Preview API: The Identity Controls API is currently in preview and is subject to change. Production usage should account for potential breaking changes.
The Identity Controls API provides management of various lifecycle actions on the Identity. This API replaces the deprecated user_disabled and admin_disabled fields on the Identity API and expands allowing finer grained reasons and new types (DORMANT) of controls.

Available Endpoints

List Identity Controls

GET /v2/identity/controls List all controls for an identity. Returns both active and deleted controls based on query parameters.

Create Identity Control

POST /v2/identity/controls Create a new control for an identity. Clients can only create CLOSED or DORMANT controls.

Delete Identity Control

DELETE /v2/identity/controls Delete a control to reactivate an identity. Only CLIENT controls can be deleted.

Authentication

All endpoints require OAuth2 authentication with the following scopes:
  • identity:read_identity_control: Required for listing controls
  • identity:write_identity_control: Required for creating and deleting controls

Control Types

TypeDescription
CLOSEDIdentity is closed, common reasons include END_USER_REQUESTED or COMPLIANCE
DORMANTIdentity is dormant due to inactivity
Being CLOSED or DORMANT will affect the Identity’s ability to perform actions on the Platform.

Control Ownership

Controls created via CreateIdentityControl create will be set_by:CLIENT and you’ll be able to delete these controls. In some scenarios paxos will enforce an account closure or other type of control and you’ll not be able to delete these controls.
Set ByCan DeleteDescription
CLIENTControls set by your integration
PAXOSControls enforced by Paxos for compliance or risk reasons

Response Format

All endpoints return controls in the following structure: 
{
  "id": "59b8e3c5-2b6e-4fa6-afcf-8c685598241d",
  "type": "CLOSED",
  "set_by": "CLIENT",
  "reason_code": "END_USER_REQUESTED",
  "reason": "User requested account closure",
  "created_at": "2024-01-15T10:30:00Z",
  "deleted_at": null
}

Migration from Legacy Fields

Identity Controls replaces the deprecated user_disabled and admin_disabled boolean fields. Existing identities with these fields set will be automatically migrated to use Identity Controls. During the transition period, both the legacy fields and Identity Controls will be supported. Migration mapping:
  • user_disabled: true → Identity Control with set_by: CLIENT and type: CLOSED
  • admin_disabled: true → Identity Control with set_by: PAXOS and type: CLOSED