Skip to main content
POST
/
v2
/
identity
/
controls
Create Identity Control
curl --request POST \
  --url https://api.example.com/v2/identity/controls \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "identity_id": "<string>",
  "type": "SELL_ONLY",
  "reason_code": "OTHER",
  "reason": "<string>"
}
'
{
  "id": "<string>",
  "type": "SELL_ONLY",
  "set_by": "SET_BY_PAXOS",
  "is_overridable": true,
  "reason_code": "OTHER",
  "reason": "<string>",
  "created_at": "2023-11-07T05:31:56Z",
  "deleted_at": "2023-11-07T05:31:56Z"
}
OAuth Scope
identity:write_identity_control

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Body

application/json
identity_id
string
required

The Identity ID

type
enum<string>
required

The type of control applied to an identity.

  • SELL_ONLY: Identity may only sell
  • CLOSED: Identity is closed and cannot perform any actions
  • DORMANT: Identity is dormant due to inactivity
Available options:
SELL_ONLY,
CLOSED,
DORMANT
reason_code
enum<string>
required

Reason code for why a control was applied.

  • OTHER: Miscellaneous reason not captured by existing categories
  • END_USER_REQUEST: Control applied at the end user's request
  • INACTIVITY: Control applied due to prolonged inactivity in accordance with dormancy or lifecycle management policies
  • COMPLIANCE_KYC: Control applied due to unmet KYC requirements, including missing, expired, failed, or unresponsiveness to refresh obligations
  • COMPLIANCE_EDD: Control applied due to Enhanced Due Diligence (EDD) requirements, including failure to complete EDD reviews, provide requested information, or satisfy heightened risk assessment criteria
  • COMPLIANCE_SCREENING: Control applied as a result of sanctions, politically exposed person (PEP), or adverse media screening hits
  • COMPLIANCE_INVESTIGATION: Control applied while an identity is under active compliance, risk, or regulatory investigation, including reviews triggered by monitoring alerts or external inquiries
  • ONBOARDING_INCOMPLETE: Control applied because the onboarding process was not successfully completed, including failure to respond to requests for information or provide required documentation
  • RISK_FRAUD: Control applied due to suspected or confirmed fraud, abuse, or security risk, including account compromise, transaction fraud, or policy violations
  • LEGAL_ORDER: Control applied to comply with a legal, regulatory, or law-enforcement directive, including court orders, asset preservation requests, or regulatory instructions
  • ADMINISTRATIVE: Control applied for operational or platform-initiated reasons not attributable to the end user or compliance failure, such as system remediation or account restructuring
Available options:
OTHER,
END_USER_REQUEST,
INACTIVITY,
COMPLIANCE_KYC,
COMPLIANCE_EDD,
COMPLIANCE_SCREENING,
COMPLIANCE_INVESTIGATION,
ONBOARDING_INCOMPLETE,
RISK_FRAUD,
LEGAL_ORDER,
ADMINISTRATIVE
reason
string

Freetext reason for setting the control

Response

A successful response.

id
string

Unique identifier for this control

type
enum<string>

The type of control applied to an identity.

  • SELL_ONLY: Identity may only sell
  • CLOSED: Identity is closed and cannot perform any actions
  • FROZEN: Identity is frozen due to compliance reasons
  • DORMANT: Identity is dormant due to inactivity
Available options:
SELL_ONLY,
CLOSED,
FROZEN,
DORMANT
set_by
enum<string>

Indicates who set the control.

Available options:
SET_BY_PAXOS,
SET_BY_CLIENT
is_overridable
boolean

Whether this control can be deleted by the client application

reason_code
enum<string>

Reason code for why a control was applied.

  • OTHER: Miscellaneous reason not captured by existing categories
  • END_USER_REQUEST: Control applied at the end user's request
  • INACTIVITY: Control applied due to prolonged inactivity in accordance with dormancy or lifecycle management policies
  • COMPLIANCE_KYC: Control applied due to unmet KYC requirements, including missing, expired, failed, or unresponsiveness to refresh obligations
  • COMPLIANCE_EDD: Control applied due to Enhanced Due Diligence (EDD) requirements, including failure to complete EDD reviews, provide requested information, or satisfy heightened risk assessment criteria
  • COMPLIANCE_SCREENING: Control applied as a result of sanctions, politically exposed person (PEP), or adverse media screening hits
  • COMPLIANCE_INVESTIGATION: Control applied while an identity is under active compliance, risk, or regulatory investigation, including reviews triggered by monitoring alerts or external inquiries
  • ONBOARDING_INCOMPLETE: Control applied because the onboarding process was not successfully completed, including failure to respond to requests for information or provide required documentation
  • RISK_FRAUD: Control applied due to suspected or confirmed fraud, abuse, or security risk, including account compromise, transaction fraud, or policy violations
  • LEGAL_ORDER: Control applied to comply with a legal, regulatory, or law-enforcement directive, including court orders, asset preservation requests, or regulatory instructions
  • ADMINISTRATIVE: Control applied for operational or platform-initiated reasons not attributable to the end user or compliance failure, such as system remediation or account restructuring
Available options:
OTHER,
END_USER_REQUEST,
INACTIVITY,
COMPLIANCE_KYC,
COMPLIANCE_EDD,
COMPLIANCE_SCREENING,
COMPLIANCE_INVESTIGATION,
ONBOARDING_INCOMPLETE,
RISK_FRAUD,
LEGAL_ORDER,
ADMINISTRATIVE
reason
string

Freetext reason why this identity control was set

created_at
string<date-time>

Time this identity control was created

deleted_at
string<date-time>

Time this identity control was deleted