Skip to main content
Blocklists prevent a business that has failed your compliance checks — or one located in a dangerous jurisdiction — from running new Business Verification (KYB) sessions or transacting on your platform.

Supported identifier types for Businesses

TypeKeyMatches when…
BusinessBUSINESSA new session or transaction uses the blocklisted vendor_data
Country(configured separately)Business country matches a dangerous-countries list
IPIP_ADDRESSThe submitter’s IP (or CIDR range) matches
Device fingerprintDEVICE_FINGERPRINTSubmitter device matches
Wallet addressWALLET_ADDRESSCrypto wallet tied to the business matches
Bank accountBANK_ACCOUNTIBAN / bank account matches
Face and document blocklists operate at the individual (User) level, not the Business level. To block directors or UBOs, blocklist them as Users — their involvement with any business then flows through to the business’s key-people review.

How blocklisting happens

1

Automatic — on a declined Business Verification (KYB) session

When a Business Verification (KYB) session finishes DECLINED and auto-blocklist is enabled for your workflow, Didit transitions the Business to BLOCKED and adds the vendor_data to the System Business Blocklist.
2

Automatic — on dangerous country

If the business country of incorporation appears in your configured dangerous countries list, the Business Verification (KYB) session is auto-declined at creation time with reason blocked_country.
3

Automatic — on sanctioned entity

A company AML hit above the decline threshold auto-declines the session and blocklists the business.
4

Manual — from the console

An analyst blocklists a business from Businesses → [business] → Actions → Add to blocklist.
5

Programmatic — via the Lists API

Use the Lists API to add entries directly to the Business blocklist.

Dangerous countries

Each application ships with a default dangerous countries list (configurable from Settings → Blocklist → Countries). Examples of default-included ISO codes: IRN, PRK, SYR, AFG, RUS, MMR (subject to change — the default list follows FATF and OFAC guidance). When a business is created with a matching country_code:
  • The Business Verification (KYB) session is auto-declined with reason blocked_country.
  • No session link is issued.
  • The Business entity is created in BLOCKED status.

Adding a business to the blocklist via API

Use the Lists API to add a blocklist entry programmatically:
  1. List all lists filtered by entry_type=business and is_system=true to find the system Business blocklist.
  2. Create an entry on that list with value set to the business’s vendor_data, plus an optional display_label and comment for audit purposes.

Enforcement at transaction time

Blocklisted businesses propagate into Transaction Monitoring automatically:
  • Transactions with a blocklisted applicant business are auto-declined.
  • Transactions with a blocklisted counterparty business are flagged or declined depending on your rule configuration.
Preset rules like “Sanctioned counterparty” fire on these matches.

Removing a business from the blocklist

  • Console: Blocklist → Businesses → row actions → Remove.
  • API: use the Delete entry endpoint with the list UUID and entry UUID.
Removal does not automatically change the Business’s status. Use PATCH /v3/businesses/{vendor_data}/update-status/ to move the business back to ACTIVE.

Audit trail

Every add/remove is logged to the audit log with:
  • Actor (user email or 'system', 'api').
  • Timestamp.
  • Optional comment.
  • Reference session if auto-generated.

Next steps

Lists API

Full blocklist API reference.

Console blocklist

Manage blocklists from the UI.

Operations

Change business status.