curl --request POST \
  --url https://api-prod.blaaiz.com/api/external/customer/{customer}/owner/{owner}/files \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "id_document_front": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "id_document_back": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
}
'

{
  "message": "Owner files uploaded successfully",
  "data": {
    "id": "019a6e22-8b4c-7c8d-9d12-c0c1ab3f1a90",
    "first_name": "Jane",
    "last_name": "Doe",
    "id_document_path": "business-data/api-services/customer/.../owner/.../id_document_front_...",
    "id_document_back_path": null,
    "status": "PENDING",
    "admin_comments": null
  }
}

Owners (business customers)

Register owner ID files

Register one or both of the owner’s ID document slots (id_document_front, id_document_back). Each file_id must come from a fresh POST /api/external/customer/{customer}/owner/{owner}/file/presigned-url call. Send only the slots you want to set or replace.

Lock guards.

The parent customer must be in PENDING or REJECTED. Calls against a PROCESSING or VERIFIED customer return 400.
The owner itself must be in PENDING or REJECTED. Calls against an APPROVED or PROCESSING owner return 400.
Replacing a file on a previously REJECTED owner automatically resets that owner’s status to PENDING and clears its admin_comments — the corrected record is re-routed through review on the next /submit.

File checks. The server verifies S3 existence, file size (max 25 MB), and MIME type (PDF, JPEG, or PNG) before persisting.

Slot vs. type consistency is enforced at /submit time, not on this call. The eventual rule is:

passport → id_document_front only; id_document_back must be absent.
drivers_license, id_card, resident_permit → both id_document_front and id_document_back are required.

If you change the owner’s id_document_type later, make sure the slot set still matches — otherwise /submit will reject the customer.

All uploaded documents must be clear, legible, and authentic. Blurry, cropped, obscured, or otherwise unclear images will be rejected. Fraudulent or falsified documents will not be tolerated — repeated attempts to submit false or invalid documents will result in the customer being permanently blacklisted from the platform. There are no exceptions or compromises.

Required scope: customer:write.

POST

api

external

customer

{customer}

owner

{owner}

files

curl --request POST \
  --url https://api-prod.blaaiz.com/api/external/customer/{customer}/owner/{owner}/files \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "id_document_front": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "id_document_back": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
}
'

{
  "message": "Owner files uploaded successfully",
  "data": {
    "id": "019a6e22-8b4c-7c8d-9d12-c0c1ab3f1a90",
    "first_name": "Jane",
    "last_name": "Doe",
    "id_document_path": "business-data/api-services/customer/.../owner/.../id_document_front_...",
    "id_document_back_path": null,
    "status": "PENDING",
    "admin_comments": null
  }
}

Authorizations

Authorization

string

header

required

The access token received from the authorization server in the OAuth 2.0 flow.

Path Parameters

customer

string<uuid>

required

owner

string<uuid>

required

Body

application/json

id_document_front

string<uuid>

file_id returned by the presigned-URL call for the front slot.

id_document_back

string<uuid>

file_id for the back slot. Optional — depends on the ID document type.

Response

Files registered.

Get an owner ID-file upload URL Delete a customer owner

⌘I