Compliance Forms

To process payments, your Merchants must validate their compliance with PCI DSS requirements annually. To do this, your Merchants must attest to PCI Self-Assessment Questionnaire (SAQ) compliance forms.

Related Guides: Managing PCI Compliance, PCI DSS Compliance

Fetch a Compliance Form

Finix will deliver a webhook when we create a new Compliance Form for your Merchant. Use the webhook to fetch the Compliance Form from the /compliance_forms/{id} endpoint.

Request

path Parameters

id

required

string

header Parameters

Accept

string

Default: application/hal+json

Responses

200

401

Authentication information is missing or invalid

403

Forbidden

404

Object does not exist

406

Not Acceptable

get/compliance_forms/{id}

Request samples

curl

curl "https://finix.sandbox-payments-api.com/compliance_forms/cf_pqJFvPD3DXAnut1w6iNFK" \
  -H "Finix-Version: 2022-02-01" \
  -u US8TcctGF2gpnApVutdQ6M5H:835e716c-c8e1-4bd2-ad99-9d63cd8ad11a \
  -X GET

Response samples

200
401
403
404
406

application/json

{"id": "cf_9DXuuF6EYBsfNRvdiv83Pi",
"created_at": "2024-01-15T20:18:40.983973Z",
"updated_at": "2024-01-15T20:18:55.292203Z",
"application": "APjEtgURfLJ5yALzYyNwsVL2",
"compliance_form_template": "cft_4cnNacon1uXZ2RS1gfDY2A",
"due_at": "2024-04-14T20:18:40.970824Z",
"files": {"signed_file": null,
"unsigned_file": "FILE_9GcFAzpd6NeYJnHSgiUjpm"
},
"linked_to": "MUfnskvHiiDgP7x3TVL2LkG3",
"linked_type": "MERCHANT",
"pci_saq_a": {"ip_address": null,
"is_accepted": false,
"name": null,
"signed_at": null,
"user_agent": null,
"title": null
},
"state": "INCOMPLETE",
"tags": { },
"type": "PCI_SAQ_A",
"valid_from": null,
"valid_until": null,
"version": "2018.5"
}

Complete a Compliance Form

As part of onboarding, your Merchants need to review and agree to their Compliance Form. Afterward, you need to update their Compliance Form with details about their digital signature. Finix will update their Compliance Form with those details, along with a reference to the new signed_file with their digital signature.

For more information, see Managing Compliance Forms.

Request

path Parameters

id

required

string

header Parameters

Accept

string

Default: application/hal+json

Request Body schema: application/json

required

object

Details about the signee's digital signature

Responses

200

401

Authentication information is missing or invalid

403

Forbidden

404

Object does not exist

406

Not Acceptable

422

Invalid field

put/compliance_forms/{id}

Request samples

curl

curl "https://finix.sandbox-payments-api.com/compliance_forms/cf_pqJFvPD3DXAnut1w6iNFK" \
  -H "Content-Type: application/json" \
  -H "Finix-Version: 2022-02-01" \
  -u US8TcctGF2gpnApVutdQ6M5H:835e716c-c8e1-4bd2-ad99-9d63cd8ad11a \
  -X PUT \
  -d '
  {
    "pci_saq_a": {
      "ip_address": "42.1.1.113",
      "name": "John Smith",
      "signed_at": "2022-03-18T16:42:55Z",
      "title": "CTO",
      "user_agent": "Mozilla 5.0(Macintosh; IntelMac OS X 10 _14_6)"
    }
  }'

Response samples

application/json

{"id": "cf_9DXuuF6EYBsfNRvdiv83Pi",
"created_at": "2024-01-15T20:18:40.983973Z",
"updated_at": "2024-01-15T20:18:55.292203Z",
"application": "APjEtgURfLJ5yALzYyNwsVL2",
"compliance_form_template": "cft_4cnNacon1uXZ2RS1gfDY2A",
"due_at": "2024-04-14T20:18:40.970824Z",
"files": {"signed_file": null,
"unsigned_file": "FILE_9GcFAzpd6NeYJnHSgiUjpm"
},
"linked_to": "MUfnskvHiiDgP7x3TVL2LkG3",
"linked_type": "MERCHANT",
"pci_saq_a": {"ip_address": null,
"is_accepted": false,
"name": null,
"signed_at": null,
"user_agent": null,
"title": null
},
"state": "INCOMPLETE",
"tags": { },
"type": "PCI_SAQ_A",
"valid_from": null,
"valid_until": null,
"version": "2018.5"
}

List Compliance Forms

Get all Compliance Forms linked to your Merchants.

For details on how to query endpoints using the available parameters, see Query Parameters.

Request

query Parameters

state	string Filter by the Compliance Form's `state`. Use comma-separated values to filter for multiple states (for example, you can specify `?state=INCOMPLETE,EXPIRED`). Enum: "INCOMPLETE" "OVERDUE" "COMPLETE" "EXPIRED" "INVALID" Example: state=INCOMPLETE
linked_to	string Filter by whom the Compliance Form resource is linked to. Example: linked_to=MU8mbkKG3cMdhsPq6WMyfzsF

header Parameters

Accept

string

Default: application/hal+json

Responses

200

401

Authentication information is missing or invalid

403

Forbidden

404

Object does not exist

406

Not Acceptable

get/compliance_forms

Request samples

curl

curl "https://finix.sandbox-payments-api.com/compliance_forms?state=COMPLETE" \
    -H "Finix-Version: 2022-02-01" \
    -u  US8TcctGF2gpnApVutdQ6M5H:835e716c-c8e1-4bd2-ad99-9d63cd8ad11a

Response samples

200
401
403
404
406

application/json

{"_embedded": {"compliance_forms": [{"id": "cf_pqJFvPD3DXAnut1w6iNFK",
"created_at": "2023-07-06T22:18:19.806288Z",
"updated_at": "2023-07-06T22:26:41.003926Z",
"linked_to": "MUqXc76t2KiqtikLni1zrMmW",
"linked_type": "MERCHANT",
"application": "APgix2NcQ9ETSPpVoqwSYUHx",
"type": "PCI_SAQ_A",
"version": "2018.10",
"valid_from": "2023-07-06T22:18:25.775726Z",
"valid_until": "2024-07-05T22:18:25.77573Z",
"tags": { },
"pci_saq_a": {"name": "John Smith",
"signed_at": "2022-03-18T16:42:55Z",
"user_agent": "Mozilla 5.0(Macintosh; IntelMac OS X 10 _14_6)",
"ip_address": "42.1.1.113",
"is_accepted": true,
"title": "CTO"
},
"due_at": "2023-10-04T22:18:19.790434Z",
"compliance_form_template": "cft_k6o6W33fdwnMXNxNhe4nfN",
"files": {"unsigned_file": "FILE_AwHMYuDX7w2d8hobjkxKD",
"signed_file": "FILE_6E9ZpgGZJGmLcj2PiZzXHB"
},
"state": "COMPLETE"
}
]
},
"page": {"next_cursor": null,
"limit": 10
}
}