The captcha is triggered when too many accounts are being created from one IP during a 24 hrs period. Guess the same applies for login attempts. If you need that disabled you can contact support - you cannot turn off this security measure yourself.
Question is - why do you need to login that often? Sessions.
@KarlOffenberger, Basically, I am building a react native app (proof of concept) to display shopify website. There is a component called webview (think like iframe).
So each time my app reload itself, the webview will post to https://xxx.myshopify.com/account/login with the following json data (by using chrome inspector)
Outside of Multipass there isn't an API to log customers into Shopify. I would not suggest other approaches like posting the data as it could very well could be trapped by the bot tools. At best you'll have the captcha to deal with.
I also have plenty of concerns around the security of passing around customer password data like that. Not enough context into methods you're using to comment too much but it's setting off all the spidey senses.