Skip to main content
Didit Raises $7.5M to Build the Infrastructure for Identity and Fraud
Didit
Back to blog
Blog · March 13, 2026

Designing Developer Workflows for Custom Blocklists and Allowlists

Effectively managing custom blocklists and allowlists is crucial for robust identity verification and fraud prevention. This blog explores best practices, architectural considerations, and how to integrate these controls into.

By DiditUpdated
designing-developer-workflows-for-custom-blocklists-and-allowlists.png

Proactive Fraud PreventionImplementing custom blocklists and allowlists is a proactive strategy to prevent repeat fraudsters and streamline verification for trusted users, significantly reducing risk and manual review.

API-Driven AutomationLeveraging robust APIs allows developers to programmatically manage blocklist and allowlist entries, integrating these critical security measures directly into their existing systems and workflows.

Granular ControlEffective systems provide the ability to block or allow specific identity attributes (e.g., face, document, phone, email) rather than just entire user profiles, offering more nuanced control.

Didit's Modular ApproachDidit's AI-native platform provides a flexible, API-first approach to blocklist management, allowing developers to easily integrate and automate fraud prevention into their identity verification workflows, alongside Free Core KYC and other advanced features.

The Critical Role of Custom Blocklists and Allowlists in Identity Verification

In the digital age, establishing trust and preventing fraud are paramount for any online business. While robust identity verification (IDV) is the first line of defense, the ability to maintain custom blocklists and allowlists adds a crucial layer of intelligent security and operational efficiency. Blocklists prevent known fraudsters or problematic entities from accessing services, while allowlists expedite the onboarding process for pre-approved or trusted users. For developers, designing workflows that seamlessly integrate these controls is essential for building resilient and scalable identity solutions.

A well-implemented blocklist can stop repeat offenders who try to circumvent verification using new identities, saving significant resources and preventing potential damages. Imagine a scenario where a user attempts to create multiple accounts after being flagged for fraudulent activity. By blocklisting their document, face, or contact information, you can prevent future attempts. Conversely, allowlists can be used for VIP customers or pre-vetted partners, reducing friction and improving the user experience by bypassing certain verification steps. This dual approach not only enhances security but also optimizes operational costs by minimizing manual reviews for both high-risk and low-risk profiles.

Architectural Considerations for Developer-Friendly Implementation

Building effective blocklist and allowlist functionality requires careful architectural planning, especially when integrating with existing systems. Developers need solutions that are flexible, scalable, and easy to manage via APIs. The core components typically involve a centralized database for storing blocklist/allowlist entries, a robust API for programmatic access (add, remove, query), and integration points within the identity verification workflow itself.

When designing these systems, consider the following:

  • Granularity of Blocking: Can you block specific attributes (e.g., just a document, or just a phone number) or only entire user profiles? More granular control offers greater flexibility. Didit's API, for instance, allows you to blocklist specific items like faces, documents, phone numbers, and email addresses based on a session ID, as seen in its /v3/blocklist/add/ endpoint.
  • Real-time Updates: How quickly are blocklist/allowlist entries propagated and applied? Fraud prevention often requires near real-time updates to be effective.
  • Audit Trails and Versioning: It’s crucial to know who added or removed an entry and why. Good systems provide audit logs and potentially versioning for entries.
  • Integration with Verification Workflows: The blocklist/allowlist check should be an integral part of your identity verification workflow, ideally as an early step to prevent unnecessary processing for blocked entities.
  • API Design: A clean, well-documented API is paramount for developer adoption. Endpoints for adding, retrieving, and removing entries should be intuitive.

Integrating Blocklists and Allowlists into Your Verification Workflows

The true power of blocklists and allowlists comes from their seamless integration into your identity verification workflows. This means defining rules and triggers that automatically check against these lists at various stages of the user journey. For example, during initial signup, an email address or phone number could be checked against a blocklist. If the user proceeds to document verification, a check against a document blocklist could occur.

Here’s how to integrate effectively:

  1. Pre-Verification Checks: Before initiating a full ID Verification process, check basic identifiers like email or phone number against your blocklist. This can quickly filter out known bad actors and save on verification costs.

  2. During Verification: Integrate blocklist checks for attributes extracted during the ID Verification process, such as the ID document number or the user's face (using 1:1 Face Match or Face Search against a blocklist of known fraudulent faces).

  3. Post-Verification Review: If a user fails verification or exhibits suspicious behavior (e.g., multiple failed attempts, deepfake detection via Passive & Active Liveness), automatically add relevant attributes to the blocklist via an API call.

  4. Automated Allowlists: For trusted partners or internal users, automatically add their identifiers to an allowlist. When these users attempt to verify, your system can recognize them and either skip certain steps or fast-track their process, improving user experience and reducing operational overhead.

  5. Dynamic Workflows: Use a modular identity platform like Didit, which allows you to define flexible workflows. You can configure a workflow to include a blocklist check node, and depending on the outcome, either terminate the session, trigger a manual review, or proceed with further verification steps. This is part of Didit's Orchestrated Workflows, where you can combine KYC, age checks, AML Screening & Monitoring, and custom logic.

For example, if Didit's ID Verification detects a document that matches an entry in your custom document blocklist, the workflow can be configured to automatically reject the session or flag it for immediate manual review, preventing a fraudulent account from being created. This automation is key to scalable fraud prevention.

How Didit Helps

Didit is an AI-native, developer-first identity platform designed for building flexible and robust verification workflows, including advanced blocklist and allowlist management. Our modular architecture allows you to compose verification steps and orchestrate risk with ease, all through clean APIs or a no-code Business Console.

Didit's platform provides direct support for custom blocklists:

  • API-Driven Blocklist Management: With Didit's Management API (v3), developers can programmatically add faces, documents, phone numbers, and email addresses to a blocklist based on a session ID using the POST /v3/blocklist/add/ endpoint. This enables seamless integration into your fraud detection and response systems.
  • Orchestrated Workflows: Our no-code visual builder allows you to design multi-step identity verification flows. You can easily incorporate blocklist checks as a node within these workflows, defining conditional logic to automatically reject or flag sessions if a blocklisted item is detected. This ensures that your custom rules are applied consistently and efficiently.
  • Comprehensive Identity Verification: Alongside blocklist capabilities, Didit offers a full suite of identity primitives including ID Verification (OCR, MRZ, barcodes), Passive & Active Liveness, 1:1 Face Match & Face Search, and AML Screening & Monitoring. These tools provide the data points necessary to populate and maintain effective blocklists.
  • Free Core KYC: Get started with essential identity verification for free, allowing you to build foundational fraud prevention without upfront costs. Our pay-per-successful check model, with no setup fees, ensures you only pay for what you use, making advanced features like blocklist management accessible to businesses of all sizes.
  • AI-Native Advantage: Didit's AI-native approach enhances the accuracy of identity verification, reducing false positives and negatives, which in turn leads to more precise blocklist entries and more effective fraud prevention.

By leveraging Didit's platform, developers can design sophisticated, automated workflows that leverage custom blocklists and allowlists, enhancing security, reducing fraud, and improving the overall user experience.

Ready to Get Started?

Ready to see Didit in action? Get a free demo today.

Start verifying identities for free with Didit's free tier.

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page
Developer Workflows: Custom Blocklists & Allowlists.