diff --git a/app/api/v1/blocks.rb b/app/api/v1/blocks.rb
index 6a84d22..e838a88 100644
--- a/app/api/v1/blocks.rb
+++ b/app/api/v1/blocks.rb
@@ -8,6 +8,13 @@ module Api
           return forbidden! unless block.visible_to_user?(current_person)
           present block, :with => Entities::Block, display_api_content: true
         end
+
+        post ':id' do
+          block = Block.find(params["id"])
+          return forbidden! unless block.allow_edit?(current_person)
+          block.update_attributes!(params[:block])
+          present block, :with => Entities::Block, display_api_content: true
+        end
       end
     end
 
diff --git a/app/models/block.rb b/app/models/block.rb
index a05d09e..a32bfbb 100644
--- a/app/models/block.rb
+++ b/app/models/block.rb
@@ -309,6 +309,16 @@ class Block < ApplicationRecord
     false
   end
 
+  def allow_edit?(person)
+    return false if person.nil? || (!person.is_admin? && !editable?(person))
+    if self.owner.kind_of?(Profile)
+      return person.has_permission?(:edit_profile_design, owner)
+    elsif self.owner.kind_of?(Environment)
+      return person.has_permission?(:edit_environment_design, owner)
+    end
+    false
+  end
+
   private
 
   def home_page_path
diff --git a/test/api/blocks_test.rb b/test/api/blocks_test.rb
index 6aa4835..e5c62c4 100644
--- a/test/api/blocks_test.rb
+++ b/test/api/blocks_test.rb
@@ -94,4 +94,32 @@ class BlocksTest < ActiveSupport::TestCase
     assert_equal "<div>test</div>", json["block"]["api_content"]["html"]
   end
 
+  should 'not allow block edition when user has not the permission for profile' do
+    box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name)
+    block = fast_create(Block, box_id: box.id)
+    post "/api/v1/blocks/#{block.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'allow block edition when user has permission to edit profile design' do
+    box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name)
+    block = fast_create(Block, box_id: box.id)
+    give_permission(person, 'edit_profile_design', profile)
+    params[:block] = {title: 'block title'}
+    post "/api/v1/blocks/#{block.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 201, last_response.status
+    assert_equal 'block title', json['block']['title']
+  end
+
+  should 'save custom block parameters' do
+    box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name)
+    block = fast_create(RawHTMLBlock, box_id: box.id)
+    Environment.default.add_admin(person)
+    params[:block] = {title: 'block title', html: "block content"}
+    post "/api/v1/blocks/#{block.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 201, last_response.status
+    assert_equal 'block content', json['block']['api_content']['html']
+  end
 end
diff --git a/test/unit/block_test.rb b/test/unit/block_test.rb
index 41f2252..3d28606 100644
--- a/test/unit/block_test.rb
+++ b/test/unit/block_test.rb
@@ -421,4 +421,60 @@ class BlockTest < ActiveSupport::TestCase
     block.expects(:display_to_user?).returns(false)
     assert !block.visible_to_user?(nil)
   end
+
+  should 'not allow block edition when user has not the permission for profile design' do
+    block = Block.new
+    profile = fast_create(Profile)
+    block.stubs(:owner).returns(profile)
+    person = create_user('person_one').person
+    assert !block.allow_edit?(person)
+  end
+
+  should 'allow block edition when user has permission to edit profile design' do
+    block = Block.new
+    profile = fast_create(Profile)
+    block.stubs(:owner).returns(profile)
+    person = create_user('person_one').person
+    give_permission(person, 'edit_profile_design', profile)
+    assert block.allow_edit?(person)
+  end
+
+  should 'not allow block edition when user is nil' do
+    block = Block.new
+    assert !block.allow_edit?(nil)
+  end
+
+  should 'not allow block edition when block is not editable' do
+    block = Block.new
+    person = create_user('person_one').person
+    block.expects(:editable?).returns(false)
+    assert !block.allow_edit?(person)
+  end
+
+  should 'allow block edition when block is not editable but user is admin' do
+    block = Block.new
+    profile = fast_create(Profile)
+    block.stubs(:owner).returns(profile)
+    person = create_user('person_one').person
+    Environment.default.add_admin(person)
+    block.stubs(:editable?).returns(false)
+    assert block.allow_edit?(person)
+  end
+
+  should 'not allow block edition when user has not the permission for environment design' do
+    block = Block.new
+    environment = Environment.default
+    block.stubs(:owner).returns(environment)
+    person = create_user('person_one').person
+    assert !block.allow_edit?(person)
+  end
+
+  should 'allow block edition when user has the permission for environment design' do
+    block = Block.new
+    environment = Environment.default
+    block.stubs(:owner).returns(environment)
+    person = create_user('person_one').person
+    give_permission(person, 'edit_environment_design', environment)
+    assert block.allow_edit?(person)
+  end
 end
--
libgit2 0.21.2