RFI | BlindPay Docs

Programmatically respond when BlindPay's compliance team needs additional documentation from a receiver.

What is an RFI?

A Request for Information (RFI) is how BlindPay's compliance team asks for missing or clarifying details when a receiver's KYC or KYB review is incomplete. Instead of rejecting the application, we pause it, attach a list of fields the receiver needs to fill in, and notify you so you can collect the response from your customer.

This page covers the API integration. For a non-technical walkthrough, see the Requests for Information guide.

Integration flow

Create a receiver. Their kyc_status starts as verifying.
Listen for the receiver.update webhook. When compliance opens an RFI, you receive an event with kyc_status: compliance_request.
GET /v1/.../rfi to fetch the open RFI and the list of fields the receiver needs to fill in.
Collect the fields from your customer through your own UI.
POST /v1/.../rfi to submit the response in a single shot.
Listen for receiver.update again. The kyc_status flips back to verifying while BlindPay re-reviews.
Wait for the final webhook. The receiver ends up approved, rejected, or back in compliance_request if compliance needs another round.

While the receiver is in compliance_request, payouts and payins cannot be created for them.

KYC status

The compliance_request status extends the set documented on the Receivers page:

verifying: Initial review or post-RFI re-review
approved: KYC has been verified
rejected: KYC has been rejected (final)
compliance_request: An RFI is open and the receiver is waiting for your response

Deadline

When an RFI is opened, the receiver has 27 days to respond. If no submission arrives within that window, BlindPay automatically rejects the receiver. The deadline is included as expires_at in the RFI payload, and every new RFI starts a fresh window.

There can only be one open RFI per receiver at a time. If compliance needs another round, a new RFI is created after the previous one is reviewed.

Receiving the webhook

Subscribe to the receiver.update webhook. When a receiver enters or leaves compliance_request, you receive a payload with the new status:

Fetching the open RFI

Remember: replace YOUR_SECRET_TOKEN with your API key, in_000000000000 with your instance ID and re_000000000000 with the receiver ID from the webhook.

Returns the open RFI, or 404 if none is open for this receiver:

Request schema

The request field is an array of sections. Each section is a self-contained question with a title, a description written by compliance, and one or more fields the receiver must fill in.

Section

Property	Type	Description
`title`	`string`	Section heading shown above the inputs.
`description`	`string`	Compliance's prompt to the customer. Render verbatim.
`supporting_document`	`string`	Optional. URL to a template or example document (e.g. a Google Drive link).
`fields`	`Field[]`	The inputs to render and collect.

Field

Property	Type	Description
`key`	`string`	Unique key within the RFI. This is the key you must use in the response body.
`label`	`string`	The label to show above the input.
`required`	`boolean`	If `true`, the field must be present and non-empty in the response.
`regex`	`string`	Optional. A regex pattern that the response value must match.
`items`	`{ label: string, value: string }[]`	Optional. If present, the field is a dropdown and the response must be one of the provided `value`s.
`multiple`	`boolean`	Optional. If `true`, the field accepts an array of URLs (multiple file uploads).

For any file upload field, use the Upload endpoint to host the file and submit the resulting URL.

Submitting a response

The response is a flat object keyed by field.key. There is no rfi_id in the URL because there's only ever one open RFI per receiver.

The submission is single-shot. All required fields must be included in one request. There is no partial save, so a submission missing required fields is rejected with 400.

Response:

Validation

The body is validated dynamically against the stored request.fields[]:

required fields must be present and non-empty
regex is applied to the value as a RegExp test
multiple: true requires a string[] of URLs (max 20)
Unknown keys (not declared in the request) are rejected

A validation failure returns 400 with details about the offending key.

After submission

Once submitted, receiver.update fires with kyc_status: "verifying" while BlindPay re-reviews. After re-review you receive one of:

kyc_status: "approved" if the receiver passed
kyc_status: "rejected" if the receiver failed
kyc_status: "compliance_request" if a new RFI was opened. Repeat from Receiving the webhook.

If the 27-day window elapses without a submission, receiver.update fires with kyc_status: "rejected" for the auto-rejection.

Endpoints

Method	Path	Description
`GET`	`/v1/instances/{instance_id}/receivers/{receiver_id}/rfi`	Fetch the open (pending) RFI, or `404`.
`POST`	`/v1/instances/{instance_id}/receivers/{receiver_id}/rfi`	Submit the response as a flat object.

RFI status

The status field on an RFI object reflects its lifecycle:

Status	Meaning
`pending`	The RFI is open and waiting for a response. The receiver is in `compliance_request`.
`submitted`	The response has been received. The receiver is back in `verifying`.
`expired`	The 27-day deadline passed without a submission. The receiver was auto-rejected.
`cancelled`	Compliance cancelled the RFI. The receiver was restored to its prior status.