Get Password Lockout Settings

GET 
/policies/lockout

Returns the password lockout settings configured on the organization. The settings specify when a user should be locked (e.g how many password attempts). The user has to be unlocked by an administrator afterward.

Request

Header Parameters

x-zitadel-orgid string

The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.

Responses

200

A successful response.

application/json

Schema

Schema

policy

object

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

maxPasswordAttempts uint64

Maximum password check attempts before the account gets locked. Attempts are reset as soon as the password is entered correctly or the password is reset. If set to 0 the account will never be locked.

maxOtpAttempts uint64

Maximum failed attempts for a single OTP type (TOTP, SMS, Email) before the account gets locked. Attempts are reset as soon as the OTP is entered correctly. If set to 0 the account will never be locked.

isDefault boolean

defines if the organization's admin changed the policy

isDefault deprecated: is_default is also defined in zitadel.policy.v1.LockoutPolicy (boolean)

Example (from schema)

{
  "policy": {
    "details": {
      "sequence": "2",
      "creationDate": "2025-05-08T15:15:58.498Z",
      "changeDate": "2025-05-08T15:15:58.498Z",
      "resourceOwner": "69629023906488334"
    },
    "maxPasswordAttempts": "10",
    "maxOtpAttempts": "10",
    "isDefault": true
  },
  "isDefault": true
}

application/grpc

Schema

Schema

policy

object

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

maxPasswordAttempts uint64

Maximum password check attempts before the account gets locked. Attempts are reset as soon as the password is entered correctly or the password is reset. If set to 0 the account will never be locked.

maxOtpAttempts uint64

Maximum failed attempts for a single OTP type (TOTP, SMS, Email) before the account gets locked. Attempts are reset as soon as the OTP is entered correctly. If set to 0 the account will never be locked.

isDefault boolean

defines if the organization's admin changed the policy

isDefault deprecated: is_default is also defined in zitadel.policy.v1.LockoutPolicy (boolean)

Example (from schema)

{
  "policy": {
    "details": {
      "sequence": "2",
      "creationDate": "2025-05-08T15:15:58.498Z",
      "changeDate": "2025-05-08T15:15:58.498Z",
      "resourceOwner": "69629023906488334"
    },
    "maxPasswordAttempts": "10",
    "maxOtpAttempts": "10",
    "isDefault": true
  },
  "isDefault": true
}

application/grpc-web+proto

Schema

Schema

policy

object

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

maxPasswordAttempts uint64

Maximum password check attempts before the account gets locked. Attempts are reset as soon as the password is entered correctly or the password is reset. If set to 0 the account will never be locked.

maxOtpAttempts uint64

Maximum failed attempts for a single OTP type (TOTP, SMS, Email) before the account gets locked. Attempts are reset as soon as the OTP is entered correctly. If set to 0 the account will never be locked.

isDefault boolean

defines if the organization's admin changed the policy

isDefault deprecated: is_default is also defined in zitadel.policy.v1.LockoutPolicy (boolean)

Example (from schema)

{
  "policy": {
    "details": {
      "sequence": "2",
      "creationDate": "2025-05-08T15:15:58.499Z",
      "changeDate": "2025-05-08T15:15:58.499Z",
      "resourceOwner": "69629023906488334"
    },
    "maxPasswordAttempts": "10",
    "maxOtpAttempts": "10",
    "isDefault": true
  },
  "isDefault": true
}

default

An unexpected error response.

application/json

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Loading...