
attack-protection
/
brute-force-protection
C#
using Auth0.ManagementApi;
using System.Threading.Tasks;
using Auth0.ManagementApi.AttackProtection;

public partial class Examples
{
    public async Task Example() {
        var client = new ManagementClient(
            token: "<token>"
        );

        await client.AttackProtection.BruteForceProtection.UpdateAsync(
            new UpdateBruteForceSettingsRequestContent()
        );
    }

}
package example

import (
context "context"

attackprotection "github.com/auth0/go-auth0/management/management/attackprotection"
client "github.com/auth0/go-auth0/management/management/client"
option "github.com/auth0/go-auth0/management/management/option"
)

func do() {
client := client.NewClient(
option.WithToken(
"<token>",
),
)
request := &attackprotection.UpdateBruteForceSettingsRequestContent{}
client.AttackProtection.BruteForceProtection.Update(
context.TODO(),
request,
)
}
package com.example.usage;

import com.auth0.client.mgmt.ManagementApi;
import com.auth0.client.mgmt.resources.attackprotection.bruteforceprotection.requests.UpdateBruteForceSettingsRequestContent;

public class Example {
public static void main(String[] args) {
ManagementApi client = ManagementApi
.builder()
.token("<token>")
.build();

client.attackProtection().bruteForceProtection().update(
UpdateBruteForceSettingsRequestContent
.builder()
.build()
);
}
}
<?php

namespace Example;

use Auth0\SDK\API\Management\Management;
use Auth0\SDK\API\Management\AttackProtection\BruteForceProtection\Requests\UpdateBruteForceSettingsRequestContent;

$client = new Management(
token: '<token>',
);
$client->attackProtection->bruteForceProtection->update(
new UpdateBruteForceSettingsRequestContent([]),
);
from auth0.management import ManagementClient

client = ManagementClient(
token="<token>",
)

client.attack_protection.brute_force_protection.update()
require "auth0"

client = Auth0::Management.new(token: "<token>")

client.attack_protection.brute_force_protection.update
import { ManagementClient } from "auth0";

async function main() {
const client = new ManagementClient({
token: "<token>",
});
await client.attackProtection.bruteForceProtection.update({});
}
main();
import { ManagementClient } from "auth0";

async function main() {
const client = new ManagementClient({
token: "<token>",
});
await client.attackProtection.bruteForceProtection.update({});
}
main();
curl --request PATCH \
--url https://{tenantDomain}/api/v2/attack-protection/brute-force-protection \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"enabled": true,
"shields": [],
"allowlist": [
"127.0.0.1"
],
"mode": "count_per_identifier_and_ip",
"max_attempts": 10
}
'
{
  "enabled": true,
  "shields": [],
  "allowlist": [
    "127.0.0.1"
  ],
  "mode": "count_per_identifier_and_ip",
  "max_attempts": 10
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

enabled
boolean

Whether or not brute force attack protections are active.

shields
enum<string>[]

Action to take when a brute force protection threshold is violated. Possible values: block, user_notification.

Available options:
block,
user_notification
allowlist
(string<ipv4> | string<cidr> | string<ipv6> | string<ipv6_cidr>)[]

List of trusted IP addresses that will not have attack protection enforced against them.

mode
enum<string>
default:count_per_identifier_and_ip

Account Lockout: Determines whether or not IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip, count_per_identifier.

Available options:
count_per_identifier_and_ip,
count_per_identifier
max_attempts
integer
default:10

Maximum number of unsuccessful attempts.

Required range: 1 <= x <= 100

Response

Brute force configuration successfully updated.

enabled
boolean

Whether or not brute force attack protections are active.

shields
enum<string>[]

Action to take when a brute force protection threshold is violated. Possible values: block, user_notification.

Available options:
block,
user_notification
allowlist
(string<ipv4> | string<cidr> | string<ipv6> | string<ipv6_cidr>)[]

List of trusted IP addresses that will not have attack protection enforced against them.

mode
enum<string>
default:count_per_identifier_and_ip

Account Lockout: Determines whether or not IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip, count_per_identifier.

Available options:
count_per_identifier_and_ip,
count_per_identifier
max_attempts
integer
default:10

Maximum number of unsuccessful attempts.

Required range: 1 <= x <= 100