Is there a way through the Stormpath API or their UI to set a maximum number of password retry attempts? Or does this retry count need to be managed on my web server during any authentication with the Stormpath API?
The Stormpath API does not yet provide this as a feature, so this is something that would have to be managed by your web application. However the Stormpath API can help you, because you can store the state in the account's custom data object, so that you can keep track of how many attempts have been made on that particular account.
I hope this answer helps!