Compliance Forms

To process payments, your users need to validate compliance with PCI DSS annually. Users validate compliance by completing a Self-Assessment Questionnaire (SAQ). You can complete this questionnaire on behalf of your users using Finix's API.

Users include any entity that stores, processes, or transmits credit card data. For more information about PCI compliance, see PCI DSS Compliance.

Related Guides: Managing PCI Compliance, PCI DSS Compliance

Fetch a Compliance Form

A webhook notifies you when Finix creates a compliance_form.

Use the ID in the webhook to fetch the compliance_form resource from the /compliance_forms/:COMPLIANCE_FORM_ID: endpoint.

Request
path Parameters
compliance_forms_id
required
string

ID of the compliance_form.

header Parameters
Accept
string
Default: application/hal+json
Responses
200

Example response

401

Authentication information is missing or invalid

403

Forbidden

404

Object does not exist

406

Not Acceptable

get/compliance_forms/{compliance_forms_id}
Request samples
curl "https://finix.sandbox-payments-api.com/compliance_forms/cf_pqJFvPD3DXAnut1w6iNFK" \
  -H "Finix-Version: 2022-02-01" \
  -u US8TcctGF2gpnApVutdQ6M5H:835e716c-c8e1-4bd2-ad99-9d63cd8ad11a \
  -X GET
Response samples
application/json
{
  • "id": "cf_fEojUGLjwUiqNTBp68JWq8",
  • "created_at": "2022-06-22T01:20:12.439149Z",
  • "updated_at": "2022-07-06T17:32:00.328699Z",
  • "application_id": "APdoThHn4jjYUSxQf76txAgg",
  • "compliance_form_template": "cft_wua8ua1yLAcHRK9mx2mF9K",
  • "due_at": "2022-09-20T01:20:12.430835Z",
  • "files": {
    • "signed_file": null,
    • "unsigned_file": "FILE_fFGMCY4sxGYTqpjnXh54kC"
    },
  • "linked_to": "MUfnskvHiiDgP7x3TVL2LkG3",
  • "linked_type": "MERCHANT",
  • "pci_saq_a": {
    • "ip_address": null,
    • "is_accepted": false,
    • "name": null,
    • "signed_at": null,
    • "title": null,
    • "user_agent": null
    },
  • "state": "INCOMPLETE",
  • "tags": { },
  • "type": "PCI_SAQ_A",
  • "valid_from": "2022-06-22T01:20:12.978825Z",
  • "valid_until": "2023-06-22T01:20:12.97883Z",
  • "version": "2018.5"
}

Complete a Compliance Form

As part of onboarding your users, you'll need to build a UI experience that allows users to complete the PCI compliance_form and download the form as a PDF if requested.

For more information, see Managing Compliance Forms.

Request
path Parameters
compliance_forms_id
required
string

ID of the compliance_form.

header Parameters
Accept
string
Default: application/hal+json
Request Body schema: application/json
object

Details used to fille out the PCI Self-Assessment Questionnaire.

Responses
200

Example response

401

Authentication information is missing or invalid

403

Forbidden

404

Object does not exist

406

Not Acceptable

422

Invalid field

put/compliance_forms/{compliance_forms_id}
Request samples
curl "https://finix.sandbox-payments-api.com/compliance_forms/cf_pqJFvPD3DXAnut1w6iNFK" \
  -H "Content-Type: application/json" \
  -H "Finix-Version: 2022-02-01" \
  -u US8TcctGF2gpnApVutdQ6M5H:835e716c-c8e1-4bd2-ad99-9d63cd8ad11a \
  -X PUT \
  -d '
  {
    "pci_saq_a": {
      "ip_address": "42.1.1.113",
      "name": "John Smith",
      "signed_at": "2022-03-18T16:42:55Z",
      "title": "CTO",
      "user_agent": "Mozilla 5.0(Macintosh; IntelMac OS X 10 _14_6)"
    }
  }'
Response samples
application/json
{
  • "id": "cf_pqJFvPD3DXAnut1w6iNFK",
  • "created_at": "2023-07-06T22:18:19.806288Z",
  • "updated_at": "2023-07-06T22:26:41.003926Z",
  • "linked_to": "MUqXc76t2KiqtikLni1zrMmW",
  • "linked_type": "MERCHANT",
  • "application": "APgix2NcQ9ETSPpVoqwSYUHx",
  • "type": "PCI_SAQ_A",
  • "version": "2018.10",
  • "valid_from": "2023-07-06T22:18:25.775726Z",
  • "valid_until": "2024-07-05T22:18:25.77573Z",
  • "tags": { },
  • "pci_saq_a": {
    • "name": "John Smith",
    • "signed_at": "2022-03-18T16:42:55Z",
    • "user_agent": "Mozilla 5.0(Macintosh; IntelMac OS X 10 _14_6)",
    • "ip_address": "42.1.1.112",
    • "is_accepted": true,
    • "title": "CTO"
    },
  • "due_at": "2023-10-04T22:18:19.790434Z",
  • "compliance_form_template": "cft_k6o6W33fdwnMXNxNhe4nfN",
  • "files": {
    • "unsigned_file": "FILE_AwHMYuDX7w2d8hobjkxKD",
    • "signed_file": "FILE_6E9ZpgGZJGmLcj2PiZzXHB"
    },
  • "state": "COMPLETE"
}

List Compliance Forms

Retrieve a list of Compliance Forms.

For details on how to query endpoints using the available parameters, see Query Parameters.

Request
query Parameters
state
string

Filter by the state of the Compliance Form. For details on how to query endpoints using the available parameters, see Query Parameters.

Enum: "INCOMPLETE" "COMPLETE"
header Parameters
Accept
string
Default: application/hal+json
Responses
200

List of Compliance Form objects.

401

Authentication information is missing or invalid

403

Forbidden

404

Object does not exist

406

Not Acceptable

get/compliance_forms
Request samples
curl "https://finix.sandbox-payments-api.com/compliance_forms?state=COMPLETE" \
    -H "Finix-Version: 2022-02-01" \
    -u  US8TcctGF2gpnApVutdQ6M5H:835e716c-c8e1-4bd2-ad99-9d63cd8ad11a
Response samples
application/json
{
  • "_embedded": {
    • "compliance_forms": [
      ]
    },
  • "page": {
    • "next_cursor": null,
    • "limit": 10
    }
}