> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bluumfinance.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Submit a compliance check result

> Submit the result of an async verification flow (e.g. Persona inquiry
SDK, Dojah widget) as an alternative to webhook-based completion.
`provider_payload` carries the provider's callback/completion data.




## OpenAPI

````yaml /api-reference/openapi.yaml post /investors/{investor_id}/compliance/submit
openapi: 3.0.0
info:
  title: Bluum Finance Investment API
  version: 1.0.0
  description: >
    The Bluum Finance API provides embeddable investment experiences, allowing
    fintech partners to manage investor accounts, facilitate trading, handle
    document uploads, and manage wallet operations.


    ### Response conventions


    Every resource response carries a small, consistent set of envelope keys

    followed by domain fields:


    ```json

    {
      "id": "<prefix>_<base32>",
      "object": "<resource>",
      "created": <unix_seconds>,
      "livemode": <boolean>,
      "metadata": { ... },
      ... domain fields ...
    }

    ```


    List endpoints return:


    ```json

    {
      "object": "list",
      "url": "/v1/<resource>",
      "has_more": false,
      "data": [ <resource>... ]
    }

    ```


    Errors are wrapped in:


    ```json

    {
      "error": {
        "type": "invalid_request_error",
        "code": "BLUM-400-001",
        "message": "...",
        "param": "tax_id"
      }
    }

    ```


    See `ResourceEnvelope`, `ListEnvelope`, and `ErrorEnvelope` in

    `shared-schemas.yaml` for the full schemas.


    ### Product entitlements


    Core investing (accounts, funding, trading, positions, documents,

    webhooks) is available to every tenant. Three surfaces are add-on products

    that must be enabled for your tenant before use:


    - **Market Data** — `/v1/market-data/*`

    - **Cash Management** — `/v1/cash-management/*`


    Calling a disabled product returns HTTP `403` with the legacy

    `{ "status": "error", "code": "PRODUCT_NOT_ENABLED", "message": "..." }`

    body (not the standard error envelope). Contact your Bluum account manager

    to enable a product.


    ### Field naming


    - snake_case throughout (no camelCase)

    - `email` / `phone` (not `email_address` / `phone_number`)

    - `first_name` / `middle_name` / `last_name` (not `given_name` /
    `family_name`)

    - `address: { street: [string], unit?, city, state?, postal_code?, country
    }`
      (the `street` array form preserves multi-line addresses; ISO 3166-1
      alpha-2 country code on `address.country` and on the top-level
      `country_of_*` fields)
    - `quantity` (not `qty`)

    - Status enums are lowercase Bluum-native vocabulary (e.g. `pending` /
    `filled` / `cancelled` / `failed`)


    Regulatory vocabulary (CAIS / FINRA / IRS / FATF) is preserved verbatim

    (e.g. `tax_id_type`, `country_of_tax_residence`, `is_politically_exposed`,

    `funding_source`).


    ### Terminology


    The investor resource lives at `/v1/investors`. Path parameter is

    `investor_id`.


    ### Asset classification


    Assets carry a canonical `(class, country)` pair:

    - `class`: `equity` | `etf` | `bond` | `bill` | `note` | `mutual_fund` |
      `derivative` | `cryptocurrency` | `commodity` | `real_estate` | `cash`
    - `country`: ISO 3166-1 alpha-2, lower-case (`us`, `ng`, …). Null for
      country-agnostic instruments (most crypto).

    ### Fixed income (bonds)


    Bond orders use the same `POST /v1/investors/{investor_id}/orders`

    endpoint as equities, with bond-specific semantics:

    - `quantity` carries **face value** (e.g. `"10000"` for $10k face),
      and must be a multiple of the bond's `min_increment`.
    - `limit_price` is quoted as **% of par** (e.g. `"99.875"` = 99.875%
      of face value).
    - `settlement_date` is optional; defaults to T+1 for US treasuries
      and T+2 for corporates.
    - Bond quote responses (`/v1/market-data/assets/{symbol}/quote`)
      include a `bond` block with clean/dirty price, accrued interest,
      and yield to maturity.

    Bond trading must be explicitly enabled on the tenant before orders

    will route. Contact Bluum support to flip `fixedIncomeEnabled`.


    ### Authentication


    HTTP Basic Authentication. **API Key** is the username, **API Secret** is

    the password. Base64-encode `API_KEY:API_SECRET` and send in the

    `Authorization` header.
servers:
  - url: https://api.bluumfinance.com/v1
    description: Production Environment
  - url: https://sandbox.api.bluumfinance.com/v1
    description: Sandbox/Testing Environment
  - url: https://service.bluumfinance.com/v1
    description: Production Environment (legacy alias)
  - url: https://test-service.bluumfinance.com/v1
    description: Sandbox/Testing Environment (legacy alias)
security:
  - BluumApiKeyAuth: []
  - BearerAuth: []
tags:
  - name: Investors
    description: Create and manage investor accounts, wallets, and transactions.
  - name: API Keys
    description: Mint, list, and revoke investor-scoped API keys for programmatic access.
  - name: Compliance
    description: Investor compliance workflows, KYC checks, and document submissions.
  - name: Transfers
    description: Deposit and withdrawal operations for investor wallets.
  - name: Funding Sources
    description: Connect and manage external funding sources (Plaid, bank accounts).
  - name: Trading
    description: Place, list, and cancel investor orders.
  - name: Positions
    description: View investor portfolio positions.
  - name: Assets
    description: Search and retrieve asset reference data.
  - name: Document Management
    description: Upload, list, and download documents.
  - name: Markets
    description: Market reference data, status, calendar, and halts.
  - name: Market Data
    description: Real-time quotes, snapshots, and historical bars (paywalled product).
  - name: Webhooks
    description: Register and manage webhook endpoints for event delivery.
  - name: Disclosures
    description: >-
      Partner-facing disclosure library (verbatim regulated copy, PDFs) +
      per-investor acceptance trail.
  - name: Cash Sweep
    description: >-
      High Yield Cash (HYC) / FDIC Bank Sweep enrollment, tier management, and
      interest reporting.
  - name: Cash Management
    description: >-
      Multi-currency, zero-day-liquidity yield on cash — programs, eligibility,
      enrollment, sweeps, withdrawals, earnings.
paths:
  /investors/{investor_id}/compliance/submit:
    post:
      tags:
        - Compliance
      summary: Submit a compliance check result
      description: |
        Submit the result of an async verification flow (e.g. Persona inquiry
        SDK, Dojah widget) as an alternative to webhook-based completion.
        `provider_payload` carries the provider's callback/completion data.
      operationId: submitComplianceCheck
      parameters:
        - $ref: '#/components/parameters/parameters-InvestorIdPath'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SubmitComplianceCheckRequest'
            example:
              workflow_id: cw_01j9x8m2k7qpzwv3t5r6y8n0ab
              check_type: identity_verification
              provider_payload:
                event_type: inquiry.approved
                inquiry_id: inq_abc123def456
                status: approved
      responses:
        '200':
          description: Check result processed successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ComplianceCheckResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '404':
          $ref: '#/components/responses/NotFoundError'
        '409':
          $ref: '#/components/responses/ConflictError'
components:
  parameters:
    parameters-InvestorIdPath:
      name: investor_id
      in: path
      required: true
      schema:
        type: string
      description: The prefixed public id of the investor (e.g. `inv_…`).
  schemas:
    SubmitComplianceCheckRequest:
      type: object
      required:
        - workflow_id
        - check_type
        - provider_payload
      properties:
        workflow_id:
          type: string
          description: >-
            The compliance workflow ID returned in the `compliance_checks` array
            during account creation.
          example: a1b2c3d4-e5f6-7890-abcd-ef1234567890
        check_type:
          type: string
          enum:
            - identity_verification
            - tax_id_verification
            - screening
            - business_verification
          description: >
            The type of compliance check being submitted. Must match one of the
            checks returned during account creation.
          example: identity_verification
        provider_payload:
          type: object
          additionalProperties: true
          description: >
            Provider-specific callback/completion payload. Contents depend on
            the provider:

            - **Persona**: Include the inquiry/transaction completion data
            (e.g., `event_type`, `inquiry_id`, `status`).

            - **Dojah**: Include the widget completion data (e.g.,
            `verification_status`, `reference_id`).
    ComplianceCheckResponse:
      type: object
      properties:
        workflow_id:
          type: string
          description: The compliance workflow this check belongs to.
          example: a1b2c3d4-e5f6-7890-abcd-ef1234567890
        check_type:
          type: string
          enum:
            - identity_verification
            - tax_id_verification
            - screening
            - risk_assessment
            - business_verification
          description: The type of compliance check performed.
          example: identity_verification
        status:
          type: string
          enum:
            - pending
            - clear
            - failed
            - review_required
            - error
          description: >
            Current status of the check:

            - `pending` — Async verification in progress; use `verification_url`
            or `verification_token` for user completion.

            - `clear` — Verification passed.

            - `failed` — Verification failed.

            - `review_required` — Manual review needed (e.g., potential
            PEP/sanctions match).

            - `error` — Provider error during verification.
          example: pending
        provider:
          type: string
          nullable: true
          description: >-
            The verification provider handling this check (e.g.,
            persona-identity, persona-taxid, dojah).
          example: persona-identity
        external_id:
          type: string
          nullable: true
          description: Provider-specific reference ID for the verification.
          example: inq_abc123def456
        verification_url:
          type: string
          nullable: true
          description: |
            User-facing verification URL for async checks, when available.
          example: https://withpersona.com/verify?inquiry-id=inq_abc123def456
        verification_token:
          type: string
          nullable: true
          description: >
            Provider token or SDK configuration for client-side verification,
            when available.
          example: null
    ErrorEnvelope:
      type: object
      description: |
        Error envelope. The Bluum-specific `BLUM-XXX-XXX`
        code is carried in `error.code`; `error.type` is the broad
        category clients branch on.
      required:
        - error
      properties:
        error:
          type: object
          required:
            - type
            - code
            - message
          properties:
            type:
              type: string
              enum:
                - invalid_request_error
                - authentication_error
                - permission_error
                - not_found_error
                - conflict_error
                - idempotency_error
                - rate_limit_error
                - api_error
              example: invalid_request_error
            code:
              type: string
              description: The Bluum-specific error code.
              example: BLUM-400-001
            message:
              type: string
              description: Developer-facing message.
            param:
              type: string
              description: Field path of the invalid input.
              example: tax_id
            doc_url:
              type: string
              format: uri
              example: https://docs.bluum.finance/errors/BLUM-400-001
            request_log_url:
              type: string
              format: uri
              description: Deep link to the request log in the partner dashboard.
  responses:
    BadRequestError:
      description: The request was malformed or failed validation.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
          example:
            error:
              type: invalid_request_error
              code: BLUM-400-002
              message: Required field 'symbol' is missing.
              param: symbol
    NotFoundError:
      description: The requested resource could not be found.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
          example:
            error:
              type: not_found_error
              code: BLUM-404-001
              message: Investor not found.
    ConflictError:
      description: The request conflicts with the current state of the resource.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
          example:
            error:
              type: conflict_error
              code: BLUM-409-002
              message: >-
                Investor has open positions. Liquidate all positions before
                closing.
  securitySchemes:
    BluumApiKeyAuth:
      type: http
      scheme: basic
      description: >
        HTTP Basic Authentication using the **API Key** as username and **API
        Secret** as password.
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: |
        JWT token from Clerk authentication

````