Compliance Forms

To process payments, your users need to validate compliance with PCI DSS annually. Users validate compliance by completing a Self-Assessment Questionnaire (SAQ). You can complete this questionnaire on behalf of your users using Finix's API.

Users include any entity that stores, processes, or transmits credit card data. For more information about PCI compliance, see PCI DSS Compliance.

Related Guides: Managing PCI Compliance, PCI DSS Compliance

View Compliance Forms

A webhook notifies you when Finix creates a compliance_form.

Use the ID in the webhook to fetch the compliance_form resource from the /compliance_forms/:COMPLIANCE_FORM_ID: endpoint.

Request
path Parameters
compliance_forms_id
required
string

ID of the compliance_form.

Responses
200

Example response

Response Schema: application/json
compliance_form_template
string

Template linked to this compliance_form.

created_at
string <date-time>

Timestamp of when the object was created.

due_at
string <date-time>

Timestamp of when the compliance_form must be completed by.

object

Details about the File resoruce where the compliance_form was uploaded.

id
string

ID of the compliance_form.

linked_to
string

The ID of the merchant linked to the compliance_form.

linked_type
string

The type of resource this compliance_form is linked to.

object

Details used to fille out the PCI Self-Assessment Questionnaire (SAQ).

state
string

The state of the compliance_form.

Enum: "PENDING" "COMPLETED" "INVALID" "INCOMPLETE"
object

Key value pair for annotating custom meta data (e.g. order numbers).

type
string

Type of compliance_form. There is one available value: PCI_SAQ_A.

Value: "PCI_SAQ_A"
updated_at
string <date-time>

Timestamp of when the object was last updated.

valid_from
string <date-time>

Timestamp of when the compliance_form becomes active and valid.

valid_until
string

Timestamp of when the compliance_form is no longer active and valid.

401

Authentication information is missing or invalid

403

Forbidden

404

Object does not exist

406

Not Acceptable

get/compliance_forms/{compliance_forms_id}
Request samples
Response samples
application/json
{
  • "id": "cf_fEojUGLjwUiqNTBp68JWq8",
  • "created_at": "2022-06-22T01:20:12.439149Z",
  • "updated_at": "2022-07-06T17:32:00.328699Z",
  • "linked_to": "MUfnskvHiiDgP7x3TVL2LkG3",
  • "linked_type": "MERCHANT",
  • "type": "PCI_SAQ_A",
  • "version": "2018.5",
  • "valid_from": "2022-06-22T01:20:12.978825Z",
  • "valid_until": "2023-06-22T01:20:12.97883Z",
  • "tags": { },
  • "pci_saq_a": {
    • "name": null,
    • "signed_at": null,
    • "user_agent": null,
    • "ip_address": null,
    • "is_accepted": false,
    • "title": null
    },
  • "due_at": "2022-09-20T01:20:12.430835Z",
  • "compliance_form_template": "cft_wua8ua1yLAcHRK9mx2mF9K",
  • "files": {
    • "unsigned_file": "FILE_fFGMCY4sxGYTqpjnXh54kC",
    • "signed_file": null
    },
  • "state": "INCOMPLETE"
}

Complete Compliance Forms

As part of onboarding your users, you'll need to build a UI experience that allows users to complete the PCI compliance_form and download the form as a PDF if requested.

For more information, see Managing Compliance Forms.

Request
path Parameters
compliance_forms_id
required
string

ID of the compliance_form.

Request Body schema: application/json
object

Details used to fille out the PCI Self-Assessment Questionnaire.

Responses
200

Example response

Response Schema: application/json
compliance_form_template
string

Template linked to this compliance_form.

created_at
string <date-time>

Timestamp of when the object was created.

due_at
string <date-time>

Timestamp of when the compliance_form must be completed by.

object

Details about the File resoruce where the compliance_form was uploaded.

id
string

ID of the compliance_form.

linked_to
string

The ID of the merchant linked to the compliance_form.

linked_type
string

The type of resource this compliance_form is linked to.

object

Details used to fille out the PCI Self-Assessment Questionnaire (SAQ).

state
string

The state of the compliance_form.

Enum: "PENDING" "COMPLETED" "INVALID" "INCOMPLETE"
object

Key value pair for annotating custom meta data (e.g. order numbers).

type
string

Type of compliance_form. There is one available value: PCI_SAQ_A.

Value: "PCI_SAQ_A"
updated_at
string <date-time>

Timestamp of when the object was last updated.

valid_from
string <date-time>

Timestamp of when the compliance_form becomes active and valid.

valid_until
string

Timestamp of when the compliance_form is no longer active and valid.

401

Authentication information is missing or invalid

403

Forbidden

404

Object does not exist

406

Not Acceptable

422

Invalid field

put/compliance_forms/{compliance_forms_id}
Request samples
Response samples
application/json
{
  • "id": "cf_fEojUGLjwUiqNTBp68JWq8",
  • "created_at": "2022-06-22T01:20:12.439149Z",
  • "updated_at": "2022-07-06T17:32:00.328699Z",
  • "linked_to": "MUfnskvHiiDgP7x3TVL2LkG3",
  • "linked_type": "MERCHANT",
  • "type": "PCI_SAQ_A",
  • "version": "2018.5",
  • "valid_from": "2022-06-22T01:20:12.978825Z",
  • "valid_until": "2023-06-22T01:20:12.97883Z",
  • "tags": { },
  • "pci_saq_a": {
    • "name": "John Booker",
    • "signed_at": "2022-03-18T16:42:55Z",
    • "user_agent": "Mozilla 5.0(Macintosh; IntelMac OS X 10 _14_6)",
    • "ip_address": "42.1.1.113",
    • "is_accepted": true,
    • "title": "CTO"
    },
  • "due_at": "2022-09-20T01:20:12.430835Z",
  • "compliance_form_template": "cft_wua8ua1yLAcHRK9mx2mF9K",
  • "files": {
    • "unsigned_file": "FILE_fFGMCY4sxGYTqpjnXh54kC",
    • "signed_file": null
    },
  • "state": "INCOMPLETE"
}