RFI

Respond programmatically when BlindPay's compliance team needs additional documentation from a customer.

What it is

A Request for Information (RFI) is how BlindPay's compliance team asks for missing or clarifying details when a customer's KYC or KYB review is incomplete. Instead of rejecting the application, BlindPay pauses it, attaches a list of fields the customer needs to fill in, and notifies you so you can collect the response from your customer.

This page covers the API integration. For a non-technical walkthrough, see the Requests for Information guide.

How it works

  1. Create a customer. Their kyc_status starts as verifying.
  2. Listen for the customer.update webhook. When compliance opens an RFI, you receive an event with kyc_status: compliance_request.
  3. GET /v1/.../rfi to fetch the open RFI and the list of fields the customer needs to fill in.
  4. Collect the fields from your customer through your own UI.
  5. POST /v1/.../rfi to submit the response in a single shot.
  6. Listen for customer.update again. The kyc_status flips back to verifying while BlindPay re-reviews.
  7. Wait for the final webhook. The customer ends up approved, rejected, or back in compliance_request if compliance needs another round.

While the customer is in compliance_request, payouts and payins cannot be created for them.

KYC status

The compliance_request status extends the set documented on the Customers page:

  • verifying: Initial review or post-RFI re-review
  • approved: KYC has been verified
  • rejected: KYC has been rejected (final)
  • compliance_request: An RFI is open and the customer is waiting for your response

Deadline

When an RFI is opened, the customer has 27 days to respond. If no submission arrives within that window, BlindPay automatically rejects the customer. The deadline is included as expires_at in the RFI payload, and every new RFI starts a fresh window.

There can only be one open RFI per customer at a time. If compliance needs another round, a new RFI is created after the previous one is reviewed.

RFI status

The status field on an RFI object reflects its lifecycle:

StatusMeaning
pendingThe RFI is open and waiting for a response. The customer is in compliance_request.
submittedThe response has been received. The customer is back in verifying.
expiredThe 27-day deadline passed without a submission. The customer was auto-rejected.
cancelledCompliance cancelled the RFI. The customer was restored to its prior status.

Endpoints

MethodPathDescription
GET/v1/instances/{instance_id}/customers/{customer_id}/rfiFetch the open (pending) RFI, or 404.
POST/v1/instances/{instance_id}/customers/{customer_id}/rfiSubmit the response as a flat object.

Prerequisites

Before you start, you need to:
  1. Create an account on BlindPay
  2. Create a development instance
  3. Create your API key

Receive the webhook

Subscribe to the customer.update webhook. When a customer enters or leaves compliance_request, you receive a payload with the new status:

JSON

Fetch the open RFI

Remember: replace YOUR_SECRET_TOKEN with your API key and in_000000000000 with your instance ID, and re_000000000000 with your customer ID.
Bash

Returns the open RFI, or 404 if none is open for this customer:

JSON

Request schema

The request field is an array of sections. Each section is a self-contained question with a title, a description written by compliance, and one or more fields the customer must fill in.

PropertyTypeDescription
titlestringSection heading shown above the inputs.
descriptionstringCompliance's prompt to the customer. Render verbatim.
supporting_documentstringOptional. URL to a template or example document (e.g. a Google Drive link).
fieldsField[]The inputs to render and collect.

Each entry in fields:

PropertyTypeDescription
keystringUnique key within the RFI. This is the key you must use in the response body.
labelstringThe label to show above the input.
requiredbooleanIf true, the field must be present and non-empty in the response.
regexstringOptional. A regex pattern that the response value must match.
items{ label: string, value: string }[]Optional. If present, the field is a dropdown and the response must be one of the provided values.
multiplebooleanOptional. If true, the field accepts an array of URLs (multiple file uploads).

For any file upload field, use the Upload endpoint to host the file and submit the resulting URL.

Submit a response

The response is a flat object keyed by field.key. There is no rfi_id in the URL because there's only ever one open RFI per customer.

The submission is single-shot. All required fields must be included in one request. There is no partial save, so a submission missing required fields is rejected with 400.

Bash

Response:

JSON

Validation

The body is validated dynamically against the stored request.fields[]:

  • required fields must be present and non-empty
  • regex is applied to the value as a RegExp test
  • multiple: true requires a string[] of URLs (max 20)
  • Unknown keys (not declared in the request) are rejected

A validation failure returns 400 with details about the offending key.

After submission

Once submitted, customer.update fires with kyc_status: "verifying" while BlindPay re-reviews. After re-review you receive one of:

  • kyc_status: "approved" if the customer passed
  • kyc_status: "rejected" if the customer failed
  • kyc_status: "compliance_request" if a new RFI was opened. Repeat from Receive the webhook.

If the 27-day window elapses without a submission, customer.update fires with kyc_status: "rejected" for the auto-rejection.

Previous
Customers
Next
Bank Accounts