Skip to main content
PATCH
https://{tenantDomain}/api/v2
/
attack-protection
/
bot-detection
C#
using Auth0.ManagementApi;
using System.Threading.Tasks;
using Auth0.ManagementApi.AttackProtection;

public partial class Examples
{
    public async Task Example() {
        var client = new ManagementClient(
            token: "<token>"
        );

        await client.AttackProtection.BotDetection.UpdateAsync(
            new UpdateBotDetectionSettingsRequestContent()
        );
    }

}
package com.example.usage;

import com.auth0.client.mgmt.ManagementApi;
import com.auth0.client.mgmt.resources.attackprotection.botdetection.requests.UpdateBotDetectionSettingsRequestContent;

public class Example {
    public static void main(String[] args) {
        ManagementApi client = ManagementApi
            .builder()
            .token("<token>")
            .build();

        client.attackProtection().botDetection().update(
            UpdateBotDetectionSettingsRequestContent
                .builder()
                .build()
        );
    }
}
<?php

namespace Example;

use Auth0\SDK\API\Management\Management;
use Auth0\SDK\API\Management\AttackProtection\BotDetection\Requests\UpdateBotDetectionSettingsRequestContent;

$client = new Management(
    token: '<token>',
);
$client->attackProtection->botDetection->update(
    new UpdateBotDetectionSettingsRequestContent([]),
);
from auth0.management import ManagementClient

client = ManagementClient(
    token="<token>",
)

client.attack_protection.bot_detection.update()
require "auth0"

client = Auth0::Management.new(token: "<token>")

client.attack_protection.bot_detection.update
curl --request PATCH \
  --url https://{tenantDomain}/api/v2/attack-protection/bot-detection \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "allowlist": [
    "127.0.0.1"
  ],
  "monitoring_mode_enabled": true
}
'
const options = {
  method: 'PATCH',
  headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
  body: JSON.stringify({allowlist: ['127.0.0.1'], monitoring_mode_enabled: true})
};

fetch('https://{tenantDomain}/api/v2/attack-protection/bot-detection', options)
  .then(res => res.json())
  .then(res => console.log(res))
  .catch(err => console.error(err));
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://{tenantDomain}/api/v2/attack-protection/bot-detection"

	payload := strings.NewReader("{\n  \"allowlist\": [\n    \"127.0.0.1\"\n  ],\n  \"monitoring_mode_enabled\": true\n}")

	req, _ := http.NewRequest("PATCH", url, payload)

	req.Header.Add("Authorization", "Bearer <token>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(string(body))

}
{
  "allowlist": [
    "127.0.0.1"
  ],
  "monitoring_mode_enabled": true
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

bot_detection_level
enum<string>

The level of bot detection sensitivity

Available options:
low,
medium,
high
challenge_password_policy
enum<string>

The policy that defines how often to show CAPTCHA

Available options:
never,
when_risky,
always
challenge_passwordless_policy
enum<string>

The policy that defines how often to show CAPTCHA

Available options:
never,
when_risky,
always
challenge_password_reset_policy
enum<string>

The policy that defines how often to show CAPTCHA

Available options:
never,
when_risky,
always
allowlist
(string<ipv4> | string<ipv6> | string<cidr> | string<ipv6_cidr>)[]

List of IP addresses or CIDR blocks to allowlist

IPv4 address

monitoring_mode_enabled
boolean

Whether monitoring mode is enabled (logs but does not block)

Response

Bot detection configuration successfully updated.

bot_detection_level
enum<string>

The level of bot detection sensitivity

Available options:
low,
medium,
high
challenge_password_policy
enum<string>

The policy that defines how often to show CAPTCHA

Available options:
never,
when_risky,
always
challenge_passwordless_policy
enum<string>

The policy that defines how often to show CAPTCHA

Available options:
never,
when_risky,
always
challenge_password_reset_policy
enum<string>

The policy that defines how often to show CAPTCHA

Available options:
never,
when_risky,
always
allowlist
(string<ipv4> | string<ipv6> | string<cidr> | string<ipv6_cidr>)[]

List of IP addresses or CIDR blocks to allowlist

IPv4 address

monitoring_mode_enabled
boolean

Whether monitoring mode is enabled (logs but does not block)