The Blacklist Customer endpoint allows you to restrict customer access by changing their status to BLACKLISTED. This operation is critical for fraud prevention, compliance enforcement, and risk management. Blacklisted customers cannot make payments, receive invoices, or interact with your services until their status is restored. All blacklist operations are logged for audit and compliance purposes.

Endpoint Details

method
string
PATCH
url
string
/api/v0/customers/{id}
Authentication: Required (API Key & Secret)
Idempotency: Supported (recommended for status changes)
Rate Limiting: Subject to standard API rate limits
Audit Logging: All blacklist operations are automatically logged

Authentication

All requests require API key authentication using the following headers:
  • x-client-key: Your application’s client key
  • x-client-secret: Your application’s client secret

Idempotency

Include an idempotency key to ensure blacklist operations are safely retryable:
  • idempotency-key: Include a unique UUID v4 in the header
  • Subsequent requests with the same key return the original response
  • Keys expire after 24 hours

Path Parameters

id
string
required
Customer’s unique identifier (UUID)
Format: UUID v4
Example: "550e8400-e29b-41d4-a716-446655440000"

Request Body

status
string
required
Set to "BLACKLISTED" to blacklist the customer
Value: "BLACKLISTED"
reason
string
Optional reason for blacklisting (for internal tracking)
Example: "Fraudulent activity detected"
Note: This field is not stored in the customer record but can be logged separately

Request Examples

curl -X PATCH "https://api.devdraft.ai/api/v0/customers/550e8400-e29b-41d4-a716-446655440000" \
  -H "Content-Type: application/json" \
  -H "x-client-key: YOUR_CLIENT_KEY" \
  -H "x-client-secret: YOUR_CLIENT_SECRET" \
  -H "idempotency-key: $(uuidgen)" \
  -d '{
    "status": "BLACKLISTED"
  }'

Response Format