Effects of temporary locks

HTTP Request - /public/authentication/password/check/

The following example shows the result of a call that is executed while a temporary lock is still active:

POST https://iam-host.com/auth/rest/public/authentication/password/check
    "username": "john.doe@ergon.ch",
    "password": "incorrect_password"

The response is a HTTP 403 Forbidden with a code "USER_TEMPORARILY_LOCKED" to indicate the reason of the failure. This result will be returned regardless whether the username/password combination is valid or not.

Since this call returned an error, a "temporaryLockExpiry" is returned as well, but the time delay is not increased and neither is the failed login counter.

HTTP Response - /public/authentication/password/check/

403 Forbidden
    "meta": {
        "type": "jsonapi.metadata.document",
        "timestamp": "2018-12-04T10:18:39.315Z",
        "temporaryLockExpiry": "2018-12-04T10:18:41.499Z"
    "errors": [
            "id": "9315:2873",
            "status": 403,
            "code": "USER_TEMPORARILY_LOCKED"