Compliance Forms

To process payments, your users need to validate compliance with PCI DSS annually. Users validate compliance by completing a Self-Assessment Questionnaire (SAQ). You can complete this questionnaire on behalf of your users using Finix's API.

Users include any entity that stores, processes, or transmits credit card data. For more information about PCI compliance, see PCI DSS Compliance.

Related Guides: Managing PCI Compliance, PCI DSS Compliance

View Compliance Forms

A webhook notifies you when Finix creates a compliance_form.

Use the ID in the webhook to fetch the compliance_form resource from the /compliance_forms/:COMPLIANCE_FORM_ID: endpoint.

Request

path Parameters

compliance_forms_id

required

string

ID of the compliance_form.

Responses

200

Example response

401

Authentication information is missing or invalid

403

Forbidden

404

Object does not exist

406

Not Acceptable

get/compliance_forms/{compliance_forms_id}

Request samples

curl

curl https://finix.sandbox-payments-api.com/compliance_forms/cf_fEojUGLjwUiqNTBp68JWq8 \
  -H "Content-Type: application/vnd.api+json" \
  -u USsRhsHYZGBPnQw8CByJyEQW:8a14c2f9-d94b-4c72-8f5c-a62908e5b30e \
  -X GET

Response samples

application/json

{"id": "cf_fEojUGLjwUiqNTBp68JWq8",
"created_at": "2022-06-22T01:20:12.439149Z",
"updated_at": "2022-07-06T17:32:00.328699Z",
"compliance_form_template": "cft_wua8ua1yLAcHRK9mx2mF9K",
"due_at": "2022-09-20T01:20:12.430835Z",
"files": {"signed_file": null,
"unsigned_file": "FILE_fFGMCY4sxGYTqpjnXh54kC"
},
"linked_to": "MUfnskvHiiDgP7x3TVL2LkG3",
"linked_type": "MERCHANT",
"pci_saq_a": {"ip_address": null,
"is_accepted": false,
"name": null,
"signed_at": null,
"title": null,
"user_agent": null
},
"state": "INCOMPLETE",
"tags": { },
"type": "PCI_SAQ_A",
"valid_from": "2022-06-22T01:20:12.978825Z",
"valid_until": "2023-06-22T01:20:12.97883Z",
"version": "2018.5"
}

Complete Compliance Forms

As part of onboarding your users, you'll need to build a UI experience that allows users to complete the PCI compliance_form and download the form as a PDF if requested.

For more information, see Managing Compliance Forms.

Request

path Parameters

compliance_forms_id

required

string

ID of the compliance_form.

Request Body schema: application/json

object

Details used to fille out the PCI Self-Assessment Questionnaire.

Responses

200

Example response

401

Authentication information is missing or invalid

403

Forbidden

404

Object does not exist

406

Not Acceptable

422

Invalid field

put/compliance_forms/{compliance_forms_id}

Request samples

curl

curl https://finix.sandbox-payments-api.com/compliance_forms/cf_fEojUGLjwUiqNTBp68JWq8 \
  -H "Content-Type: application/json" \
  -u USsRhsHYZGBPnQw8CByJyEQW:8a14c2f9-d94b-4c72-8f5c-a62908e5b30e \
  -X PUT \
  -d '
  {
    "pci_saq_a": {
      "ip_address": "42.1.1.113",
      "name": "John Smith",
      "signed_at": "2022-03-18T16:42:55Z",
      "title": "CTO",
      "user_agent": "Mozilla 5.0(Macintosh; IntelMac OS X 10 _14_6)"
    }
  }'

Response samples

application/json

{"id": "cf_fEojUGLjwUiqNTBp68JWq8",
"created_at": "2022-06-22T01:20:12.439149Z",
"updated_at": "2022-07-06T17:32:00.328699Z",
"compliance_form_template": "cft_wua8ua1yLAcHRK9mx2mF9K",
"due_at": "2022-09-20T01:20:12.430835Z",
"files": {"signed_file": null,
"unsigned_file": "FILE_fFGMCY4sxGYTqpjnXh54kC"
},
"linked_to": "MUfnskvHiiDgP7x3TVL2LkG3",
"linked_type": "MERCHANT",
"pci_saq_a": {"ip_address": "42.1.1.113",
"is_accepted": true,
"name": "John Booker",
"signed_at": "2022-03-18T16:42:55Z",
"title": "CTO",
"user_agent": "Mozilla 5.0(Macintosh; IntelMac OS X 10 _14_6)"
},
"state": "INCOMPLETE",
"tags": { },
"type": "PCI_SAQ_A",
"valid_from": "2022-06-22T01:20:12.978825Z",
"valid_until": "2023-06-22T01:20:12.97883Z",
"version": "2018.5"
}

List Compliance Forms

Retrieves a list of Compliance Forms.

Request

query Parameters

state

string

Filter by the state of the Compliance Form.

Enum: "INCOMPLETE" "COMPLETE"

Responses

200

List of Compliance Form objects.

401

Authentication information is missing or invalid

403

Forbidden

404

Object does not exist

406

Not Acceptable

get/compliance_forms

Request samples

curl

curl 'https://finix.sandbox-payments-api.com/compliance_forms?state=INCOMPLETE' \
    -H "Content-Type: application/vnd.json+api" \
    -H 'Finix-Version:2022-02-01' \
    -u  USj46WbwgnjapmdYFnEDP3Ec:b9b4042c-9621-438d-a84b-8557d4bda84d

Response samples

application/json

{"_embedded": {"compliance_forms": [{"id": "string",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"application_id": "APdoThHn4jjYUSxQf76txAgg",
"compliance_form_template": "string",
"due_at": "2019-08-24T14:15:22Z",
"files": {"signed_file": "string",
"unsigned_file": "string"
},
"linked_to": "string",
"linked_type": "string",
"pci_saq_a": {"ip_address": "string",
"is_accepted": true,
"name": "string",
"signed_at": "string",
"title": "string",
"user_agent": "string"
},
"state": "INCOMPLETE",
"tags": { },
"type": "PCI_SAQ_A",
"valid_from": "2019-08-24T14:15:22Z",
"valid_until": "string",
"version": "string"
}
]
},
"_links": {"next": {"href": "string"
},
"self": {"href": "string"
}
},
"page": {"limit": 0,
"next_cursor": "string"
}
}