Occasionally, when signing up or logging into a brand's app, an "Access Denied" error will appear. This error is tied to Cloudflare, Punchh's web infrastructure and website security company. When this error appears, it means that signups and/or logins have been blocked at the API listed. These blocks are specific to user agents from where the attack is originating (Android or iOS). The purpose of these blocks is to help mitigate credential stuffing attacks. When a block is in place, guests will not be able to sign up and/or log into the app. Guests that are already logged into the app will be able to use the app normally.
Blocks are removed after monitoring teams confirm the attack(s) has stopped. When blocks are removed, regular functionality is restored for sign up and/or log ins.
Please note: This is not a 'hack' nor is Punchh down. Guest information has not been compromised.
In order to allow guests to sign in during a block, direct them to your iFrame. If you have any questions regarding your iFrame please submit a support ticket or align with your customer success manager.