DEVDOCS-6183 - add callout about authorization limit

docs/storefront/headless/index.mdx

@@ -169,6 +169,10 @@ The following example uses the GraphQL Storefront API to complete a checkout and
 
 BigCommerce has introduced a feature that leverages the [Customer Access Token](/docs/start/authentication/graphql-storefront#customer-access-tokens) for seamless redirection, logging in customers automatically when they reach checkout from the storefront. Built with JWT-based "Session Sync," this enhancement enables transferring session details, such as customer and cart data, across various contexts. Developers can use GraphQL API for advanced session syncing, ensuring a smoother, cohesive experience for customers across platforms.
 
+<Callout type="info">
+  After three attempts with invalid session-sync JWT tokens, the system will block the IP address for five minutes.
+</Callout>
+
 The following examples demonstrate how to sync and validate session details for headless storefronts and hosted checkouts.    
 
 <Tabs items={['Format', 'Mutation', 'Validate']}>