Add Password Lockout Settings

POST 
https://$CUSTOM-DOMAIN/management/v1/policies/lockout

Add new password lockout settings on the organization level. This will overwrite the settings set on the instance for this organization. The settings specify when a user should be locked (e.g how many password attempts). The user has to be unlocked by an administrator afterward.

Request

Header Parameters

x-zitadel-orgid string

The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.

application/json

Body

required

maxPasswordAttempts int64

When the user has reached the maximum password attempts the account will be locked, If this is set to 0 the lockout will not trigger.

maxOtpAttempts int64

Maximum failed attempts for a single OTP type (TOTP, SMS, Email) before the account gets locked. Attempts are reset as soon as the OTP is entered correctly. If set to 0 the account will never be locked.

application/grpc

Body

required

maxPasswordAttempts int64

When the user has reached the maximum password attempts the account will be locked, If this is set to 0 the lockout will not trigger.

maxOtpAttempts int64

Maximum failed attempts for a single OTP type (TOTP, SMS, Email) before the account gets locked. Attempts are reset as soon as the OTP is entered correctly. If set to 0 the account will never be locked.

application/grpc-web+proto

Body

required

maxPasswordAttempts int64

When the user has reached the maximum password attempts the account will be locked, If this is set to 0 the lockout will not trigger.

maxOtpAttempts int64

Maximum failed attempts for a single OTP type (TOTP, SMS, Email) before the account gets locked. Attempts are reset as soon as the OTP is entered correctly. If set to 0 the account will never be locked.

Responses

200

A successful response.

application/json

Schema

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

Example (from schema)

{
  "details": {
    "sequence": "2",
    "creationDate": "2025-03-06T16:27:25.273Z",
    "changeDate": "2025-03-06T16:27:25.273Z",
    "resourceOwner": "69629023906488334"
  }
}

application/grpc

Schema

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

Example (from schema)

{
  "details": {
    "sequence": "2",
    "creationDate": "2025-03-06T16:27:25.273Z",
    "changeDate": "2025-03-06T16:27:25.273Z",
    "resourceOwner": "69629023906488334"
  }
}

application/grpc-web+proto

Schema

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

Example (from schema)

{
  "details": {
    "sequence": "2",
    "creationDate": "2025-03-06T16:27:25.273Z",
    "changeDate": "2025-03-06T16:27:25.273Z",
    "resourceOwner": "69629023906488334"
  }
}

default

An unexpected error response.

application/json

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

• curl
• python
• go
• nodejs
• ruby
• csharp
• php
• java
• powershell

• CURL

curl -L 'https://$CUSTOM-DOMAIN/management/v1/policies/lockout' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-d '{
  "maxPasswordAttempts": 0,
  "maxOtpAttempts": "10"
}'

Request Collapse all

Base URL

https://$CUSTOM-DOMAIN/management/v1

Auth

Bearer Token

Parameters

x-zitadel-orgid — header

Body required

Content-Type

application/jsonapplication/grpcapplication/grpc-web+proto

{
  "maxPasswordAttempts": 0,
  "maxOtpAttempts": "10"
}

ResponseClear

Click the Send API Request button above and see the response here!