# Block a user from joining the group

RBAC: requires GroupMembers.Manage

Endpoint: POST /api/v1/groups/{groupId}/blocks
Version: 1.0
Security: header

## Path parameters:

  - `groupId` (string, required)
    The unique identifier of the group
    Example: "us_01hxcvk1hjexere4pvtrj0ymqq"

## Request fields (application/json):

  - `uri` (string,null)
    Block by URI (ActivityPub actor URI)
    Example: "https://example.com/users/alice"

  - `email` (string,null)
    Block by email address
    Example: "user@example.com"

  - `username` (string,null)
    Block by username (local or username@domain format)
    Example: "alice@example.com"

  - `domain` (string,null)
    Block by domain
    Example: "example.com"

  - `userId` (string,null)
    Block by user ID
    Example: "us_01hxcvk1hjexere4pvtrj0ymqq"

  - `reason` (string,null)
    Reason for the block
    Example: "Repeated spam violations"

  - `preflight` (boolean)
    Preflight mode - preview affected users without applying changes

## Response 400 fields (application/json):

  - `errorCode` (string, required)
    Error code

  - `message` (string, required)
    Error message

  - `docUrl` (string)
    Link to documentation

## Response 401 fields (application/json):

  - `errorCode` (string, required)
    Error code

  - `message` (string, required)
    Error message

  - `docUrl` (string)
    Link to documentation

## Response 403 fields (application/json):

  - `errorCode` (string, required)
    Error code

  - `message` (string, required)
    Error message

  - `docUrl` (string)
    Link to documentation

## Response 404 fields (application/json):

  - `errorCode` (string, required)
    Error code

  - `message` (string, required)
    Error message

  - `docUrl` (string)
    Link to documentation


## Response 200 fields
