Node
Python
Ruby
PHP
Java
.NET
Go
REST// Create a word blocklist
await client.createBlockList({
name: "profanity_custom",
words: ["badword1", "badword2", "offensive"],
type: "word",
});
// Create a domain blocklist
await client.createBlockList({
name: "blocked_domains",
words: ["spam-site.com", "phishing.net"],
type: "domain",
});
// Create a regex filter
await client.createBlockList({
name: "phone_numbers",
words: ["\\b\\d{3}[-.]?\\d{3}[-.]?\\d{4}\\b"],
type: "regex",
});
// Create a domain allowlist (only these domains are permitted)
await client.createBlockList({
name: "trusted_domains",
words: ["myapp.com", "getstream.io"],
type: "domain_allowlist",
});
// Create an email allowlist
await client.createBlockList({
name: "approved_emails",
words: ["support@myapp.com", "info@myapp.com"],
type: "email_allowlist",
});Filters
Filters let you block or flag content based on specific words, domains, emails, or regex patterns. To use filters in moderation, you first create a blocklist, then attach it to a moderation policy.
Create a Blocklist
Create a custom blocklist with a name, type, and list of entries.
// Create a word blocklist
client.createBlockList(CreateBlockListRequest.builder()
.name("profanity_custom")
.words(List.of("badword1", "badword2", "offensive"))
.type("word")
.build()).execute();
// Create a domain blocklist
client.createBlockList(CreateBlockListRequest.builder()
.name("blocked_domains")
.words(List.of("spam-site.com", "phishing.net"))
.type("domain")
.build()).execute();
// Create a regex filter
client.createBlockList(CreateBlockListRequest.builder()
.name("phone_numbers")
.words(List.of("\\b\\d{3}[-.]?\\d{3}[-.]?\\d{4}\\b"))
.type("regex")
.build()).execute();
// Create a domain allowlist (only these domains are permitted)
client.createBlockList(CreateBlockListRequest.builder()
.name("trusted_domains")
.words(List.of("myapp.com", "getstream.io"))
.type("domain_allowlist")
.build()).execute();
// Create an email allowlist
client.createBlockList(CreateBlockListRequest.builder()
.name("approved_emails")
.words(List.of("support@myapp.com", "info@myapp.com"))
.type("email_allowlist")
.build()).execute();Request Parameters
| key | required | type | description |
|---|---|---|---|
| name | true | string | Unique name for the blocklist (max 255 characters). |
| words | true | array | List of words, domains, emails, or regex patterns (max 10,000 entries). |
| type | false | string | Filter type: word (default), domain, domain_allowlist, email, email_allowlist, or regex. |
| is_leet_check_enabled | false | boolean | Detect leet speak bypass attempts (e.g., h4ck3r → hacker). Word type only. |
| is_plural_check_enabled | false | boolean | Detect singular/plural forms (e.g., cat matches cats). Word type only. |
| team | false | string | Team ID for multi-tenant blocklists. |
Update a Blocklist
Replace the word list or settings of an existing blocklist.
client.updateBlockList("profanity_custom", UpdateBlockListRequest.builder()
.words(List.of("badword1", "badword2", "offensive", "newword"))
.isLeetCheckEnabled(true)
.isPluralCheckEnabled(true)
.build()).execute();List Blocklists
var response = client.listBlockLists().execute();Get a Blocklist
var response = client.getBlockList("profanity_custom").execute();Delete a Blocklist
client.deleteBlockList("profanity_custom").execute();Attach a Blocklist to a Policy
Once created, attach your blocklist to a moderation policy to activate it. Each rule specifies the blocklist name and the action to take when matched.
client.moderation().upsertConfig(UpsertConfigRequest.builder()
.key("chat:messaging")
.blockListConfig(BlockListConfig.builder()
.rules(List.of(
BlockListRule.builder().name("profanity_custom").action("remove").build(),
BlockListRule.builder().name("blocked_domains").action("flag").build(),
BlockListRule.builder().name("phone_numbers").action("flag").build()))
.build())
.build()).execute();Filter Types
| Type | type value | Description |
|---|---|---|
| Word Blocklist | word | Exact word matching (case-insensitive). Supports leet speak and plural detection. |
| Domain Blocklist | domain | Blocks URLs by domain suffix matching. Ignores scheme and path. |
| Domain Allowlist | domain_allowlist | Only allows URLs from listed domains. Blocks everything else. |
| Email Blocklist | email | Blocks exact email addresses. |
| Email Allowlist | email_allowlist | Only allows listed email addresses. Blocks everything else. |
| Regex | regex | Pattern matching with regular expressions. Max 100 patterns per filter. |
Word Matching
Word blocklists match exact words (case-insensitive). Adjacent punctuation is ignored, but partial word matches are not.
For a blocklist containing dogs, house:
"Dogs, are great"— matches (case-insensitive, ignores comma)"I live in a lighthouse"— does not match (no partial match onhouse)
With leet speak detection enabled: d0g matches dog, w0m@n matches woman.
With plural detection enabled: houses matches house, dog matches dogs.
Domain Matching
Domain filters match the suffix of URLs. gmail.com matches https://gmail.com, http://support.gmail.com, etc. A more specific filter like messenger.facebook.com only matches that subdomain.
Regex Matching
Regex filters support standard regular expression syntax. Tips:
- Use
(?i)for case-insensitive matching - Use
\bfor whole-word boundaries - Escape special characters with
\ - Max 100 patterns per filter, max 60 characters per pattern
Limits
| Limit | Value |
|---|---|
| Max blocklists per app | 20 (100 with multi-tenancy) |
| Max words per blocklist | 10,000 |
| Max regex patterns per blocklist | 100 |
| Max characters per word | 40 |
| Max characters per regex pattern | 60 |
On this page: