diff --git a/api/index.php b/api/index.php
index 8948e0e5a..005f175a1 100644
--- a/api/index.php
+++ b/api/index.php
@@ -64,10 +64,13 @@ try {
 } catch (InvalidArgumentException $e) {
 	
 	 if (Auth::getInstance()->attempt(post('username'), post('password'))) {
-		$token = Auth::getInstance()->getToken();
-		$result = $token;
+		$result = Auth::getInstance()->getToken();
 	 }else{
 		$result = API::error('unauthorized');
+	   // Se è in corso un brute-force, aggiunge il timeout
+		if (Auth::isBrute()) {
+			$result = Auth::getBruteTimeout();
+		}
 	 }
 	 
 } catch (Exception $e) {