My app is composed of an API, web app, and a mobile app. All authentication happens through our API, therefore our clients are never communicating with Auth0 directly. This means ALL API requests come to Auth0 from the same IP address. We are having issues with brute force protection temporarily blocking our API’s IP address and affecting our entire application.
What options do we have?