Passwordless login - has my phone been blacklisted?

I’m implementing and testing passwordless authentication on our app using the passwordless API, and originally was able to log in without any trouble. However for the last few days have been unable to log in from my own phone. Each time I try to verify a new code I get a response with HTTP status 403 and the error message: “You’ve reached the maximum number of attempts. Please try to login again.”

I have tried this on two different tenants and the result is the same (both are currently on the free tier). I have also tried deleting the user account for that phone number and it has not changed the behaviour.

If I use a different phone number, I am able to log in with passwordless successfully. As I am currently testing I have been logging in more than I would usually, but I don’t believe I have come close to hitting the rate limits, and have never received a response with HTTP status 429 (as described here). However the fact that this only occurs with one phone number, and across multiple tenants, makes me wonder if my number has been blacklisted somewhere.

So I have a few questions:

  1. Is this behaviour expected? If so, where is it documented?
  2. If my phone number has been blacklisted, what can I do to resolve the situation?
  3. How can I prevent this situation happening to a user once the passwordless login is live?

Thanks in advance.

Hi @ben13,

Welcome to the Community!

Can you DM me your tenant name so I can take a look at your logs?


Hi Dan, thanks for your response. I have sent you the details in a DM.

Hi Dan,

I’ve discovered the cause of the issue - it was a bug in my application. Essentially the phone number wasn’t always being converted to e164 format properly, which was causing the login call to fail. I suspect the reason I saw the max number of attempts error rather than a normal failed login error is that I tried to log in several times before debugging in detail and writing this post.

I’ve now corrected the application and am able to log in as expected.

Thanks very much for your time on this, and my apologies that it was unnecessary!


1 Like

Thanks for sharing the solution!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.