Block User By ID
Suspend a user and revoke current access.
Authentication
This endpoint requires a bearer access token for the System API.
Endpoint
PATCH /api/v1/users/{userId}/block
Authorization: Bearer YOUR_ACCESS_TOKEN
Content-Type: application/json
Request
Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer token for a System API client |
Content-Type | Yes | Must be application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
userId | integer | Yes | User identifier. Must be greater than 0. |
Query Parameters
This endpoint does not accept query parameters.
Request Body
{
"triggerWebhook": false,
"notifyUserViaEmail": true,
"suspensionReason": "Repeated policy violations",
"blockedByUserId": 9001
}
Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
triggerWebhook | boolean | No | Accepted by the API for webhook workflow control. Default: false. |
notifyUserViaEmail | boolean | No | When true, the user receives the restricted-access email. Default: false. |
suspensionReason | string | No | Reason for the suspension. Maximum length: 250. |
blockedByUserId | integer | Yes | Identifier of the acting user who performed the block action. Must be greater than 0. |
Validation Rules
blockedByUserIdmust be greater than0suspensionReasonmust not exceed250characters
Response
204 No Content
The user was blocked successfully.
This endpoint does not return a response body on success.
Errors
| Status | When it happens |
|---|---|
400 Bad Request | The request body is invalid |
401 Unauthorized | The bearer token is missing, invalid, or expired |
403 Forbidden | The token is valid but does not have access to this endpoint |
404 Not Found | No user exists with the provided userId |
404 Example
User not found
Behavior
- Current access for the user is revoked before the suspension is stored
- The user is marked as suspended
- Suspension metadata is stored, including time, actor, and reason
- When
notifyUserViaEmailistrue, the restricted-access email is sent triggerWebhookis accepted by the endpoint, but this endpoint does not currently expose a documented webhook result
Example
cURL
curl -X PATCH "https://your-tenant.guardhouse.cloud/api/v1/users/101/block" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"triggerWebhook": false,
"notifyUserViaEmail": true,
"suspensionReason": "Repeated policy violations",
"blockedByUserId": 9001
}'
.NET SDK
using Guardhouse.SDK.Models.Users;
using Guardhouse.SDK.Services;
// Assumes AddGuardhouseClientWithApiClients(...) is already configured.
app.MapPatch("/example/users/{userId:int}/block", async (int userId, IGuardhouseUsersClient usersClient) =>
{
var blocked = await usersClient.BlockUserAsync(userId, new BlockUserRequest
{
TriggerWebhook = false,
NotifyUserViaEmail = true,
SuspensionReason = "Repeated policy violations",
BlockedByUserId = 9001
});
return blocked ? Results.NoContent() : Results.NotFound();
});
Python SDK
# SDK support is in development.
# Use raw HTTP for now.
#
# Example shape:
# response = requests.patch(
# "https://your-tenant.guardhouse.cloud/api/v1/users/101/block",
# headers={
# "Authorization": "Bearer YOUR_ACCESS_TOKEN",
# "Content-Type": "application/json",
# },
# json={
# "triggerWebhook": False,
# "notifyUserViaEmail": True,
# "suspensionReason": "Repeated policy violations",
# "blockedByUserId": 9001,
# },
# )
Notes
- Use Unblock User By ID to restore access later.
- Use Get User By ID to inspect the updated user state.