π Release #1 - V1.1.0
New API reference v1.1.0 βhttps://mipisepaymentservices.readme.io/v1.1/reference/introduction
This release brings major enrichments to the User, Person and Address resources to support enhanced KYC/KYB, AML/CFT (LCB-FT), UBO and FATCA/CRS
requirements. It also introduces automatic credit card commissions, outbound webhook signatures and new webhook events.
π At a glance
| Category | Highlights |
|---|---|
| π New endpoints | List / create / read persons under a user |
| π New person fields | UBO data, full LCB-FT profile, FATCA/CRS, structured address |
| π€ New user fields | validation_status, qualified_at |
| π³ Payments | Auto-charged commission on credit card pay-ins, card brand returned |
| π Webhooks | HMAC signatures, JSON delivery, 3 new event types |
| β οΈ Breaking | DOCUMENT_FALSIFIED β COMPLIANCE_REASON |
β οΈ Breaking changes
π« Document rejection reason β DOCUMENT_FALSIFIED removed
DOCUMENT_FALSIFIED removedThe reject reason DOCUMENT_FALSIFIED has been replaced by the broader COMPLIANCE_REASON. New rejections will no longer use the old value.
- DOCUMENT_FALSIFIED
+ COMPLIANCE_REASON
Action required β Update any client filtering or branching on rejection reasons. The change applies to thereject_reasonsenum returned on document detail and document list endpoints.
β¨ New features
π UBO digitalization
Persons (Ultimate Beneficial Owners and legal representatives) can now be managed through dedicated REST endpoints. UBO information is carried in a new structured role_data object on natural persons.
π New endpoints
| Method | Path | Purpose |
|---|---|---|
GET | /platforms/{platformUUID}/users/{userUUID}/persons | List persons linked to a user |
POST | /platforms/{platformUUID}/users/{userUUID}/persons | Create one or more persons for a user |
GET | /platforms/{platformUUID}/users/{userUUID}/persons/{personUUID} | Retrieve a single person |
𧬠role_data object β natural persons only
role_data object β natural persons only| Field | Type | I/O | Description |
|---|---|---|---|
roles | string[] | in / out | Subset of ["ubo", "legal_representative"] |
ubo_prct | number | in / out | Percentage of beneficial ownership held by the person |
ubo_by_control | boolean | in / out | UBO by effective control over the linked legal person |
ubo_is_indirect | boolean | in / out | UBO via shares held in an intermediate legal person |
ubo_end_date | date | in / out | Date on which the UBO status ends (cannot be in the future) |
ubo_start_date | date | π out only | Date on which the UBO status started β set automatically by the server when the person is flagged as UBO |
π Address β structured street components
Three new structured fields are now exposed on the address payload:
- π’
numberβ street number (e.g."123") - π£οΈ
road_typeβ street category ("road","street","boulevard", β¦) - π·οΈ
road_nameβ street name
Backward compatible β nothing breaks today.address_line1is still accepted on input and still returned on output alongside the new fields. Existing clients keep working for creating, updating and reading addresses, and no validation currently enforces the structured form.
Future direction. The structured fields are intended to replaceaddress_line1. A grace period is in place so platforms can migrate at their own pace; once it ends,address_line1will be deprecated and the structured form will become required for KYC/KYB. Start populatingnumber/road_type/road_namein your integrations now to be ready.
πͺͺ LCB-FT user enrichment
A wide set of fields previously unavailable through the API has been opened on persons to support reinforced due-diligence requirements. All fields are accepted on creation and update, and returned in person responses.
π₯ Common fields (all person types)
- π°
annual_revenueβ enum of revenue ranges (natural_inf_30000β¦legal_sup_50000000) - πΌ
financial_capacityβ enum of wealth ranges (natural_inf_50000β¦legal_sup_20000000) - π
country_of_originβ ISO 3166-1 alpha-2 - π΅
source_of_fundsβsalary_or_professional_income/personal_savings_or_available_funds/capital_income/asset_sale/inheritance_or_donation/
external_financing/capital_contribution_or_fundraising/other_or_not_disclosed - βοΈ
origin_of_funds_otherβ free text used whensource_of_funds = other_or_not_disclosed - π
tax_country_code_1/_2/_3β ISO 3166-1 alpha-2 - π’
tin_code_1/_2/_3β Tax Identification Number for the matching tax country - π
no_tin_reason_1/_2/_3β alternative totin_code_*when no TIN is held - β
is_primary_1/_2/_3β flags the main tax country - π€
is_intermediated_by_third_partyβ required to validate the user's wallet
π€ Natural-person only
- π
civilityβmr/mrs/no_gender/unknown - π
phone_numberβ phone with country code - πΌ
professional_situationβ French PCS-2020 code - ποΈ
birth_city,birth_provinceβ birth location (birth_provinceenum covers US states, Canadian provinces and Mexican states; required when birth country is US/CA/MX)
π’ Legal-person only
- π
legal_classification_codeβ French INSEE legal classification - π·οΈ
activity_classification_codeβ French INSEE activity classification (NAF) - π
registration_date - π
registration_numberβ French RCS number (alternative torna) - π
rnaβ French RNA association number (alternative toregistration_number)
πΊπΈ FATCA / CRS compliance data
Persons can now carry FATCA and CRS compliance information.
Optional during this release to give agents time to comply. They will become required for KYC/KYB validation in a future release.
π₯ Request format β nested under a fatca_crs_data object (depending on the person type):
{
"type": "Persons::Natural",
"fatca_crs_data": {
"us_citizen_or_resident": false
}
}{
"type": "Persons::Legal",
"fatca_crs_data": {
"us_legal_us_person": false,
"is_fatca_fi": false,
"is_registered_fatca_fi": false,
"giin": "98Q96B.00000.LE.250",
"is_nffe_fatca_active": true,
"is_nffe_fatca_passive": false,
"is_crs_fi": false,
"is_nffe_crs": true
}
} π€ Response format β the same fields are returned flat at the top level of the person object (not nested under fatca_crs_data).
π Conditional rules
is_registered_fatca_fiis required whenis_fatca_fi = truegiinis required whenis_registered_fatca_fi = true
π’ User qualification status
The user response now exposes the user's compliance lifecycle.
| Field | Description |
|---|---|
validation_status | validated or not_validated |
qualified_at | Date-time at which the user reached the qualified state (validated + additional verifications passed) |
A new webhook event accompanies this lifecycle:user_qualified(see Webhook events below). The pre-existinguser_dequalifiedevent remains unchanged.
π³ Credit card commissions
A commission is now automatically charged on credit card pay-ins, based on the platform's commission settings configured by Mipise.
π οΈ For API consumers
- β No request changes β the commission is computed and applied server-side. Your existing pay-in payloads keep working.
- π New webhook events β
commission_failedandcommission_successfulallow you to track each commission outcome (see Webhook events below). The commission is delivered as its own financial request of subtypePaymentCommission, separate from the originating pay-in. - π¦ New response field on credit card pay-ins β
monext_credit_card_type: brand of the card used ("VISA","MASTERCARD","CB", β¦).
π Webhook signatures and JSON delivery
Webhook deliveries can now be signed and emitted as JSON.
π HMAC SHA-256 signature
When a signing secret is configured for the platform (managed from the events subscriptions back-office page: generate / regenerate / delete), every notification carries:
X-Mps-Event-Signature: sha256=<hex_digest>
The signature is always computed over the JSON serialization of the notification body β regardless of the subscription's transport format.
β To verify a notification
- Compute the HMAC SHA-256 of the JSON-encoded notification body using your secret.
- Compare the resulting hex digest to the value after
sha256=. - Reject mismatched or missing signatures whenever a secret is configured.
π¦ Notification format
Subscriptions now expose a request_format:
- π
form_data(default, backward-compatible) βapplication/x-www-form-urlencoded - π§Ύ
jsonβapplication/json
π¨ Notification payload
| Field | Type | Description |
|---|---|---|
id | uuid | Unique identifier of the notification |
event_type | string | Subscribed event name |
platform_id | uuid | Platform that triggered the event |
target_id | uuid | Resource concerned by the event |
target_type | string | Class of the resource (e.g. Financial::Request) |
The endpoint must respond with HTTP200to acknowledge delivery.
π New webhook events
The following event types can now be subscribed to:
| Event | Trigger |
|---|---|
commission_failed | A credit card commission failed to settle |
commission_successful | A credit card commission was successfully settled |
user_qualified | A user reached the qualified state |
π Documentation alignment
The API reference has been aligned with the actual API behavior on a few fields that were already shipped in earlier releases but were still documented under their previous names:
| Documented now as | Was previously documented as | Where |
|---|---|---|
person_signatory_uuid | person_representative_uuid | User response |
user_signatory | user_representative | Person body |
If your client was already integrated against the live API, no change is required on your side β these fields have been returned under their new names for several
months.
π Reference
- π API reference (v1.1.0) β https://mipisepaymentservices.readme.io/v1.1/reference/introduction