Compliance Forms

To process payments, your Merchants must validate their compliance with PCI DSS requirements annually. To do this, your Merchants must attest to PCI Self-Assessment Questionnaire (SAQ) compliance forms.

Related Guides: Managing PCI Compliance, PCI DSS Compliance

Fetch a Compliance Form

Finix will deliver a webhook when we create a new Compliance Form for your Merchant. Use the webhook to fetch the Compliance Form from the /compliance_forms/{id} endpoint.

Request
path Parameters
id
required
string
header Parameters
Accept
string
Default: application/hal+json
Responses
200
401

Authentication information is missing or invalid

403

Forbidden

404

Object does not exist

406

Not Acceptable

get/compliance_forms/{id}
Request samples
curl "https://finix.sandbox-payments-api.com/compliance_forms/cf_pqJFvPD3DXAnut1w6iNFK" \
  -H "Finix-Version: 2022-02-01" \
  -u US8TcctGF2gpnApVutdQ6M5H:835e716c-c8e1-4bd2-ad99-9d63cd8ad11a \
  -X GET
Response samples
application/json
{
  • "id": "cf_9DXuuF6EYBsfNRvdiv83Pi",
  • "created_at": "2024-01-15T20:18:40.983973Z",
  • "updated_at": "2024-01-15T20:18:55.292203Z",
  • "application": "APjEtgURfLJ5yALzYyNwsVL2",
  • "compliance_form_template": "cft_4cnNacon1uXZ2RS1gfDY2A",
  • "due_at": "2024-04-14T20:18:40.970824Z",
  • "files": {
    • "signed_file": null,
    • "unsigned_file": "FILE_9GcFAzpd6NeYJnHSgiUjpm"
    },
  • "linked_to": "MUfnskvHiiDgP7x3TVL2LkG3",
  • "linked_type": "MERCHANT",
  • "pci_saq_a": {
    • "ip_address": null,
    • "is_accepted": false,
    • "name": null,
    • "signed_at": null,
    • "user_agent": null,
    • "title": null
    },
  • "state": "INCOMPLETE",
  • "tags": { },
  • "type": "PCI_SAQ_A",
  • "valid_from": null,
  • "valid_until": null,
  • "version": "2018.5"
}

Complete a Compliance Form

As part of onboarding, your Merchants need to review and agree to their Compliance Form. Afterward, you need to update their Compliance Form with details about their digital signature. Finix will update their Compliance Form with those details, along with a reference to the new signed_file with their digital signature.

For more information, see Managing Compliance Forms.

Request
path Parameters
id
required
string
header Parameters
Accept
string
Default: application/hal+json
Request Body schema: application/json
required
object

Details about the signee's digital signature

Responses
200
401

Authentication information is missing or invalid

403

Forbidden

404

Object does not exist

406

Not Acceptable

422

Invalid field

put/compliance_forms/{id}
Request samples
curl "https://finix.sandbox-payments-api.com/compliance_forms/cf_pqJFvPD3DXAnut1w6iNFK" \
  -H "Content-Type: application/json" \
  -H "Finix-Version: 2022-02-01" \
  -u US8TcctGF2gpnApVutdQ6M5H:835e716c-c8e1-4bd2-ad99-9d63cd8ad11a \
  -X PUT \
  -d '
  {
    "pci_saq_a": {
      "ip_address": "42.1.1.113",
      "name": "John Smith",
      "signed_at": "2022-03-18T16:42:55Z",
      "title": "CTO",
      "user_agent": "Mozilla 5.0(Macintosh; IntelMac OS X 10 _14_6)"
    }
  }'
Response samples
application/json
{
  • "id": "cf_9DXuuF6EYBsfNRvdiv83Pi",
  • "created_at": "2024-01-15T20:18:40.983973Z",
  • "updated_at": "2024-01-15T20:18:55.292203Z",
  • "application": "APjEtgURfLJ5yALzYyNwsVL2",
  • "compliance_form_template": "cft_4cnNacon1uXZ2RS1gfDY2A",
  • "due_at": "2024-04-14T20:18:40.970824Z",
  • "files": {
    • "signed_file": null,
    • "unsigned_file": "FILE_9GcFAzpd6NeYJnHSgiUjpm"
    },
  • "linked_to": "MUfnskvHiiDgP7x3TVL2LkG3",
  • "linked_type": "MERCHANT",
  • "pci_saq_a": {
    • "ip_address": null,
    • "is_accepted": false,
    • "name": null,
    • "signed_at": null,
    • "user_agent": null,
    • "title": null
    },
  • "state": "INCOMPLETE",
  • "tags": { },
  • "type": "PCI_SAQ_A",
  • "valid_from": null,
  • "valid_until": null,
  • "version": "2018.5"
}

List Compliance Forms

Get all Compliance Forms linked to your Merchants.

For details on how to query endpoints using the available parameters, see Query Parameters.

Request
query Parameters
state
string

Filter by the Compliance Form's state. Use comma-separated values to filter for multiple states (for example, you can specify ?state=INCOMPLETE,EXPIRED).

Enum: "INCOMPLETE" "OVERDUE" "COMPLETE" "EXPIRED" "INVALID"
Example: state=INCOMPLETE
linked_to
string

Filter by whom the Compliance Form resource is linked to.

Example: linked_to=MU8mbkKG3cMdhsPq6WMyfzsF
header Parameters
Accept
string
Default: application/hal+json
Responses
200
401

Authentication information is missing or invalid

403

Forbidden

404

Object does not exist

406

Not Acceptable

get/compliance_forms
Request samples
curl "https://finix.sandbox-payments-api.com/compliance_forms?state=COMPLETE" \
    -H "Finix-Version: 2022-02-01" \
    -u  US8TcctGF2gpnApVutdQ6M5H:835e716c-c8e1-4bd2-ad99-9d63cd8ad11a
Response samples
application/json
{
  • "_embedded": {
    • "compliance_forms": [
      ]
    },
  • "page": {
    • "next_cursor": null,
    • "limit": 10
    }
}