User Management

Comprehensive user lifecycle management with role-based access control, compliance features, and security monitoring.

User Management Overview

Bloklab provides a comprehensive user management system with enterprise-grade security, compliance features, and granular access controls.

From registration to ongoing management, our platform ensures secure and compliant user operations with automated workflows and real-time monitoring.

API ReferenceSecurity Guide

Identity Verification

Comprehensive KYC/AML verification process with document validation.

Role-Based Access

Granular permission system with customizable user roles and access levels.

Multi-Factor Auth

Enhanced security with TOTP, SMS, and hardware key authentication.

Activity Monitoring

Real-time user activity tracking and audit logs for compliance.

User Roles & Permissions

Admin

Full system access with user management capabilities

Permissions:

Create and manage users
Configure system settings
Access all platform features
View audit logs
Manage API keys
Configure compliance rules

Manager

Asset and portfolio management with team oversight

Permissions:

Manage assigned assets
Create transactions
View team analytics
Approve user requests
Generate reports
Manage portfolio allocations

Trader

Trading and transaction execution capabilities

Permissions:

Execute trades
View market data
Create transactions
Access trading tools
View portfolio
Generate trade reports

Viewer

Read-only access to assigned assets and data

Permissions:

View assigned assets
Access read-only dashboard
Download reports
View transaction history
Access market data
View portfolio performance

User Lifecycle Management

Registration

5-10 minutes

User account creation and initial setup

Process Steps:

1
Email and password registration
2
Email verification process
3
Initial profile setup
4
Terms and conditions acceptance
5
Account activation
POST /api/v1/users/register

Verification

1-3 business days

Identity verification and KYC compliance

Process Steps:

1
Personal information submission
2
Document upload (ID, passport)
3
Address verification
4
Risk assessment
5
Compliance review and approval
POST /api/v1/users/kyc/submit

Activation

Immediate

Account activation and role assignment

Process Steps:

1
KYC approval notification
2
Role and permission assignment
3
Security setup (MFA)
4
Initial funding (if applicable)
5
Platform onboarding
PUT /api/v1/users/{id}/activate

Management

Ongoing

Ongoing account management and monitoring

Process Steps:

1
Profile updates and maintenance
2
Role and permission changes
3
Security monitoring
4
Activity tracking
5
Compliance monitoring
PUT /api/v1/users/{id}

Security Features

Multi-Factor Authentication

Support for TOTP, SMS, and hardware key authentication

Implementation Example:

// Enable MFA for user
await client.users.enableMFA({
  userId: 'user_123',
  method: 'totp', // totp, sms, hardware_key
  phoneNumber: '+1234567890' // for SMS
});

// Verify MFA during login
const authResult = await client.auth.login({
  email: '[email protected]',
  password: 'password',
  mfaCode: '123456'
});

Session Management

Secure session handling with automatic timeout and refresh

Implementation Example:

// Configure session settings
await client.users.updateSessionSettings({
  userId: 'user_123',
  sessionTimeout: 3600, // 1 hour
  maxConcurrentSessions: 3,
  autoLogoutInactive: true
});

// Monitor active sessions
const sessions = await client.users.getActiveSessions('user_123');

API Key Management

Generate and manage API keys for programmatic access

Implementation Example:

// Create API key for user
const apiKey = await client.users.createApiKey({
  userId: 'user_123',
  name: 'Trading Bot Key',
  permissions: ['read_portfolio', 'create_transactions'],
  expiresAt: '2024-12-31T23:59:59Z'
});

// Revoke API key
await client.users.revokeApiKey({
  userId: 'user_123',
  keyId: apiKey.id
});

Compliance & Monitoring

KYC Management

Automated KYC processing with document verification and risk scoring

Document OCR and validation
Identity verification
Address verification
Sanctions screening

Activity Monitoring

Real-time monitoring of user activities and transaction patterns

Transaction monitoring
Behavioral analysis
Risk scoring
Alert generation

Audit Logging

Comprehensive audit trails for all user actions and system events

Action logging
Data retention
Compliance reporting
Forensic analysis

Regulatory Reporting

Automated generation of regulatory reports and compliance documentation

Suspicious activity reports
Transaction reports
User statistics
Compliance metrics

User Management Best Practices

Security

  • • Enforce strong password policies
  • • Require multi-factor authentication
  • • Implement session timeout policies
  • • Monitor for suspicious activities
  • • Regular security assessments

Compliance

  • • Maintain comprehensive audit logs
  • • Implement data retention policies
  • • Regular compliance reporting
  • • KYC document validation
  • • Risk-based monitoring

Important Considerations

Data Privacy

Ensure compliance with GDPR, CCPA, and other privacy regulations when handling user data. Implement data minimization and purpose limitation principles.

Role Management

Regularly review and update user roles and permissions. Implement principle of least privilege and periodic access reviews.

Incident Response

Have procedures in place for account compromise, data breaches, and suspicious activities. Implement automated alerts and response workflows.

Ready to Manage Users?

Start implementing user management features with our comprehensive APIs and tools.

Contact SalesAPI Documentation