The onboarding API takes a merchant from an email address to a fully verified account entirely through API calls: no dashboard required. It is a state machine: start with an email, verify it to receive an onboarding_session_token, then read GET /v1/onboarding/state and follow next_step through advance calls until you can issue your first external API key. The same flow handles verification document uploads when the processor requires them, and it works for both human-driven and agent-driven integrations.
Onboarding routes authenticate with the onboarding_session_token before key issuance. After that, the flow remains available with a normal API key for later compliance remediation: when new requirements come due, read state and advance again to resolve them.
The API and agent onboarding guide walks through the full state machine, including document handling and first-key issuance.
