Resolve compliance team requests so your application can proceed to approval.
List RFI bundles to see what’s needed, update the requested fields or documents,
respond with comments, and resubmit the application.
The End User Onboarding API base URL is https://api-sandbox.circle.com for
sandbox and https://api.circle.com for production. All requests require a
Bearer token obtained via Circle key exchange in the Authorization header. All
POST requests require an X-Idempotency-Key header with a client-generated
UUID v4.
Prerequisites
Before you begin, ensure that you’ve:
- Obtained an API key for the End User Onboarding API from the
CPN Console.
- Confirmed your application is in
PENDING_CUSTOMER_INFORMATION status. See
Application states
for the full lifecycle.
Steps
Step 1. List RFI bundles
When an application moves to PENDING_CUSTOMER_INFORMATION, the pendingRfis
array on the application response contains the bundle IDs. List all bundles:
curl --request GET \
--url https://api-sandbox.circle.com/v1/onboarding/partner/applications/${APPLICATION_ID}/rfis \
--header "Authorization: Bearer ${YOUR_API_KEY}"
{
"data": {
"bundles": [
{
"bundleId": "660e8400-e29b-41d4-a716-446655440010",
"status": "PUBLISHED",
"createdAt": "2026-03-26T10:00:00Z",
"rfis": [
{
"rfiId": "770e8400-e29b-41d4-a716-446655440011",
"section": "beneficial_owners",
"field": "passport_document",
"type": "COLLECT_DOCUMENT",
"status": "PENDING",
"systemComment": "Document is illegible. Please upload a clearer copy.",
"createdAt": "2026-03-26T10:00:00Z"
}
]
}
]
}
}
section and field that needs attention. The
systemComment explains what the compliance team requires.
Retrieve the full detail for a specific RFI, including any prior comments:
curl --request GET \
--url https://api-sandbox.circle.com/v1/onboarding/partner/applications/${APPLICATION_ID}/rfis/${RFI_ID} \
--header "Authorization: Bearer ${YOUR_API_KEY}"
Step 3. Update the requested data
For RFIs with type UPDATE_FIELD or NEW_FIELD, submit the corrected field
data directly to the RFI:
curl --request PATCH \
--url https://api-sandbox.circle.com/v1/onboarding/partner/applications/${APPLICATION_ID}/rfis/${RFI_ID} \
--header "Authorization: Bearer ${YOUR_API_KEY}" \
--header 'Content-Type: application/json' \
--data '{
"businessWebsite": "https://example.com"
}'
datumName from the RFI detail response. The API
validates the value against the application schema and marks the RFI as
responded.
For RFIs with type COLLECT_DOCUMENT, re-upload the document instead. See
Upload documents
for the upload workflow.
Add a comment to an RFI to communicate with the compliance team:
curl --request POST \
--url https://api-sandbox.circle.com/v1/onboarding/partner/applications/${APPLICATION_ID}/rfis/${RFI_ID}/comments \
--header "Authorization: Bearer ${YOUR_API_KEY}" \
--header 'Content-Type: application/json' \
--header 'X-Idempotency-Key: ${IDEMPOTENCY_KEY}' \
--data '{
"content": "Updated the field as requested."
}'
Step 5. Resubmit the application
After you address all open RFIs, resubmit the application so it moves back to
SUBMITTED for another round of review:
curl --request POST \
--url https://api-sandbox.circle.com/v1/onboarding/partner/applications/${APPLICATION_ID}/submit \
--header "Authorization: Bearer ${YOUR_API_KEY}" \
--header 'Content-Type: application/json' \
--header 'X-Idempotency-Key: ${IDEMPOTENCY_KEY}' \
--data '{
"endUserIpAddress": "203.0.113.42",
"endUserAgreesToTermsOfService": true
}'
certificationIds, see
Submit and track applications.
See also
