Skip to main content
GET
/
attack-protection
/
brute-force-protection
TypeScript
import { ManagementClient } from "auth0";

async function main() {
    const client = new ManagementClient({
        token: "<token>",
    });
    await client.attackProtection.bruteForceProtection.get();
}
main();
{
  "enabled": true,
  "shields": [
    "block"
  ],
  "allowlist": [
    "127.0.0.1"
  ],
  "mode": "count_per_identifier_and_ip",
  "max_attempts": 10
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Response

Brute force configuration successfully retrieved.

enabled
boolean

Whether or not brute force attack protections are active.

shields
enum<string>[]

Action to take when a brute force protection threshold is violated. Possible values: block, user_notification.

Available options:
block,
user_notification
allowlist
(string<ipv4> | string<cidr> | string<ipv6> | string<ipv6_cidr>)[]

List of trusted IP addresses that will not have attack protection enforced against them.

mode
enum<string>
default:count_per_identifier_and_ip

Account Lockout: Determines whether or not IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip, count_per_identifier.

Available options:
count_per_identifier_and_ip,
count_per_identifier
max_attempts
integer
default:10

Maximum number of unsuccessful attempts.

Required range: 1 <= x <= 100