Lists
Create entry
Add a value to a list. Validated based on entry type.
POST
Add an entry to a list. The value is validated based on the list’s entry type:
If you omit
This lets you navigate from the blocklist entry back to the original transaction, user, or business in the console.
- email: Must be a valid email address
- phone: Must be a valid international phone number (auto-normalized to E.164)
- ip_address: Must be a valid IP address or CIDR range (e.g.
192.168.1.1or10.0.0.0/8) - device_fingerprint: Must be at least 8 alphanumeric characters
- country: Must be a valid ISO 3166-1 alpha-2 or alpha-3 country code
- face, document, wallet_address, bank_account, user, business, key: Any non-empty string
reference_session_id, which handles face blocklisting automatically (including biometric matching).
Request body
| Field | Type | Required | Description |
|---|---|---|---|
value | string | Conditional | The value to add (phone number, email, IP, etc.). Required unless reference_session_id is provided. When both value and reference_session_id are provided, the value is used to disambiguate (e.g. when a session has multiple phones). |
reference_session_id | string (UUID) | No | Verification session ID. Didit auto-extracts the value from the session based on the list’s entry type, links the entry back, and marks the underlying model as blocklisted. See Adding from a session. |
reference_object_uuid | string (UUID) | No | UUID of the source entity (transaction UUID, vendor user didit_internal_id, etc.). Stored on the entry for traceability — lets you navigate from the blocklist back to the original entity. |
display_label | string | No | Human-readable label shown in the console |
comment | string | No | Comment or reason for adding |
metadata | object | No | Additional structured data. Commonly used for document context (full_name, issuing_state, document_type) or entity references (reference_type, reference_id). |
Adding from a session
When you provide areference_session_id, Didit automatically:
- Looks up the session (must belong to the same application)
- Extracts the value based on the list’s entry type:
- face → links the biometric data for future matching, sets
is_blocklistedon the Face model - document → extracts document number, stores full name / issuing state / document type in metadata, sets
is_blocklistedon the KYC model - phone → extracts the phone number, sets
is_blocklistedon the Phone model - email → extracts the email address, sets
is_blocklistedon the Email model - ip_address → extracts the IP from the session’s location data
- device_fingerprint → extracts the device fingerprint from the session’s location data
- face → links the biometric data for future matching, sets
- Sets
reference_sessionandreference_object_uuidon the entry for traceability
400 if the session is not found or does not contain data for the requested entry type.
Disambiguating multiple values
If a session has multiple instances of the same type (e.g. two phone numbers from a multi-step workflow), pass bothreference_session_id and value. The backend finds the matching instance and returns 400 if the value doesn’t match any data in the session.
value, the most recently created instance is used.
Referencing transactions, users, and businesses
When blocklisting data from a transaction or vendor user/business, pass the entity’s UUID asreference_object_uuid and indicate the source type in metadata:
| Source entity | reference_object_uuid | metadata.reference_type |
|---|---|---|
| Verification session | Auto-set by backend (face/KYC/phone/email UUID) | Not needed — use reference_session_id |
| Transaction | Transaction UUID | "transaction" |
| Vendor user | didit_internal_id | "vendor_user" |
| Vendor business | didit_internal_id | "vendor_business" |