GraphQL: Blocking the user after multiple incorrect logins

To further enhance the security of our systems, external applications that use the ChargePoint GraphQL API will block users who fail to log in correctly multiple times for a certain period of time. This mechanism serves to minimize the risk of unauthorized access.

mutation login { 
   initSession(username: $username, password: $password) { 
       sessionToken 
       refreshToken 
   } 
}

A user who tries to log in with incorrect credentials will be blocked for several minutes on the tenth attempt. Even if the user then tries to log in with the correct credentials during the time he/she is blocked, the login will be rejected. Only after the time has expired is it possible for the user to log in again with his/her correct access data.