Hey @marcuscaum, there are multiple types of attack protection that come into action during logins.
- Brute-force Protection - When a single user attempts login with incorrect credentials (10 wrong attempts, unless this value is overridden in dashboard). The IP is blocked for that user only. These blocks can be retrieved from GET /api/v2/user=blocks?identifier={id} or GET /api/v2/user-blocks/{user_id}
- Suspicious IP Throttling - When multiple users try 100+ failed login attempts or 50+ signups. That IP is blocked for everyone. These blocks can be found using the endpoint you used: GET /api/v2/anomaly/blocks/ips/{ip}.
- Bot detection - This is a bit more complicated to explain, but you can read about it here. You can’t search for IPs blocked by this.
The error you received seems to be from bot detection, so those endpoints will not show up that it was blocked. You can verify this by turning off bot detection temporarily. It’s not possible to unblock those IPs manually, but usually Auth0 login pages will display a captcha when this error is received so the user can solve that to complete the login.