The configuration of the failed login counters threshold for the REST API is configured in the authentication flows settings of the Loginapp REST API. This configuration applies to all authentication factors and all applications.
The configuration setting can be found in
Loginapp >> Authentication Flows >> Max Failed Logins