POST
/
v1
/
customers
/
{customerId}
/
accounts
/
{accountId}
/
block
Block an account
curl --request POST \
  --url https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/block \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "reason": "Suspected fraudulent activity reported by the customer."
}
'
const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({reason: 'Suspected fraudulent activity reported by the customer.'})
};

fetch('https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/block', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
import requests

url = "https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/block"

payload = { "reason": "Suspected fraudulent activity reported by the customer." }
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
{
  "success": true,
  "accountId": "a1b2c3d4-5e6f-7081-92a3-b4c5d6e7f809",
  "customerId": "c1a2b3c4-5d6e-7f80-91a2-b3c4d5e6f708",
  "status": "BLOCKED",
  "reason": "Suspected fraudulent activity reported by the customer.",
  "updatedAt": "2026-06-29T18:24:05.000Z"
}
{
"success": false,
"error": {
"code": "VALIDATION_ERROR",
"message": "The request could not be processed. Check the request parameters and body and try again."
}
}
{
"success": false,
"error": {
"code": "VALIDATION_ERROR",
"message": "The request could not be processed. Check the request parameters and body and try again."
}
}
{
"success": false,
"error": {
"code": "VALIDATION_ERROR",
"message": "The request could not be processed. Check the request parameters and body and try again."
}
}
{
"success": false,
"error": {
"code": "VALIDATION_ERROR",
"message": "The request could not be processed. Check the request parameters and body and try again."
}
}

Authorizations

Authorization
string
header
required

The back-office user's access token.

Path Parameters

customerId
string<uuid>
required

The customer's ID.

accountId
string<uuid>
required

The account's ID.

Query Parameters

programId
string
required

The program the customer/account belongs to. Required on every request.

Body

application/json
reason
string
required

Why the status is changing — stored on the customer's or account's status history for audit.

Minimum string length: 1

Response

The account was blocked.

Standard mutation envelope. Additional fields may be present depending on the operation.

success
boolean
Example:

true