Auth0 API | Attack Protection › Suspicious IP Throttling › Update Suspicious IP Throttling Settings

Attack Protection

attack_protection

Attack Protection

Breached Password Detection

attack_protection.breached_password_detection

Methods

Get Breached Password Detection Settings ->

BreachedPasswordDetectionSettings

get/attack-protection/breached-password-detection

Retrieve details of the Breached Password Detection configuration of your tenant.

Update Breached Password Detection Settings -> { admin_notification_frequency, enabled, method, 2 more... }

patch/attack-protection/breached-password-detection

Update details of the Breached Password Detection configuration of your tenant.

Domain types

BreachedPasswordDetectionSettings = { admin_notification_frequency, enabled, method, 2 more... }

Attack Protection

Brute Force Protection

attack_protection.brute_force_protection

Methods

Get Brute Force Settings ->

BruteForceProtectionSettings

get/attack-protection/brute-force-protection

Retrieve details of the Brute-force Protection configuration of your tenant.

Update Brute Force Settings -> { allowlist, enabled, max_attempts, 2 more... }

patch/attack-protection/brute-force-protection

Update the Brute-force Protection configuration of your tenant.

Domain types

BruteForceProtectionSettings = { allowlist, enabled, max_attempts, 2 more... }

Attack Protection

Suspicious IP Throttling

attack_protection.suspicious_ip_throttling

Methods

Get Suspicious IP Throttling Settings ->

SuspiciousIPThrottlingSettings

get/attack-protection/suspicious-ip-throttling

Retrieve details of the Suspicious IP Throttling configuration of your tenant.

Update Suspicious IP Throttling Settings -> { allowlist, enabled, shields, 1 more... }

patch/attack-protection/suspicious-ip-throttling

Update the details of the Suspicious IP Throttling configuration of your tenant.

Security

Example: Authorization: Bearer My Bearer Token

Response fields

allowlist: Array<string>

Optional

List of trusted IP addresses that will not have attack protection enforced against them.

enabled: boolean

Optional

Whether or not suspicious IP throttling attack protections are active.

shields: Array<"block" | "admin_notification">

Optional

Action to take when a suspicious IP throttling threshold is violated. Possible values: block, admin_notification.

stage: { pre-login, pre-user-registration }

Optional

Holds per-stage configuration options (max_attempts and rate).

Request example

curl https://login0.local.dev.auth0.com/api/v2/attack-protection/suspicious-ip-throttling \
    -X PATCH \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $BEARER_TOKEN"

200Example

{
  "allowlist": [
    "string"
  ],
  "enabled": true,
  "shields": [
    "block"
  ],
  "stage": {
    "pre-login": {
      "max_attempts": 0,
      "rate": 0
    },
    "pre-user-registration": {
      "max_attempts": 0,
      "rate": 0
    }
  }
}

Domain types

SuspiciousIPThrottlingSettings = { allowlist, enabled, shields, 1 more... }