Hi again @tbehling,
Aha. Yes, I understand that giving this feedback later in the process is somewhat awkward.
Are you using an existing ACME client (certbot, lego, etc) or have you written an integration from scratch?
You might not need to cancel the authorization at all. In the case where the domain isn’t blocked you’ll need the authorization that is returned in order to continue issuance for the domain. In the case where the domain is blocked, no authorization is created so you can just return the error to the user and not worry.
If you do decide you’d like to try and create an authorization ahead of time, look at the result, and cancel the created authorization in the case the domain wasn’t blocked there is a way to do so. Check out the section of the rate limits page called “Clearing Pending Authorizations”.