List of blocked users via API

Hi!

I’m having trouble for users not coping with password-less email login :wink:

Requesting a lot of codes way to fast, and then entering the wrong code, and being block by the brute-force-filter.

There seems to be no way I can get a list of these users, except pulling each user thru th /user-blocks api endpoint, and to me it doesn’t sound very efficient. Neither for me nor for Auth0, to force me the sweep thru all my users, to detect who has been blocked.

Is there any other way to get a lost of all blocked users?

The normal blocked users is listed to me via the /users API-endpoint

/Henning

Hi @kulturnat,

You can use the Management API’s List of search users endpoint to get a list of users. Then you can add a filter for blocked users using q=blocked:true in your request.

For example:

curl -L 'https://YOUR_DOMAIN.auth0.com/api/v2/users?q=blocked:true' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer 🔒'

Let me know if there’s anything else I can do to help.

Cheers,
Rueben

No that’s not what I’m looking for.

That query gets all the blocked users ( eg using the “block”-button on the dashboard ),
image
not the users that was block for brute-force (users entring the wrong password too many times ):
image

Images are screenshots of two of my test-users for testing this problem.

/Henning

Hi again.

I just noticed that the information is displayed in the “raw JSON” tab in the dashboard.

"blocked_for": [
    {
        "identifier": "email@example.org",
        "connection": "email",
        "ip": "aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh"
    }

But I can’t use blocked_for in the query.

/Henning

Hi @kulturnat,

Thanks for the update and clarification.

Unfortunately, there isn’t an endpoint to get a list of users blocked by brute force protection.

I suggest referring to this knowledge solution, which addresses this:

Cheers!
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.