@@ -188,9 +188,9 @@ Verb | Description
188188##Authentication
189189
190190There are three ways to authenticate through GitHub API v3. Requests that
191- require authentication will return 404, instead of403, in some places. This
192- is to prevent the accidental leakage of private repositories to unauthorized
193- users.
191+ require authentication will return` 404 Not Found ` , instead of
192+ ` 403 Forbidden ` , in some places. This is to prevent the accidental leakage
193+ of private repositories to unauthorized users.
194194
195195###Basic Authentication
196196
@@ -224,6 +224,36 @@ This should only be used in server to server scenarios. Don't leak your
224224OAuth application's client secret to your users. Read[ more about
225225unauthenticated rate limiting] ( #unauthenticated-rate-limited-requests ) .
226226
227+ ###Failed login limit
228+
229+ Authenticating with invalid credentials will return` 401 Unauthorized ` :
230+
231+ <pre class =" terminal " >
232+ $ curl -i https://api.github.com -u foo:bar
233+
234+ HTTP/1.1 401 Unauthorized
235+
236+ {
237+ "message": "Bad credentials",
238+ "documentation_url": "http://developer.github.com/v3"
239+ }
240+ </pre >
241+
242+ After detecting several requests with invalid credentials within a short period,
243+ the API will temporarily reject all authentication attempts for that user
244+ (including ones with valid credentials) with` 403 Forbidden ` :
245+
246+ <pre class =" terminal " >
247+ $ curl -i https://api.github.com -u valid_username:valid_password
248+
249+ HTTP/1.1 403 Forbidden
250+
251+ {
252+ "message": "Maximum number of login attempts exceeded",
253+ "documentation_url": "http://developer.github.com/v3"
254+ }
255+ </pre >
256+
227257##Hypermedia
228258
229259All resources may have one or more` *_url ` properties linking to other