# Blacklist/Whitelist Account
***
*The /PiPBlacklistAccount endpoint is used when you suspect that a user is using an account for fraudulent transactions. To prevent funds transferred to such an account from eventually entering your settlement account, you can call this endpoint to blacklist the account.*
*Please note that virtual accounts cannot be deleted—they can only be blacklisted using the /PiPBlacklistAccount endpoint. Also, blacklisted accounts can still receive funds; however, payment notifications will not be processed successfully until the blacklist flag is removed.*
*To remove a blacklist (i.e., to whitelist an account), use the /PiPBlacklistAccount endpoint with the appropriate flag.*
#### Production Base URL
[http://154.113.16.142:8088/appdevapi/api/](#production-base-url)
#### HTTP Request
POST /PiPBlacklistAccount
***
Post `https://api-staging.providusbank.com/v1/PiPBlacklistAccount`
To Blacklist an account, set the blacklist\_flag to 1, set to 0 if you want to whitelist the account
**Request (Blacklist)**
```json
{
"account_number": "9977708171",
"blacklist_flg": 1
}
```
**Request (Whitelist)**
```json
{
"account_number": "9977708171",
"blacklist_flg": 0
}
```
{% tabs %}
{% tab title="200 Successful" %}
```javascript
{
"requestSuccessful": true,
"responseMessage": "account blacklisted / whitelisted successfully",
"responseCode": "00"
}
```
{% endtab %}
{% tab title="401: Unauthorized " %}
```
{
"requestSuccessful": false,
"responseMessage": "Exception; Failed",
"responseCode": "03"
}
```
{% endtab %}
{% tab title="400: Bad Request " %}
```
{
"requestSuccessful": false,
"responseMessage": "Exception; Failed",
"responseCode": "03"
}
```
{% endtab %}
{% tab title="500: Internal Server Error " %}
```
{
"requestSuccessful": false,
"responseMessage": "Exception; Failed",
"responseCode": "03"
}
```
{% endtab %}
{% endtabs %}
***
### Sample Implementation
{% tabs %}
{% tab title="Curl" %}
{% code overflow="wrap" %}
```javascript
curl -X POST http://154.113.16.142:8088/appdevapi/api/PiPBlacklistAccount \
-H "Client-Id: dGVzdF9Qcm92aWR1cw==" \
-H "X-Auth-Signature: BE09BEE831CF262226B426E39BD109f2AF84DC63076D4174FAC78A2261F9A3D6E59744983B8326B69CDF2963FE314DFC89635CFA37A40596508DD6EAAB09402C7" \
-H "Content-Type: application/json" \
-d '{"account_number":"9977708171","blacklist_flg":1}'
```
{% endcode %}
{% endtab %}
{% tab title="Python" %}
```python
import requests
import hashlib
client_id = "dGVzdF9Qcm92aWR1cw=="
client_secret = "29A492021F4B709A8D1152C3EF4D32DC5A7092723ECAC4C511781003584B48873CCBFEBDEAE89CF22ED1CB1A836213549BC6638A3B563CA7FC009BEB3BC30CF8"
signature = hashlib.sha512(f"{client_id}:{client_secret}".encode()).hexdigest().upper()
url = "http://154.113.16.142:8088/appdevapi/api/PiPBlacklistAccount"
headers = {
"Client-Id": client_id,
"X-Auth-Signature": signature,
"Content-Type": "application/json"
}
data = {"account_number": "9977708171", "blacklist_flg": 1}
response = requests.post(url, json=data, headers=headers)
print(response.json())
```
{% endtab %}
{% tab title="Java" %}
```java
import java.net.HttpURLConnection;
import java.net.URL;
import java.io.OutputStream;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.security.MessageDigest;
public class BlacklistAccount {
public static void main(String[] args) throws Exception {
String clientId = "dGVzdF9Qcm92aWR1cw==";
String clientSecret = "29A492021F4B709A8D1152C3EF4D32DC5A7092723ECAC4C511781003584B48873CCBFEBDEAE89CF22ED1CB1A836213549BC6638A3B563CA7FC009BEB3BC30CF8";
String signature = MessageDigest.getInstance("SHA-512")
.digest((clientId + ":" + clientSecret).getBytes("UTF-8"))
.toString().toUpperCase();
URL url = new URL("http://154.113.16.142:8088/appdevapi/api/PiPBlacklistAccount");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("POST");
conn.setRequestProperty("Client-Id", clientId);
conn.setRequestProperty("X-Auth-Signature", signature);
conn.setRequestProperty("Content-Type", "application/json");
conn.setDoOutput(true);
String jsonInput = "{\"account_number\":\"9977708171\",\"blacklist_flg\":1}";
try (OutputStream os = conn.getOutputStream()) {
byte[] input = jsonInput.getBytes("utf-8");
os.write(input, 0, input.length);
}
BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream(), "utf-8"));
StringBuilder response = new StringBuilder();
String responseLine;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
}
```
{% endtab %}
{% tab title="JavaScript" %}
```javascript
const fetch = require('node-fetch');
const crypto = require('crypto');
const clientId = 'dGVzdF9Qcm92aWR1cw==';
const clientSecret = '29A492021F4B709A8D1152C3EF4D32DC5A7092723ECAC4C511781003584B48873CCBFEBDEAE89CF22ED1CB1A836213549BC6638A3B563CA7FC009BEB3BC30CF8';
const signature = crypto.createHash('sha512').update(`${clientId}:${clientSecret}`).digest('hex').toUpperCase();
const url = 'http://154.113.16.142:8088/appdevapi/api/PiPBlacklistAccount';
const headers = {
'Client-Id': clientId,
'X-Auth-Signature': signature,
'Content-Type': 'application/json'
};
const data = { account_number: '9977708171', blacklist_flg: 1 };
fetch(url, {
method: 'POST',
headers: headers,
body: JSON.stringify(data)
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
```
{% endtab %}
{% tab title="PHP" %}
```php
"9977708171", "blacklist_flg" => 1];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>
```
{% endtab %}
{% tab title="C#" %}
```csharp
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
using System.Security.Cryptography;
class Program
{
static async Task Main()
{
string clientId = "dGVzdF9Qcm92aWR1cw==";
string clientSecret = "29A492021F4B709A8D1152C3EF4D32DC5A7092723ECAC4C511781003584B48873CCBFEBDEAE89CF22ED1CB1A836213549BC6638A3B563CA7FC009BEB3BC30CF8";
using (var sha512 = SHA512.Create())
{
byte[] bytes = Encoding.UTF8.GetBytes(clientId + ":" + clientSecret);
byte[] hash = sha512.ComputeHash(bytes);
string signature = BitConverter.ToString(hash).Replace("-", "").ToUpper();
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Add("Client-Id", clientId);
client.DefaultRequestHeaders.Add("X-Auth-Signature", signature);
var content = new StringContent(
"{\"account_number\":\"9977708171\",\"blacklist_flg\":1}",
Encoding.UTF8,
"application/json"
);
var response = await client.PostAsync("http://154.113.16.142:8088/appdevapi/api/PiPBlacklistAccount", content);
var responseString = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseString);
}
}
}
}
```
{% endtab %}
{% endtabs %}
> The above command returns JSON structured like this:
```json
{
"requestSuccessful": true,
"responseMessage": "OPERATION SUCCESSFUL",
"responseCode": "00"
}
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://developer.providusbank.com/digital-collection-services/blacklist-whitelist-account.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.