> ## Documentation Index
> Fetch the complete documentation index at: https://docs.whop.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Handle RFIs

> Respond when a provider needs additional information like a bank statement, tax ID, or business website.

After a user is verified, a downstream provider may request additional information before the user can transact. These show up as **RFIs** (Requests for Information) in the verification response.

## How RFIs work

<Steps>
  <Step title="Provider requests info">
    A payout provider flags that they need something — a bank statement, tax ID, proof of address, etc. The verification status changes to `action_required`.
  </Step>

  <Step title="You read the RFI">
    Call `GET /api/v1/verifications?account_id={biz_ tag}`. The `rfis` array on each verification tells you what's needed, what type of response to collect, and a human-readable description.
  </Step>

  <Step title="You collect and submit">
    Get the info from your user and send it back via `PATCH /api/v1/verifications/{id}` with an `rfis` array. We route it to the provider.
  </Step>

  <Step title="Provider clears the RFI">
    Once all RFIs are resolved, the status goes back to `approved` and the user can transact again.
  </Step>
</Steps>

## Reading RFIs

```bash cURL theme={null}
curl "https://api.whop.com/api/v1/verifications?account_id=biz_xxxxxxxxxxxxx" \
  -H "Authorization: Bearer $WHOP_API_KEY"
```

When RFIs are outstanding, the verification looks like:

```json theme={null}
{
  "id": "idpf_xxxxxxxxxxxxx",
  "status": "action_required",
  "rfis": [
    {
      "id": "pacta_xxxxxxxxxxxxx",
      "status": "outstanding",
      "type": "files",
      "description": "Payout Destination Verification",
      "error_message": null,
      "requested_files": [
        { "category": "payout_verification_document", "kind": "Bank Statement", "is_optional": false }
      ],
      "created_at": "2026-06-04T10:00:00Z"
    }
  ]
}
```

### RFI fields

| Field             | Description                                                                                                                                                                                                                               |
| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `id`              | The RFI identifier — use this when responding                                                                                                                                                                                             |
| `status`          | `outstanding` (new request) or `invalid` (a previous submission was rejected, resubmit)                                                                                                                                                   |
| `type`            | What to collect: `text`, `files`, `address`, `date`, `phone`                                                                                                                                                                              |
| `description`     | Human-readable label. May be generic (e.g. "Payout Destination Verification") — for file RFIs, see `requested_files` for the specific document.                                                                                           |
| `error_message`   | Why a previous submission was rejected (only when `invalid`)                                                                                                                                                                              |
| `requested_files` | For file RFIs (`type: files`): the documents to provide. Each entry has a `kind` and `category` you pass back when uploading, and `is_optional` (when more than one is accepted, any one satisfies the request). Empty for non-file RFIs. |

Only open requests are returned in the `rfis` array. After you respond to an RFI it leaves the list, so any RFI still present means action is owed. The verification stays `action_required` until all RFIs are resolved.

## Responding to RFIs

Send a `PATCH` to the verification's `idpf_` tag with an `rfis` array. Each entry needs the RFI `id` and a response matching the `type`.

### Text value

For website URLs, business descriptions, tax IDs:

```bash cURL theme={null}
curl -X PATCH https://api.whop.com/api/v1/verifications/idpf_xxxxxxxxxxxxx \
  -H "Authorization: Bearer $WHOP_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "rfis": [
      { "id": "pacta_xxxxxxxxxxxxx", "value": "https://mycompany.com" }
    ]
  }'
```

### File upload

For bank statements, ID documents, proof of address. Use the `category` and `kind` straight from the RFI's `requested_files` so the upload matches what the provider asked for:

```bash cURL theme={null}
curl -X PATCH https://api.whop.com/api/v1/verifications/idpf_xxxxxxxxxxxxx \
  -H "Authorization: Bearer $WHOP_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "rfis": [
      {
        "id": "pacta_xxxxxxxxxxxxx",
        "files": [{
          "category": "payout_verification_document",
          "kind": "Bank Statement",
          "direct_upload_id": "upload_xxxxxxxxxxxxx"
        }]
      }
    ]
  }'
```

### Sensitive data

SSNs can be submitted like any other value — they are tokenized in transit
before reaching Whop's systems, and only the tokenized reference is ever
stored:

```bash cURL theme={null}
curl -X PATCH https://api.whop.com/api/v1/verifications/idpf_xxxxxxxxxxxxx \
  -H "Authorization: Bearer $WHOP_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "rfis": [
      { "id": "pacta_xxxxxxxxxxxxx", "value": "123-45-6789" }
    ]
  }'
```

If you already tokenize values yourself (Basis Theory), pass the token id with
`value_type: "vault_token"` instead.

## Common RFIs

| What they ask for    | `type`  | What to submit                              |
| -------------------- | ------- | ------------------------------------------- |
| Bank statement       | `files` | PDF or image of a recent statement          |
| Business website     | `text`  | A URL                                       |
| EIN                  | `text`  | `XX-XXXXXXX` format                         |
| SSN                  | `text`  | `XXX-XX-XXXX` format (tokenized in transit) |
| Proof of address     | `files` | Utility bill or bank statement              |
| Business description | `text`  | What the business does                      |
