In August 2024 — two years later — another community member referenced a now inaccesible post where a estimated delivery date of between July and September of 2024 was shared.
In February this year, Kushal — who I can’t link to because your forum software thinks the letters s-h-i-t in Kushal’s GitHub username (https://github.com/kushalsh[i]t27) will negatively impact the vibe of this forum — shared this updated estimate via GitHub:
We are actively working on supporting this feature by Q2 (May-July) of FY26.
Others have asked about this missing feature and been instructed to request a feature before having the discussion closed. Naturally, I find myself wondering why are the GitHub discussion, GitHub issue, and repeated posts on these forums not considered feature requests. A less forgiving observer might interpret this as unnecessarily bureaucratic and hostile towards customers (forum validation rules clearly aren’t helping our case here).
Management of Auth0 tenants without Infrastructure as Code is a non-starter for some organizations, and bot protection is more important than ever. With a production tenant and at least one pre-production tenant, avoiding configuration drift is critical to deploying a secure and auditable adaptable authentication and authorization platform.
Can we get a definitive answer on whether we can expect to see this bot protection feature within the management API before the end of July 2026?
If it’s going to take longer, I’d really appreciate a heads up so I can pick up a fifth candle for the cake.
Welcome to the Auth0 Community and sorry for the inconvenience of bringing this up again!
I totally understand your perspective and the reason why this would be such an important feature to be added.
Our Product Team is monitoring the activity and behavior of several issues that are being raised up through Github threads and Community posts, including this one. However, the most reliable way of highlighting the potential of implementing a new feature would be to contribute in the topics of our Product Feedback section, since this is the dedicated sector that is being highly supervised.
This being said, I would highly encourage you to upvote this existing feedback request - Allow Bot Detection configuration at application level and give it a reply so it can appear at the top of the feed, but you could also create a new Product Feedback Request specifying the functionality needed, alongside the reason behind it.
I will also come back with a reply to this post as soon as I get more information on a possible implementation date of this feature.
Thank you for taking the time to share such a thoughtful and detailed message. I am Abhishek, the Group Product Manager responsible for Bot Detection at Auth0, and I want to begin by sincerely apologizing for the delay and the lack of clarity around the availability of this feature in the Management API.
We fully understand how important Infrastructure as Code support is for managing secure and auditable tenant configurations, particularly for critical security features like Bot Detection. Your feedback, along with that of others in the community, is very much appreciated.
While our initial plans targeted an earlier delivery, the team had to focus on other high-priority initiatives. That said, I am pleased to share that we are now planning to make Bot Detection available via the Management API in the second half of this year (H2 FY26). We will publish updates and availability details through the Auth0 Changelog as we launch this feature.
I recognize that the lack of updates over time has been frustrating, and I truly apologize for the impact this has had. Your message serves as a valuable reminder of how important timely communication is, and we are taking that to heart.
Thank you again for your patience and for holding us to a high standard. I am hopeful we will ship this before that fifth candle becomes necessary.
Warm regards
Abhishek Ambastha
Group Product Manager, Auth0