Blocking Accounts

There may be times you wish to temporarily or permanently block a user from accessing Tilia Pay. For example, if the user has been blocked from your platform or violated your Terms of Service.

In addition to any blocking you may do, Tilia actively monitors user activity and will block accounts that have violated our Terms of Service (TOS). Blocked accounts are unable to conduct transactions or access Tilia Pay UIs. You are also unable to create redirect URLs for blocked accounts.

As an integrator, you can block a user's account on Tilia Pay. However, you may not have permission to unblock accounts.

Two factors determine your ability to unblock accounts:

  • your license agreement. In some cases, your license agreement may permit unblocking accounts. Otherwise, you will need to contact us to request the unblocking.
  • whether or not you have blocked the account. You are not permitted to unblock accounts that have been blocked by Tilia.

To block an account

Blocking accounts requires an API token with the scope block_accounts.

curl --location --request POST https://accounts.tilia-inc.com/v1/{account_id}/user-info/block \
--header 'Authorization: Bearer <Access_Token>' \
--header 'Content-Type: application/json' \

Response Body

{
    "status": "Success",
    "message": [],
    "codes": [],
    "payload": {
        "is_blocked": true
    }
}

Keep in mind that blocking does not expire. The account must be unblocked in order to access Tilia Pay.

As a best practice, we recommend that you keep track of any accounts that you have blocked somewhere in your system, along with your reason for blocking. This will make it easier for you to determine if and when these accounts should be unblocked.

Detecting blocked accounts

You can check to see if an account has been blocked by calling the /user-info endpoint.

curl --location --request GET https://accounts.tilia-inc.com/v1/{account_id}/user-info \
--header 'Authorization: Bearer <Access_Token>' \
--header 'Content-Type: application/json' \

Blocked accounts will return a value of true for is_blocked in the response JSON; unblocked accounts will return false.

{
    "status": "Success",
    "message": [],
    "codes": [],
    "payload": {
        "account_id": "09c9e3ee-8af5-4206-aaa4-1a913ea855d2",
        "username": "string",
        "email": "string",
        "is_blocked": true,
        "integrator": "string",
        "created": "2020-07-03T01:05:59.49468Z"
    }
}

When authorization is attempted on a blocked account, a 403 error is returned with a response similar to the following:

{
    "status": "Failure",
    "message": [],
    "codes": [],
    "payload": "account is blocked ({account_id})"
}

To unblock an account

Unblocking accounts via the Tilia Pay API requires special permissions. Please contact Tilia support for questions regarding your permissions.

You are never permitted to unblock accounts that have been blocked by Tilia.

This example requires an API token with the scope unblock_accounts.

curl --location --request POST https://accounts.tilia-inc.com/v1/{account_id}/user-info/unblock \
--header 'Authorization: Bearer <Access_Token>' \
--header 'Content-Type: application/json' \

Response Body

{
    "status": "Success",
    "message": [],
    "codes": [],
    "payload": {
        "is_blocked": false
    }
}

Monitoring Block Status via Webhook

We recommend that you implement a webhook to notify you about changes to an account's block status. Refer to the Blocking & Unblocking Accounts webhook documentation for request body details.

Currently, webhook endpoints must be configured manually by Tilia staff. We are developing a web interface to enable you to control this directly. For now, please contact us for assistance.