Developers

Search for documents

Dev

Agreements

Sign the Valpay T&C, Adyen Service Agreement, and (when applicable) Adyen PCI DSS attestation for an existing merchant. Sign one, several, or all in a single call.

All endpoints require either a JWT Bearer token in the Authorization header or an API key in the X-API-KEY header.

Base URL: https://onboarding.valpay.com.

GET `/v1/adyen/merchants/{merchant_id}/agreements`

Get applicable agreements for a merchant

Returns the signing bundle — the same shape included in the create-merchant response. Use this to check per-agreement signed state. Document content is fetched separately via GET /v1/adyen/merchants/{merchant_id}/agreements/{type}/document.

Parameters

Name	In	Type	Required	Description
`merchant_id`	path	`string`	Yes	Merchant UUID.

Responses

Status	Description
`200`	Applicable agreements retrieved successfully
`401`	Authentication failed — missing or invalid credentials
`404`	Merchant not found — also returned for cross-tenant access (we never confirm whether a uuid exists outside the caller's tenant)

Response schema (2xx)

Field	Type	Required	Description
`success`	`boolean`	No
`data`	`array<object>`	No	All agreements applicable to this merchant. PCI is omitted when not required.
`message`	`string`	No

POST `/v1/adyen/merchants/{merchant_id}/agreements`

Sign agreements for a merchant

Signs the agreements the caller submits — one, several, or all of the applicable list. The signature block carries only the signer's first and last name; each type in agreements must be in the applicable list returned by GET /agreements. Inapplicable entries are rejected with 400. Already-signed agreements (same signer) are silently skipped. A different signer on an already-signed agreement is rejected with 409.

Parameters

Name	In	Type	Required	Description
`merchant_id`	path	`string`	Yes	Merchant UUID.

Request body (required)

Field	Type	Required	Description
`signature`	`object`	Yes
`agreements`	`array<object>`	Yes	Every agreement the caller is signing in this atomic call. Must exactly match the applicable list returned by GET /agreements / create-merchant — both extras and omissions are rejected.

Responses

Status	Description
`200`	All requested agreements signed successfully (or — on a retry — already signed by the same signer)
`400`	Bad request — submitted list contains an agreement that doesn't apply to this merchant, or the body fails validation
`401`	Authentication failed
`404`	Merchant not found — also returned for cross-tenant access
`409`	Conflict — an already-signed agreement is being re-signed by a different signer

Response schema (2xx)

Field	Type	Required	Description
`success`	`boolean`	No
`data`	`array<object>`	No	All agreements applicable to this merchant. PCI is omitted when not required.
`message`	`string`	No

GET `/v1/adyen/merchants/{merchant_id}/agreements/{type}/document`

Fetch the document for one agreement

Returns the document for the merchant. VALPAY_TC → HTML download (text/html); ADYEN_SERVICE_AGREEMENT → PDF download; ADYEN_PCI_DSS → JSON form definition (when not yet signed) or PDF download of the completed questionnaire (when already signed).

Parameters

Name	In	Type	Required	Description
`merchant_id`	path	`string`	Yes	Merchant UUID.
`type`	path	`string (enum)`	Yes	Which agreement's document to fetch. One of: `VALPAY_TC`, `ADYEN_SERVICE_AGREEMENT`, `ADYEN_PCI_DSS`

Responses

Status	Description
`200`	Document returned to the partner. - `VALPAY_TC` → rendered Valpay contract HTML served as a file download (`text/html`, `Content-Disposition: attachment`). The document is fetched server-side from its S3 origin so the response stays on the API origin — this keeps Bearer and API-key browser clients behaving identically (a cross-origin 302 would propagate `x-api-key` to the S3 host and trip CORS). Partner UIs that want to render the contract inline should fetch via XHR and inject via `srcdoc` on an iframe. - `ADYEN_SERVICE_AGREEMENT` → binary PDF served as a file download (`application/pdf`, `Content-Disposition: attachment`). - `ADYEN_PCI_DSS` (not yet signed) → standard JSON envelope (`{ success, data, message }`) where `data` is the questionnaire form definition the partner UI renders as inputs. - `ADYEN_PCI_DSS` (already signed) → binary PDF of the completed questionnaire, served as a file download.
`400`	Unknown agreement type (the `:type` path param failed enum validation).
`401`	Authentication failed
`404`	Merchant not found, cross-tenant access, or the requested document is not currently available for this merchant (e.g., Valpay contract URL not set, Adyen reports no pending service-agreement ToS, or PCI is not applicable).

Response schema (2xx)

Field	Type	Required	Description
`success`	`boolean`	No
`data`	`object`	No	Adyen PCI questionnaire form definition. Shape is determined by Adyen and may include nested sections, questions, and answer options that the partner UI renders as inputs.
`message`	`string`	No

Examples

GET `/v1/adyen/merchants/{merchant_id}/agreements`

curl https://onboarding.valpay.com/v1/adyen/merchants/8f14e45f-ceea-467f-a1d6-2f9a1e6b0c01/agreements \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

curl https://onboarding.valpay.com/v1/adyen/merchants/8f14e45f-ceea-467f-a1d6-2f9a1e6b0c01/agreements \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

curl https://onboarding.valpay.com/v1/adyen/merchants/8f14e45f-ceea-467f-a1d6-2f9a1e6b0c01/agreements \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Response 200 (illustrative):

{
  "success": true,
  "data": [
    { "type": "VALPAY_TC", "signed": false },
    { "type": "ADYEN_SERVICE_AGREEMENT", "signed": false }
  ],
  "message": "Applicable agreements retrieved successfully"
}

{
  "success": true,
  "data": [
    { "type": "VALPAY_TC", "signed": false },
    { "type": "ADYEN_SERVICE_AGREEMENT", "signed": false }
  ],
  "message": "Applicable agreements retrieved successfully"
}

{
  "success": true,
  "data": [
    { "type": "VALPAY_TC", "signed": false },
    { "type": "ADYEN_SERVICE_AGREEMENT", "signed": false }
  ],
  "message": "Applicable agreements retrieved successfully"
}

POST `/v1/adyen/merchants/{merchant_id}/agreements`

curl -X POST https://onboarding.valpay.com/v1/adyen/merchants/8f14e45f-ceea-467f-a1d6-2f9a1e6b0c01/agreements \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "signature": { "firstName": "Jane", "lastName": "Doe" },
    "agreements": [
      { "type": "VALPAY_TC" },
      { "type": "ADYEN_SERVICE_AGREEMENT" }
    ]
  }'

curl -X POST https://onboarding.valpay.com/v1/adyen/merchants/8f14e45f-ceea-467f-a1d6-2f9a1e6b0c01/agreements \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "signature": { "firstName": "Jane", "lastName": "Doe" },
    "agreements": [
      { "type": "VALPAY_TC" },
      { "type": "ADYEN_SERVICE_AGREEMENT" }
    ]
  }'

curl -X POST https://onboarding.valpay.com/v1/adyen/merchants/8f14e45f-ceea-467f-a1d6-2f9a1e6b0c01/agreements \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "signature": { "firstName": "Jane", "lastName": "Doe" },
    "agreements": [
      { "type": "VALPAY_TC" },
      { "type": "ADYEN_SERVICE_AGREEMENT" }
    ]
  }'

Response 200: the signed agreements list.

GET `/v1/adyen/merchants/{merchant_id}/agreements/{type}/document`

curl -OJ https://onboarding.valpay.com/v1/adyen/merchants/8f14e45f-ceea-467f-a1d6-2f9a1e6b0c01/agreements/ADYEN_SERVICE_AGREEMENT/document \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

curl -OJ https://onboarding.valpay.com/v1/adyen/merchants/8f14e45f-ceea-467f-a1d6-2f9a1e6b0c01/agreements/ADYEN_SERVICE_AGREEMENT/document \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

curl -OJ https://onboarding.valpay.com/v1/adyen/merchants/8f14e45f-ceea-467f-a1d6-2f9a1e6b0c01/agreements/ADYEN_SERVICE_AGREEMENT/document \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Response 200: the agreement document as a file download (PDF in this case).

Try it out