Suspend user

POST https://app.speybooks.com/api/v1/admin/users/{id}/suspend

Suspend or permanently ban a user account.

Flow

Prevent self-suspension (returns 400)
Prevent suspending admin users (returns 400)
Set is_active = false, record suspended_at, suspended_reason, suspended_permanent
Delete all active sessions (immediate logout)
Write USER_SUSPENDED or USER_BANNED audit log

Request Body

reason — minimum 5 characters, required
permanent — boolean (default false). True = ban, false = suspension (can be reversed)

State Changes

Field	Before	After
`is_active`	true	false
`suspended_at`	null	NOW()
`suspended_reason`	null	provided reason
`suspended_permanent`	false	as provided
`sessions`	active	deleted

Error responses:

400 { code: "SELF_SUSPEND" } — cannot suspend yourself
400 { code: "CANNOT_SUSPEND_ADMIN" } — admin users protected
404 { code: "NOT_FOUND" } — user not found

Path parameters

id string required

User ID.

Body parameters

reason string required

Suspension reason (audit trail). Min 5 characters.

min length: 5

permanent boolean optional

True for permanent ban, false for temporary suspension. Default false.

Response

200 User suspended (or banned if permanent). All sessions invalidated.

Show response fields

message string

Error codes

400 Cannot suspend yourself or admin users.

404 User not found.

Request POST /v1/admin/users/{id}/suspend curl

curl -X POST https://api.speybooks.com/v1/admin/users/12/suspend \
  -H "Authorization: Bearer <admin-token>" \
  -H "Content-Type: application/json" \
  -d '{"reason": "Terms of service violation", "permanent": false}'

Response 200

{
  "success": true,
  "data": {
    "message": "User suspended"
  }
}