Skip to main content
After a user is verified, a downstream provider may request additional information before the user can transact. These show up as RFIs (Requests for Information) in the verification response.

How RFIs work

1

Provider requests info

A payout provider flags that they need something — a bank statement, tax ID, proof of address, etc. The verification status changes to action_required.
2

You read the RFI

Call GET /api/v1/verifications?account_id={biz_ tag}. The rfis array on each verification tells you what’s needed, what type of response to collect, and a human-readable description.
3

You collect and submit

Get the info from your user and send it back via PATCH /api/v1/verifications/{id} with an rfis array. We route it to the provider.
4

Provider clears the RFI

Once all RFIs are resolved, the status goes back to approved and the user can transact again.

Reading RFIs

cURL
curl "https://api.whop.com/api/v1/verifications?account_id=biz_xxxxxxxxxxxxx" \
  -H "Authorization: Bearer $WHOP_API_KEY"
When RFIs are outstanding, the verification looks like: 
{
  "id": "idpf_xxxxxxxxxxxxx",
  "status": "action_required",
  "rfis": [
    {
      "id": "pacta_xxxxxxxxxxxxx",
      "status": "outstanding",
      "type": "files",
      "description": "Payout Destination Verification",
      "error_message": null,
      "requested_files": [
        { "category": "payout_verification_document", "kind": "Bank Statement", "is_optional": false }
      ],
      "created_at": "2026-06-04T10:00:00Z"
    }
  ]
}

RFI fields

FieldDescription
idThe RFI identifier — use this when responding
statusoutstanding (new request) or invalid (a previous submission was rejected, resubmit)
typeWhat to collect: text, files, address, date, phone
descriptionHuman-readable label. May be generic (e.g. “Payout Destination Verification”) — for file RFIs, see requested_files for the specific document.
error_messageWhy a previous submission was rejected (only when invalid)
requested_filesFor file RFIs (type: files): the documents to provide. Each entry has a kind and category you pass back when uploading, and is_optional (when more than one is accepted, any one satisfies the request). Empty for non-file RFIs.
Only open requests are returned in the rfis array. After you respond to an RFI it leaves the list, so any RFI still present means action is owed. The verification stays action_required until all RFIs are resolved.

Responding to RFIs

Send a PATCH to the verification’s idpf_ tag with an rfis array. Each entry needs the RFI id and a response matching the type.

Text value

For website URLs, business descriptions, tax IDs:
cURL
curl -X PATCH https://api.whop.com/api/v1/verifications/idpf_xxxxxxxxxxxxx \
  -H "Authorization: Bearer $WHOP_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "rfis": [
      { "id": "pacta_xxxxxxxxxxxxx", "value": "https://mycompany.com" }
    ]
  }'

File upload

For bank statements, ID documents, proof of address. Use the category and kind straight from the RFI’s requested_files so the upload matches what the provider asked for:
cURL
curl -X PATCH https://api.whop.com/api/v1/verifications/idpf_xxxxxxxxxxxxx \
  -H "Authorization: Bearer $WHOP_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "rfis": [
      {
        "id": "pacta_xxxxxxxxxxxxx",
        "files": [{
          "category": "payout_verification_document",
          "kind": "Bank Statement",
          "direct_upload_id": "upload_xxxxxxxxxxxxx"
        }]
      }
    ]
  }'

Sensitive data

SSNs can be submitted like any other value — they are tokenized in transit before reaching Whop’s systems, and only the tokenized reference is ever stored:
cURL
curl -X PATCH https://api.whop.com/api/v1/verifications/idpf_xxxxxxxxxxxxx \
  -H "Authorization: Bearer $WHOP_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "rfis": [
      { "id": "pacta_xxxxxxxxxxxxx", "value": "123-45-6789" }
    ]
  }'
If you already tokenize values yourself (Basis Theory), pass the token id with value_type: "vault_token" instead.

Common RFIs

What they ask fortypeWhat to submit
Bank statementfilesPDF or image of a recent statement
Business websitetextA URL
EINtextXX-XXXXXXX format
SSNtextXXX-XX-XXXX format (tokenized in transit)
Proof of addressfilesUtility bill or bank statement
Business descriptiontextWhat the business does