Set maximum login attempts

The API v3 documentation says this about the failed login limit:

“After detecting several requests with invalid credentials within a short period, the API will temporarily reject all authentication attempts for that user (including ones with valid credentials) with 403 Forbidden:”

Is there any way to set any of the related parameters for your own repository - i.e., set the maximum number of failed login attempts, set the period in which this is measured, or set the cooldown time once the max number has been reached? Or are these just hardcoded in by GitHub itself?

Hi @mister-y,

This is not something that you can configure yourself, but all done by GitHub. What’s the reason you want to make changes here?

Thanks for the reply. Our company has a GitHub connector, and part of the automated testing we do on all our connectors involves checking that invalid login credentials lead to the correct type of exception being thrown with an adequate message. Right now our server is failing these tests due to there having been too many failed login attempts.

Do you happen to know if the number of attempts can vary between servers? Or if is handled differently from virtual machines that have GitHub installed? I ask because our GitHub 2.3.1 instance is failing while our repository seems to be doing fine.

Yes, .com can be different from a GitHub Entperprise instance. Especially since GHE 2.14 is the current version, 2.3.1 is rather old. You can reach out to Business Support for more information.