Block Endpoint
POST/appblock
Return a Block API decision (Block, Suspect or Clear) along with supporting metadata.
Security
Access to this endpoint is restricted to a set of whitelisted IPs which you configure in the service setup form in the Shield dasbboard.
Overview
Evaluates the fraud status associated with a session identified by uniqid and returns a Block API decision (Block, Suspect or Clear) along with supporting metadata.
Multiple calls of the Block API for the same transaction will result in Block responses.
Behaviour:
- The caller supplies the uniqid obtained from the JS Integration endpoint.
- MCP Shield evaluates device intelligence, behavioural patterns and policy rules associated with the journey to determine the fraud status of the transaction.
- The response includes an action (Block, Suspect or Clear), a numeric score and contextual information.
Monitor-only mode:
- The caller still invokes the Block API for every relevant transaction.
- The response is logged and used for reporting and alerting.
- The caller does not immediately enforce the block decision, which allows tuning and testing of rules in production.
Block API sequence (verbal description):
- Client backend sends POST /appblock with uniqid.
- Shield Block API evaluates the associated journey.
- Shield returns a decision, score, status and optional info and ip data.
Request
Responses
- 200
- 400
- 401
- 404
- 421
- 429
- default
Successful Block API response.
Response Headers
Total time taken to process the request, generated by the MCP Shield backend.
Server identifier returned by the API.
Missing or invalid uniqid in the request.
Response Headers
Total time taken to process the request, generated by the MCP Shield backend.
Server identifier returned by the API.
Access denied due to invalid or missing credentials or IP restrictions.
Response Headers
Total time taken to process the request, generated by the MCP Shield backend.
Server identifier returned by the API.
No transaction found for the supplied uniqid.
Response Headers
Total time taken to process the request, generated by the MCP Shield backend.
Server identifier returned by the API.
Bad request due to malformed data or unsupported format.
Response Headers
Total time taken to process the request, generated by the MCP Shield backend.
Server identifier returned by the API.
Too many requests.
Response Headers
Total time taken to process the request, generated by the MCP Shield backend.
Server identifier returned by the API.
Unexpected error returned by the Block API.
Response Headers
Total time taken to process the request, generated by the MCP Shield backend.
Server identifier returned by the API.