> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tagada.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Block Rules & Fraud Prevention

> Block fraudulent transactions by IP, email, card BIN, and more

# Block Rules & Fraud Prevention

**Block rules** stop checkouts and payments from matching IPs, emails, PAN/BIN patterns, specific customers, or payment IDs. Rules use an **`AND` / `OR` operator** across the criteria you set.

***

## Create a block rule

```ts theme={null}
await tagada.blockRules.create({
  name: 'Temp BIN + email pattern',
  operator: 'OR',
  bin: '424242',
  emailRegex: '.*@disposable\\.example',
  isPermanent: false,
  ttlHours: 24,
});
```

<Tip>
  Use **`OR`** when any single signal should block; use **`AND`** when all filled criteria must match.
</Tip>

***

## Rule criteria reference

| Field        | Matches                       |
| ------------ | ----------------------------- |
| `ipAddress`  | Exact IPv4/IPv6               |
| `email`      | Exact email                   |
| `emailRegex` | Email pattern (regex string)  |
| `bin`        | Card BIN (typically 6 digits) |
| `binRegex`   | BIN pattern                   |
| `pan`        | Full or partial PAN (exact)   |
| `panRegex`   | PAN pattern                   |
| `customerId` | Specific customer ID          |
| `paymentId`  | Specific payment ID           |

Additional flags include `autoCreated`, `metadata`, `isPermanent`, and `ttlHours`.

***

## Temporary vs permanent blocks

```ts theme={null}
// Expires after 24 hours
await tagada.blockRules.create({
  name: 'Cooling off',
  operator: 'OR',
  ipAddress: '203.0.113.10',
  isPermanent: false,
  ttlHours: 24,
});

// No expiry
await tagada.blockRules.create({
  name: 'Permanent email block',
  operator: 'OR',
  email: 'abuse@example.com',
  isPermanent: true,
});
```

<Note>
  `ttlHours` is only meaningful when `isPermanent` is `false`. Allowed range is **1–8760** hours.
</Note>

***

## List, retrieve, update, delete

```ts theme={null}
const list = await tagada.blockRules.list();

const rule = await tagada.blockRules.retrieve('rule_...');

const updated = await tagada.blockRules.update('rule_...', {
  data: {
    name: 'Renamed rule',
    emailRegex: '.*@spam\\.test',
  },
});

await tagada.blockRules.del('rule_...');
```

The list endpoint accepts pagination and filters via the HTTP API (`pagination`, `sortBy`, `filters`); the SDK currently posts an empty body for `list()` — extend the call if you pass a typed body through your integration.

***

## SDK methods reference

| Method                                   | Description                                            |
| ---------------------------------------- | ------------------------------------------------------ |
| `tagada.blockRules.list()`               | List rules for the authenticated account               |
| `tagada.blockRules.create(params)`       | Create a rule (`BlockRuleFormSchema`-shaped fields)    |
| `tagada.blockRules.retrieve(id)`         | Fetch one rule                                         |
| `tagada.blockRules.update(id, { data })` | Partial update (`data` uses the same fields as create) |
| `tagada.blockRules.del(id)`              | Delete a rule                                          |

***

## Next steps

<CardGroup cols={2}>
  <Card title="Payments" icon="credit-card" href="/developer-tools/node-sdk/merchant-quickstart">
    Process and route payments after hardening with block rules
  </Card>

  <Card title="Customer management" icon="users" href="/developer-tools/node-sdk/customers">
    Tie blocks to `customerId` and customer-level review
  </Card>

  <Card title="Checkout sessions" icon="link" href="/developer-tools/node-sdk/checkout-sessions">
    Share checkout links and monitor async payment status
  </Card>

  <Card title="Funnel orchestrator" icon="diagram-project" href="/developer-tools/funnels/funnel-orchestrator">
    Routing and conditions alongside fraud controls
  </Card>
</CardGroup>
