Bypassing Brute Force Protection for Admin User...

[Mel Riffe]

Howdy Folks,

I've just started my research and thought I'd ask here first:

I have an Admin user that is used to Authenticate/Authorize API calls. This user exists in several environments, each with a different password. During some testing, I discovered the Admin user had been locked out because the tester was using an invalid password; because the API calls are automated it wasn't readily apparent what had happened.

Is there a way for me to exclude the Admin user from the Brute Force Protection, from either ignoring their failed_login_count or not having their failed_login_count increased; Or even by some other means?

Thanks, in advance, for any assistance I may receive.

Cheers,

Mel