Occasionally, when signing up or logging into a brand's app, an "Access Denied" error will appear. This error is tied to Cloudflare, Punchh's web infrastructure and website security company. When this error appears, it means that signups and/or logins have been blocked at the API listed. These blocks are specific to user agents from where the attack is originating (Android or iOS). The purpose of these blocks is to help mitigate credential stuffing attacks. When a block is in place, guests will not be able to sign up and/or log into the app. Guests that are already logged into the app will be able to use the app normally.
Blocks are removed after monitoring teams confirm the attack(s) has stopped. When blocks are removed, regular functionality is restored for sign up and/or log ins.
Disclaimer:
In an effort to supply information as quickly as possible, this article has been published prior to a formal technical review, and is subject to factual, grammatical, and various structural errors. Data may be incomplete, misordered, or incorrect.
This additional disclaimer will be removed upon formal review of this article. The standard Punchh Inc. KB Disclaimer still applies, and can be found at: https://support.punchh.com/hc/en-us/articles/360040100273-Punchh-Inc-Knowledge-Base-Disclaimer