API Reference
Explore SandboxPartner PortalMerchant Portal
Start typing to search…

Overview

📘

Sign-Up API Beta

The Sign-Up API is currently in Beta and is only available to NMI Payments partners participating in our merchant acquiring program. This feature is not applicable to Gateway or Merchant Central partners. If you’re unsure whether this applies to your integration—or if you're interested in joining the Beta—please reach out to your Account Manager.

The Sign-Up API allows NMI Payments partners to create and manage merchant onboarding workflows via a structured set of API calls. Partners can:

  • Submit new merchant applications for risk review
  • Receive real-time updates on risk decisions and pending actions
  • Retrieve Gateway and Merchant IDs once applications are approved

The API includes endpoints for authentication, application management, package handling, and webhook event subscriptions.

High-Level API workflow


Webhook Events

  • One-time setup to receive webhook events.

  • API Request: API request with the callback URL to receive webhook events.

  • API Response: Acknowledgment of submission or validation errors.

Legal Consent Helper

  • One-time setup, a lightweight script to easily embed consent forms into a webpage.

  • Integration: Simple JavaScript snippet that loads and displays the legal consent page.

  • Configuration Options: Customize appearance and container location.

  • Event Handling: Monitor user interactions with the consent widget.

Packages

A package is an entity defining the rules, field list and their requirements for an application.

This is a one-time setup to gather package details for application submission.

1. Fetch Available Packages

  • API Request: API request to retrieve a list of available packages.

  • API Response: Returns a list of package options with their respective ids.

2. Fetch Fields for a Selected Package

  • API Request: API request with the selected package id to get field details and requirements.

  • API Response: Returns package rules, the list of fields, and collections needed for the package.

Application Submission

1. Create application

  • API Request: API request with package id to create an application and corresponding field data with requirements of the package.

  • API Response: Acknowledgment of submission or validation errors.

2. Update application

  • API Request: API request with application id to update an application and corresponding field data with requirements of the package.

  • API Response: Acknowledgment of submission or validation errors.

3. Get Legal Consent

  • API Request: API request with application id.

  • API Response: Returns legal consent URL for the application.

4. Submit Application

  • API Request: API request with the application id.

  • API Response: Acknowledgment of submission or validation errors.


Other Common Terms

Package: A package is a predefined configuration of fields and collections used to gather the merchant application data. It serves as a form template or schema that outlines what information must be collected and how it should be validated.

Field: A field defines a single data input within a package or collection. Each field specifies the structure, validation rules, and metadata required to capture a specific piece of information.

Collection: A collection is a grouped, repeatable set of related fields within a package. It allows you to represent multiple instances of a logical entity—such as beneficial owners or bank accounts within an application.

Package Rule: Package rules are the validation rules and constraints that control how a package behaves. They make sure the data submitted through the package is complete, properly formatted, and within expected limits.


Idempotent Write Requests

Idempotency ensures that making the same API request multiple times produces the same result as making it once. For write operations (e.g., POST, PUT, DELETE), this prevents duplicate resources or repeated side effects when a request is retried.

For example, submitting the same application request twice with the same idempotency key results in only one submission—even if a retry occurs due to a timeout.

To enable idempotency, include a unique key in the Idempotency-Key HTTP header with your write request. You can use a UUID as the idempotency key. If the response is a replay of a previous request, it will include the header Idempotent-Replayed: true.