Reply
Occasional Contributor
AndrewB22
Posts: 6
Registered: ‎04-05-2011

API & Locked Out Accounts

Hi,

 

Bit of a feature request.

 

Can you please make the API more information. Specifically if an account is locked out, return a "locked out" error - as you do when a user tries to login through your website.

 

I've spent ages checking my code (which was working fine) to try and see why it suddenly stopped working. Only to find the account was locked out - when I went to log into the account online.

(* I was already logged in, so had to log out and log in again to find out it was locked).

 

I'd assume it was locked out due to a large number of API requests (?)

(I'm unit testing my code, so I've probably made about 70 requests in 30 minutes)

CTCT Employee
David_J
Posts: 510
Registered: ‎06-04-2009

Re: API & Locked Out Accounts

A lockout should only occur for using more information. If in the event you hit either of our rate limits, this would throw you a specific error explaining that your API requests are currently being refused rather than locking your account. In addition, the lockout rates are far above 70 requests in 30 minutes, so this would not have locked you out.

 

I can however submit the request to return an error message stating that the account is locked out due to too many invalid login attempts, vs the standard 'HTTP Status 401 - Unable to authenticate user xxxxxxxxx'

 

I apologize for any inconvenience that this has caused. Please let us know if you have any questions or concerns regarding this. Thanks.

David J