Skip to main content
GET
https://{tenantDomain}/api/v2
/
attack-protection
/
brute-force-protection
Go
package example

import (
    context "context"

    client "github.com/auth0/go-auth0/management/management/client"
    option "github.com/auth0/go-auth0/management/management/option"
)

func do() {
    client := client.NewClient(
        option.WithToken(
            "<token>",
        ),
    )
    client.AttackProtection.BruteForceProtection.Get(
        context.TODO(),
    )
}
import { ManagementClient } from "auth0";

async function main() {
const client = new ManagementClient({
token: "<token>",
});
await client.attackProtection.bruteForceProtection.get();
}
main();
import { ManagementClient } from "auth0";

async function main() {
const client = new ManagementClient({
token: "<token>",
});
await client.attackProtection.bruteForceProtection.get();
}
main();
curl --request GET \
--url https://{tenantDomain}/api/v2/attack-protection/brute-force-protection \
--header 'Authorization: Bearer <token>'
import requests

url = "https://{tenantDomain}/api/v2/attack-protection/brute-force-protection"

headers = {"Authorization": "Bearer <token>"}

response = requests.get(url, headers=headers)

print(response.text)
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://{tenantDomain}/api/v2/attack-protection/brute-force-protection",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
HttpResponse<String> response = Unirest.get("https://{tenantDomain}/api/v2/attack-protection/brute-force-protection")
.header("Authorization", "Bearer <token>")
.asString();
require 'uri'
require 'net/http'

url = URI("https://{tenantDomain}/api/v2/attack-protection/brute-force-protection")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'

response = http.request(request)
puts response.read_body
{
  "enabled": true,
  "shields": [],
  "allowlist": [
    "127.0.0.1"
  ],
  "mode": "count_per_identifier_and_ip",
  "max_attempts": 10
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Response

Brute force configuration successfully retrieved.

enabled
boolean

Whether or not brute force attack protections are active.

shields
enum<string>[]

Action to take when a brute force protection threshold is violated. Possible values: block, user_notification.

Available options:
block,
user_notification
allowlist
(string<ipv4> | string<cidr> | string<ipv6> | string<ipv6_cidr>)[]

List of trusted IP addresses that will not have attack protection enforced against them.

mode
enum<string>
default:count_per_identifier_and_ip

Account Lockout: Determines whether or not IP address is used when counting failed attempts. Possible values: count_per_identifier_and_ip, count_per_identifier.

Available options:
count_per_identifier_and_ip,
count_per_identifier
max_attempts
integer
default:10

Maximum number of unsuccessful attempts.

Required range: 1 <= x <= 100