Upload Onboarding Files - Modulus Labs API

Overview

Uploads business documents required for merchant onboarding and KYC (Know Your Customer) verification. This endpoint accepts multiple document types including valid IDs, business permits, certificates, and supporting documents.

Binary File Upload Required: This endpoint expects actual binary file content via multipart/form-data. Do NOT send base64-encoded strings, file paths, or URLs. Upload the actual file data using proper multipart form encoding.

Rate Limiting: Maximum 5 requests per 60 seconds to prevent abuse.

Security: This endpoint implements OWASP File Upload Cheat Sheet best practices including file extension validation, MIME type validation, content validation using magic bytes, file size limits, and secure storage in S3 with UUID naming.

Authentication

This endpoint requires JWT Bearer Token authentication.

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Authorization Rules

User Role	Allowed Actions
Regular User/Merchant	Can only upload files for their own account (merchantId must match authenticated user)
Super Admin	Can upload files on behalf of any merchant

Path Parameters

merchantId

string

required

The merchant’s account IDFormat: Numeric string (digits only)Pattern: ^\d+$Example: "12345"

Must match the authenticated user’s account ID unless the user is a Super Admin.

Request Body

Content-Type: This endpoint requires multipart/form-data encoding. Each field should contain the actual binary file content, not strings, URLs, or base64-encoded data.

This endpoint accepts binary file uploads via multipart/form-data. When uploading files, ensure you’re using proper file upload mechanisms in your programming language (e.g., fs.createReadStream() in Node.js, open() in Python, CURLFile in PHP) rather than sending text or encoded strings.

File Requirements

Allowed Formats

JPEG, JPG, PNG, PDF

File Size Limit

25MB per file maximum

File Name Length

255 characters maximum

Validation Levels

Extension, MIME type, and magic bytes

Required Documents by Business Type

STARTER

Required Documents (6 total):

Valid ID(s) of Signatory
Photo of store with store name
Barangay Business Permit
Incorporator’s Government Issued ID
Signatory’s Government Issued ID
Authorized Representative Government Issued ID

Purpose: For small businesses and micro-enterprises starting their operations.

SOLE_PROPRIETOR

Required Documents (5 total):

Valid ID(s) of Signatory
Incorporator’s Government Issued ID
Signatory’s Government Issued ID
Authorized Representative Government Issued ID
Either of the two:
- Business/Mayor’s Permit OR
- BIR Certificate of Registration (2303)

Purpose: For businesses owned and operated by a single individual.

PARTNERSHIP

Required Documents (9 total):

Valid ID(s) of Signatory
Incorporator’s Government Issued ID
Signatory’s Government Issued ID
Authorized Representative Government Issued ID
List of Goods/Services sold with Pricing
Refund and Refund Policy
Fulfillment Policy
Privacy Policy
At least one of the following:
- Business/Mayor’s Permit OR
- BIR Certificate of Registration (2303) OR
- SEC Registration Certificate

Optional Documents:

AOI and By-Laws
Secretary’s Certificate

Purpose: For businesses owned by two or more partners.

CORPORATION

Required Documents (10 total):

Valid ID(s) of Signatory
Incorporator’s Government Issued ID
Signatory’s Government Issued ID
Authorized Representative Government Issued ID
List of Goods/Services sold with Pricing
Refund and Refund Policy
Fulfillment Policy
Privacy Policy
At least one of the following:
- Mayor’s or Business Permit OR
- BIR Certificate 2303 OR
- SEC Certificate
Either of the two:
- Article of Partnership/Incorporation (AOI) and By-Laws OR
- General Information Sheet (GIS)
Secretary’s Certificate (mandatory for Corporation)

Purpose: For registered corporations and incorporated entities.

Document Fields

Each document type supports front, back, and signature images where applicable. All fields accept arrays to support multiple file uploads.

Valid IDs

idsOfValidSignatories

file

Valid government-issued IDs of authorized signatories (front side)Required for: All business typesType: Binary file upload (not string)Accepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per fileExamples: Driver’s License, Passport, National ID, SSS ID, TIN ID

Upload the actual image/PDF file, not a file path, URL, or base64 string

idsOfValidSignatoriesBack

file

Back side of valid IDsType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

idsOfValidSignatoriesSignature

file

Signature specimen from valid IDsType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

Mayor’s Permit / Business Permit

mayorsOrBusinessPermit

file

Mayor’s Permit or Business Permit (front)Required for: SOLE_PROPRIETOR, PARTNERSHIP, CORPORATION (one of three options)Type: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

mayorsOrBusinessPermitBack

file

Back side of Mayor’s/Business PermitType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

mayorsOrBusinessPermitSignature

file

Signature page of Mayor’s/Business PermitType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

BIR Certificate 2303

birCert2303

file

BIR Certificate of Registration (Form 2303) - frontRequired for: SOLE_PROPRIETOR (alternative), PARTNERSHIP/CORPORATION (one of three options)Type: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

birCert2303Back

file

Back side of BIR Certificate 2303Type: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

birCert2303Signature

file

Signature page of BIR Certificate 2303Type: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

SEC Certificate

secCert

file

SEC (Securities and Exchange Commission) Certificate - frontRequired for: PARTNERSHIP, CORPORATION (one of three options)Type: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

secCertBack

file

Back side of SEC CertificateType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

secCertSignature

file

Signature page of SEC CertificateType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

General Information Sheet (GIS)

gis

file

General Information Sheet - frontRequired for: CORPORATION (alternative to AOI/By-Laws)Type: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

gisBack

file

Back side of GISType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

gisSignature

file

Signature page of GISType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

Articles of Incorporation and By-Laws

aoiAndByLaws

file

Articles of Incorporation and By-Laws - frontRequired for: CORPORATION (alternative to GIS)Optional for: PARTNERSHIPType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

aoiAndByLawsBack

file

Back side of AOI and By-LawsType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

aoiAndByLawsSignature

file

Signature page of AOI and By-LawsType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

Secretary’s Certificate

secretarysCert

file

Secretary’s Certificate - frontRequired for: CORPORATIONOptional for: PARTNERSHIPType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

secretarysCertBack

file

Back side of Secretary’s CertificateType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

secretarysCertSignature

file

Signature page of Secretary’s CertificateType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

Barangay Business Permit

barangayBusinessPermit

file

Barangay Business Permit - frontRequired for: STARTER business typeType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

barangayBusinessPermitBack

file

Back side of Barangay Business PermitType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

barangayBusinessPermitSignature

file

Signature page of Barangay Business PermitType: Binary file uploadAccepted formats: JPEG, JPG, PNG, PDFMax size: 25MB per file

Store Photo

storePhoto

file

Photo of the store/business establishmentRequired for: STARTER business typeRequirements: Must show visible store name/signageType: Binary file uploadAccepted formats: JPEG, JPG, PNGMax size: 25MB per file

Code Examples

BEARER_TOKEN="your_jwt_token_here"
MERCHANT_ID="12345"

curl -X POST "https://kyc.sbx.moduluslabs.io/v2/onboard/${MERCHANT_ID}/files" \
  -H "Authorization: Bearer ${BEARER_TOKEN}" \
  -F "idsOfValidSignatories=@/path/to/valid_id_front.jpg" \
  -F "idsOfValidSignatoriesBack=@/path/to/valid_id_back.jpg" \
  -F "mayorsOrBusinessPermit=@/path/to/business_permit.pdf" \
  -F "storePhoto=@/path/to/store_photo.jpg"

Response

Success Response

Status Code: 200 OK

files

array

required

List of successfully uploaded files with their metadata

Show File Object Properties

string

required

Unique identifier (UUID v4) assigned to the file in S3 storageFormat: UUID v4Example: "550e8400-e29b-41d4-a716-446655440000"

name

string

Sanitized original file nameExample: "valid_id_front.jpg"

fileType

string

required

Category/type of the uploaded fileValues: idsOfValidSignatories, idsOfValidSignatoriesBack, idsOfValidSignatoriesSignature, mayorsOrBusinessPermit, mayorsOrBusinessPermitBack, mayorsOrBusinessPermitSignature, birCert2303, birCert2303Back, birCert2303Signature, secCert, secCertBack, secCertSignature, gis, gisBack, gisSignature, aoiAndByLaws, aoiAndByLawsBack, aoiAndByLawsSignature, secretarysCert, secretarysCertBack, secretarysCertSignature, barangayBusinessPermit, barangayBusinessPermitBack, barangayBusinessPermitSignature, storePhoto

{
  "files": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "name": "valid_id_front.jpg",
      "fileType": "idsOfValidSignatories"
    },
    {
      "id": "550e8400-e29b-41d4-a716-446655440001",
      "name": "valid_id_back.jpg",
      "fileType": "idsOfValidSignatoriesBack"
    },
    {
      "id": "550e8400-e29b-41d4-a716-446655440002",
      "name": "business_permit.pdf",
      "fileType": "mayorsOrBusinessPermit"
    }
  ]
}

Error Responses

400 Bad Request - Invalid Merchant ID

Status Code: 400

{
  "statusCode": 400,
  "message": "Invalid merchant ID",
  "error": "Bad Request",
  "details": {
    "merchantIdReceived": "abc"
  }
}

Cause: The merchantId in the URL is not a valid numeric valueSolution: Ensure merchantId contains only digits

400 Bad Request - Merchant ID Mismatch

Status Code: 400

{
  "statusCode": 400,
  "message": "Merchant ID mismatch",
  "error": "Bad Request"
}

Cause: Regular user attempting to upload files for a different merchant accountSolution: Use the correct merchantId that matches your authenticated account, or use Super Admin credentials

400 Bad Request - No Files Received

Status Code: 400

{
  "statusCode": 400,
  "message": "No files received",
  "error": "Bad Request"
}

Cause: Request didn’t include any filesSolution: Include at least one file in the multipart/form-data request

400 Bad Request - Invalid File Content Type

Status Code: 400

{
  "statusCode": 400,
  "message": "Invalid file content type",
  "error": "Bad Request",
  "details": {
    "fileContentTypeReceived": "application/x-msdownload"
  }
}

Cause: File’s actual content (detected via magic bytes) is not JPEG, PNG, or PDFSolution: Only upload files with valid image or PDF content

400 Bad Request - Invalid File MIME Type

Status Code: 400

{
  "statusCode": 400,
  "message": "Invalid file MIME type",
  "error": "Bad Request",
  "details": {
    "mimeTypeReceived": "application/octet-stream"
  }
}

Cause: File’s MIME type header doesn’t match allowed typesSolution: Ensure Content-Type header is image/jpeg, image/png, or application/pdf

400 Bad Request - Invalid File Extension

Status Code: 400

{
  "statusCode": 400,
  "message": "Invalid file extension",
  "error": "Bad Request",
  "details": {
    "fileExtensionReceived": ".exe"
  }
}

Cause: File extension is not .jpg, .jpeg, .png, or .pdfSolution: Only upload files with allowed extensions

400 Bad Request - File Name Too Long

Status Code: 400

{
  "statusCode": 400,
  "message": "File name too long",
  "error": "Bad Request",
  "details": {
    "fileNameLengthReceived": 300
  }
}

Cause: File name exceeds 255 charactersSolution: Rename file to have a shorter name (max 255 characters)

400 Bad Request - File Size Too Large

Status Code: 400

{
  "statusCode": 400,
  "message": "File size exceeds 25MB limit",
  "error": "Bad Request"
}

Cause: File size exceeds 25MB limitSolution: Reduce file size or split into multiple files

400 Bad Request - Failed to Save

Status Code: 400

{
  "statusCode": 400,
  "message": "Failed to save merchant's VALID_IDS_OF_SIGNATORY file/s",
  "error": "Bad Request"
}

Cause: Error saving files to S3 or databaseSolution: Retry the request. If issue persists, contact support

401 Unauthorized

Status Code: 401

{
  "statusCode": 401,
  "message": "Account not found",
  "error": "Unauthorized"
}

Cause: Invalid or missing JWT Bearer tokenSolution: Ensure valid authentication token is provided in Authorization header

429 Too Many Requests

Status Code: 429

{
  "statusCode": 429,
  "message": "ThrottlerException: Too Many Requests"
}

Cause: Rate limit exceeded (more than 5 requests in 60 seconds)Solution: Wait 60 seconds before retrying. Implement exponential backoff in your application

Security Features

This endpoint implements OWASP File Upload Cheat Sheet best practices:

Extension Validation

Only .jpg, .jpeg, .png, .pdf extensions allowed

MIME Type Validation

Validates Content-Type header matches allowed types

Magic Bytes Validation

Uses file-type library to detect actual file content

File Size Limits

Maximum 25MB per file to prevent DoS attacks

File Name Sanitization

Strips dangerous characters from file names

Secure Storage

Files stored in S3 with UUID naming to prevent path traversal

Best Practices

Upload Files Before Submitting Onboarding

Upload all required documents before calling the Onboard Merchant endpoint:

// 1. Upload files first
const uploadResponse = await uploadOnboardingFiles(merchantId, files);

// 2. Extract file IDs
const fileIds = uploadResponse.files.map(f => f.id);

// 3. Submit onboarding with file references
const onboardingData = {
  merchantName: 'Acme Store',
  // ... other fields
  documentIds: fileIds
};

await onboardMerchant(onboardingData);

Validate Files Client-Side First

Check files before uploading to avoid unnecessary API calls:

function validateFile(file) {
  const errors = [];

  // Check file size (25MB = 26214400 bytes)
  if (file.size > 26214400) {
    errors.push('File exceeds 25MB limit');
  }

  // Check file extension
  const allowedExtensions = ['.jpg', '.jpeg', '.png', '.pdf'];
  const ext = '.' + file.name.split('.').pop().toLowerCase();
  if (!allowedExtensions.includes(ext)) {
    errors.push('Invalid file extension. Only JPG, PNG, PDF allowed');
  }

  // Check file name length
  if (file.name.length > 255) {
    errors.push('File name too long (max 255 characters)');
  }

  return errors;
}

Handle Rate Limiting Gracefully

Implement retry logic with exponential backoff:

async function uploadWithRetry(merchantId, files, maxRetries = 3) {
  let retries = 0;

  while (retries < maxRetries) {
    try {
      return await uploadOnboardingFiles(merchantId, files);
    } catch (error) {
      if (error.response?.status === 429) {
        const waitTime = Math.pow(2, retries) * 1000; // Exponential backoff
        console.log(`Rate limited. Waiting ${waitTime}ms before retry...`);
        await new Promise(resolve => setTimeout(resolve, waitTime));
        retries++;
      } else {
        throw error;
      }
    }
  }

  throw new Error('Max retries exceeded');
}

Organize Files by Document Type

Keep track of which files belong to which document category:

const documentFiles = {
  validIds: {
    front: '/path/to/id_front.jpg',
    back: '/path/to/id_back.jpg'
  },
  businessPermit: {
    front: '/path/to/permit.pdf'
  },
  storePhoto: '/path/to/store.jpg'
};

// Map to form field names
const formData = new FormData();
formData.append('idsOfValidSignatories', documentFiles.validIds.front);
formData.append('idsOfValidSignatoriesBack', documentFiles.validIds.back);
formData.append('mayorsOrBusinessPermit', documentFiles.businessPermit.front);
formData.append('storePhoto', documentFiles.storePhoto);

Compress Images Before Upload

Reduce file sizes while maintaining quality:

async function compressImage(file, maxSizeMB = 5) {
  const options = {
    maxSizeMB: maxSizeMB,
    maxWidthOrHeight: 1920,
    useWebWorker: true,
    fileType: file.type
  };

  try {
    const compressedFile = await imageCompression(file, options);
    console.log(`Compressed from ${file.size} to ${compressedFile.size}`);
    return compressedFile;
  } catch (error) {
    console.error('Compression failed:', error);
    return file; // Return original if compression fails
  }
}

Show Upload Progress

Provide feedback to users during upload:

async function uploadWithProgress(merchantId, files, onProgress) {
  const formData = new FormData();

  Object.entries(files).forEach(([fieldName, file]) => {
    formData.append(fieldName, file);
  });

  const response = await axios.post(
    `https://kyc.sbx.moduluslabs.io/v2/onboard/${merchantId}/files`,
    formData,
    {
      headers: {
        'Authorization': `Bearer ${token}`,
      },
      onUploadProgress: (progressEvent) => {
        const percentCompleted = Math.round(
          (progressEvent.loaded * 100) / progressEvent.total
        );
        onProgress(percentCompleted);
      }
    }
  );

  return response.data;
}

// Usage
uploadWithProgress(merchantId, files, (percent) => {
  console.log(`Upload progress: ${percent}%`);
  updateProgressBar(percent);
});

Use Cases

Initial Document Upload

Upload required documents when first creating an onboarding application

Document Updates

Replace or add documents after application has been declined

Additional Documents

Submit supplementary documents requested by compliance team

Document Corrections

Re-upload documents with better quality or correct information

Troubleshooting

Sending Strings Instead of Binary Files

Error: No files received or Invalid file content typeIssue: Sending file paths, URLs, or base64-encoded strings instead of actual binary file dataIncorrect Examples:

//  WRONG - Sending file path as string
formData.append('idsOfValidSignatories', '/path/to/file.jpg');

//  WRONG - Sending base64 string
formData.append('idsOfValidSignatories', 'data:image/jpeg;base64,/9j/4AAQ...');

//  WRONG - Sending URL
formData.append('idsOfValidSignatories', 'https://example.com/file.jpg');

Correct Examples:

//  CORRECT - Node.js with file stream
const fs = require('fs');
formData.append('idsOfValidSignatories',
  fs.createReadStream('/path/to/file.jpg'));

//  CORRECT - Browser with File object
const fileInput = document.getElementById('fileInput');
formData.append('idsOfValidSignatories', fileInput.files[0]);

//  CORRECT - Python with file handle
files = {'idsOfValidSignatories': open('/path/to/file.jpg', 'rb')}

//  CORRECT - PHP with CURLFile
$file = new CURLFile('/path/to/file.jpg', 'image/jpeg', 'file.jpg');

Solution: Always use proper file upload mechanisms that send binary data, not text representations

Magic Bytes Validation Failure

Error: Invalid file content typeIssue: File extension doesn’t match actual file contentCommon Causes:

Renamed file with wrong extension (e.g., .txt renamed to .jpg)
Corrupted file
File created by unsupported software

Solution:

Use legitimate image editing or PDF software
Don’t just rename file extensions
Verify file opens correctly before uploading
Try converting file to correct format using standard tools

File Too Large Even After Compression

Error: File size exceeds 25MB limitSolutions:

For PDFs: Split multi-page documents across front/back/signature fields
For images: Reduce resolution (1920px width is usually sufficient)
For images: Convert to JPEG with 80-85% quality
For images: Use online compression tools like TinyPNG or Squoosh
Consider splitting document into multiple logical files

Rate Limit Issues During Bulk Upload

Error: 429 Too Many RequestsIssue: Trying to upload files for multiple merchants quicklySolutions:

Implement rate limiting in your application (max 5 requests per 60s)
Add delays between merchant file uploads
Queue uploads and process with appropriate spacing
Use exponential backoff for retries

const delay = ms => new Promise(resolve => setTimeout(resolve, ms));

async function uploadForMultipleMerchants(merchantFileMap) {
  const results = [];

  for (const [merchantId, files] of Object.entries(merchantFileMap)) {
    try {
      const result = await uploadOnboardingFiles(merchantId, files);
      results.push({ merchantId, success: true, data: result });
    } catch (error) {
      results.push({ merchantId, success: false, error: error.message });
    }

    // Wait 12 seconds between uploads (5 requests per 60s = 1 per 12s)
    await delay(12000);
  }

  return results;
}

Multipart Form Data Encoding Issues

Issue: Files not being received by server or showing as undefinedSolutions for Different Languages:Node.js:

// Use form-data package, not URLSearchParams
const FormData = require('form-data');
const form = new FormData();
form.append('idsOfValidSignatories', fs.createReadStream(filePath));

// Include form headers
axios.post(url, form, {
  headers: {
    'Authorization': `Bearer ${token}`,
    ...form.getHeaders()  // Important!
  }
});

Python:

# Let requests handle Content-Type header
files = {'idsOfValidSignatories': open(file_path, 'rb')}
headers = {'Authorization': f'Bearer {token}'}
# Don't set Content-Type manually
requests.post(url, headers=headers, files=files)

PHP:

// Use CURLFile, not @ syntax (deprecated)
$file = new CURLFile($filePath, 'image/jpeg', 'filename.jpg');

File Name Sanitization Concerns

Issue: Uploaded file name doesn’t match originalExplanation: File names are sanitized for security:

Special characters removed
Path traversal sequences removed (../, ..)
Length truncated to 255 characters

Best Practice:

Use simple, descriptive file names
Avoid special characters
Use the returned id field to reference files, not name
Store your own mapping of file IDs to original names if needed

Document Checklist

Use this checklist to ensure you have all required documents before uploading:

Next Steps

Onboard Merchant

Submit onboarding application after uploading files

Retrieve Onboarding Status

Check onboarding application status

Update Onboarding Data

Update declined application with corrected documents

Error Handling

Complete error code reference

Authorizations

Authorization

string

header

required

JWT Bearer token authentication

Path Parameters

merchantId

string

required

The merchant's account ID (numeric string)

Body

multipart/form-data

idsOfValidSignatories

file

Valid government-issued IDs of authorized signatories (front side)

idsOfValidSignatoriesBack

file

Back side of valid IDs

idsOfValidSignatoriesSignature

file

Signature specimen from valid IDs

mayorsOrBusinessPermit

file

Mayor's Permit or Business Permit (front)

mayorsOrBusinessPermitBack

file

Back side of Mayor's/Business Permit

mayorsOrBusinessPermitSignature

file

Signature page of Mayor's/Business Permit

birCert2303

file

BIR Certificate of Registration (Form 2303) - front

birCert2303Back

file

Back side of BIR Certificate 2303

birCert2303Signature

file

Signature page of BIR Certificate 2303

secCert

file

SEC Certificate - front

secCertBack

file

Back side of SEC Certificate

secCertSignature

file

Signature page of SEC Certificate

gis

file

General Information Sheet - front

gisBack

file

Back side of GIS

gisSignature

file

Signature page of GIS

aoiAndByLaws

file

Articles of Incorporation and By-Laws - front

aoiAndByLawsBack

file

Back side of AOI and By-Laws

aoiAndByLawsSignature

file

Signature page of AOI and By-Laws

secretarysCert

file

Secretary's Certificate - front

secretarysCertBack

file

Back side of Secretary's Certificate

secretarysCertSignature

file

Signature page of Secretary's Certificate

barangayBusinessPermit

file

Barangay Business Permit - front

barangayBusinessPermitBack

file

Back side of Barangay Business Permit

barangayBusinessPermitSignature

file

Signature page of Barangay Business Permit

storePhoto

file

Photo of the store/business establishment (must show visible store name)

Response

Files uploaded successfully

files

object[]

List of successfully uploaded files

Show child attributes

QR API

Onboarding API

Webhooks API

​Overview

​Authentication

​Authorization Rules

​Path Parameters

​Request Body

​File Requirements

Allowed Formats

File Size Limit

File Name Length

Validation Levels

​Required Documents by Business Type

​Document Fields

​Valid IDs

​Mayor’s Permit / Business Permit

​BIR Certificate 2303

​SEC Certificate

​General Information Sheet (GIS)

​Articles of Incorporation and By-Laws

​Secretary’s Certificate

​Barangay Business Permit

​Store Photo

​Code Examples

​Response

​Success Response

​Error Responses

​Security Features

Extension Validation

MIME Type Validation

Magic Bytes Validation

File Size Limits

File Name Sanitization

Secure Storage

​Best Practices

​Use Cases

Initial Document Upload

Document Updates

Additional Documents

Document Corrections

​Troubleshooting

​Document Checklist

​Next Steps

Onboard Merchant

Retrieve Onboarding Status

Update Onboarding Data

Error Handling

Authorizations

Path Parameters

Body

Response

Overview

Authentication

Authorization Rules

Path Parameters

Request Body

File Requirements

Required Documents by Business Type

Document Fields

Valid IDs

Mayor’s Permit / Business Permit

BIR Certificate 2303

SEC Certificate

General Information Sheet (GIS)

Articles of Incorporation and By-Laws

Secretary’s Certificate

Barangay Business Permit

Store Photo

Code Examples

Response

Success Response

Error Responses

Security Features

Best Practices

Use Cases

Troubleshooting

Document Checklist

Next Steps