# Get started As a Platform Merchant (Platform Business), you are required to register a "Seller Merchant" account for each of your sellers/users via our APIs. Key prerequisites: 1. We only accept **Japanese entities** (both Corporation and Sole Proprietorship) to register a Seller Merchant account. 2. Seller Merchant must have a **Japanese Bank Account** to receive payouts in JPY from KOMOJU. # 1) Create a Seller Merchant account Request [Merchant: Create](https://doc.komoju.com/reference/createmerchant) API to create a Seller Merchant account with `platform_role` set to `seller`. ```curl curl curl -X POST https://komoju.com/api/v1/merchants \ -u : \ -d name='New Seller Merchant 1' \ -d platform_role="seller" ``` | Request Attribute | Type | Description | | :---------------- | :------- | :------------------------------------------------------------------- | | `name` | string | Seller Merchant's name | | `platform_role` | dropdown | The role of sub-merchant account. Please specify it as `seller`here. | # 2. Query the seller merchant’s live\_application for required fields Request [ Live Application: Show](https://doc.komoju.com/reference/showliveapplication) API with seller merchant's `uuid` you received from the previous step. ```curl curl curl -X GET https://komoju.com/api/v1/live_application/{id}?locale=en \ -u platform_merchant_secret_key: ``` Response example ```json { "merchant_id": "5td723eoi9txn8sj545ww2mv1", "status": "incomplete", "payments_enabled": false, "payouts_enabled": false, "requested_fields": [ { "field_type": "phone_number", "field": "company_information.company_phone", "field_name": "Company Phone", "field_properties": { "minLength": 1, "pattern": "^([() \\-_+]*[0-9]){10}[() \\-_+0-9]*$" }, "optional": false }, ... ], "newly_requested_fields": [], "errored_fields": [] } ``` Within the `requested_fields` array, you’ll find the required information for Seller Merchant registration. If a field’s `optional` parameter is set to `false`, the Seller Merchant must provide the relevant information. If set to `true`, they can skip it if they don’t have the corresponding details. Following is the breakdown of each field property. ```json "field": "visa_mastercard_credit_card.access_restrictions", "field_name": "Implemented (to be implemented)", "field_description": "Restrict IP addresses accessible to administrators; if IP addresses cannot be restricted, set access restrictions such as basic authentication on the administrator screen.", "field_type": "checkbox", "field_properties": {} "optional": false ``` * `field` is the property name that should be used when submitting information for that field. * `field_name` is the localized name for the field that should be shown to the user. * `field_description` is a localized explanation of what the field is asking. * `field_type` is the type of component that should be displayed. * `field_properties` includes information about restrictions on the value of the field. * `optional` represents whether the field is required or not. **(1) field\_types** Different `field_types` are meant to help direct the types of form components shown to the user to help differentiate and format expected values. | Type | Description | | -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | string | A string | | dropdown | A dropdown of values. `field_properties['enum'] `will contain the translation ↔ value pairings | | radio | A radio selection. `field_properties['enum']` will contain the translation ↔ value pairings | | checkbox | A true/false checkbox field. | | url | a URL | | text | a text box intended for longer values (ex: descriptions) than `string` | | email | an email | | date | Datepicker that formats the date as “YYYY-MM-DD” | | integer | a non-negative integer field | | file\_upload | A field that allows multiple files to be uploaded. The file should be uploaded to the merchant file upload endpoint. The value of the field should then be a list of the `id`s of the files uploaded. | | single\_file\_upload | A field that allows one file to be uploaded. The file should be uploaded to the merchant file upload endpoint. The value of the field should then be the `id` of the file uploaded. | | terms\_of\_service | Should be represented as a checkbox, but will also have an extra `external_links` field property that links to the actual service agreement(s) | | multi\_select | A field that allows a list of selected options. `field_properties['items']['enum']` will contain the translation ↔ value pairings. | **(2) field\_properties** `field_properties` provide information on the properties of the field.

Property	Description	Example
enum	A dictionary of option ↔ value mapping. The option is localized based on `locale`	``` "enum": { "Sole Proprietor": "sole_proprietor", "Corporation": "corporation" } ```
minLength	minimum length of the string/text	`"minLength": 1`
minimum	minimum value for fields of `integer` field\_type	`"minimum": 0`
maximum	maximum value for fields of `integer` field\_type	`"maximum": 2147483647`
format	Follows the possible built-in formats as specified by [https://json-schema.org/understanding-json-schema/reference/string.html#built-in-formats](https://json-schema.org/understanding-json-schema/reference/string.html#built-in-formats)\ Currently only `date` or `email`	`"format": "email"`
pattern	Regex pattern for formatting values	`"pattern": "^([() \-_+]_[0-9]){10}\[() \-_+0-9]\_$"`
external\_links	a list of URLs linking to hosted service agreements	`"external_links": ["https://example.com"]`

# 3. Upload files for seller merchant Some `field_type`s (`single_file_upload`, `file_upload`) require that files be uploaded via our merchant file API first, then the UUID(s) submitted as the value for the live\_application. Request [File: Create](https://doc.komoju.com/reference/createfile) API to upload the files for Seller Merchant onboarding. We only accept jpg, png, and pdf formats. Besides, each file size should be smaller than 10MB. ```curl curl -X POST https://komoju.com/api/v1/merchants/{id}/files \ -u platform_merchant_secret_key: \ -F "paper=/path/to/file" ``` The response will look like: ```json { "id": "6ssx1zxovw3fgmdsdd1zuzr5u", "resource": "file", "filename": "blank.png", "size": 998, "mime_type": "image/png", "created_at": "2023-01-10T12:16:00.819+09:00", "updated_at": "2023-01-10T12:16:01.085+09:00" } ``` # 4. Submit fields Based on the `requested_fields` received in [step 2](https://doc.komoju.com/docs/seller-merchant-onboarding#2-query-the-seller-merchants-live_application-for-required-fields), information can now be submitted for the Seller Merchant via [ Live Application: Update](https://doc.komoju.com/reference/updateliveapplication) API. Here’s an example of submitting `company_information.company_name` ```bash curl -X PATCH https://komoju.com/api/v1/live_application/{id} \ -u platform_merchant_secret_key: \ -d "company_information.company_name=My Company" ``` If successful, the response will include any additional required fields based on what was just submitted. In the case of `company_name`, `newly_requested_fields` will be blank as no additional fields rely on the value `company_name`. **An example of`newly_requested_fields`** If you submit `sole_proprietor` as the `company_information.corporation_type` ```bash curl -X PATCH https://komoju.com/api/v1/live_application/{id} \ -u platform_merchant_secret_key: \ -d "company_information.corporation_type=sole_proprietor" ``` In the response, see that `newly_requested_fields` now includes `sole_proprietor_proofs`. ```json "newly_requested_fields": [ { "field": "company_information.sole_proprietor_proofs", "field_name": "Sole proprietor proofs", "field_type": "file_upload", "field_properties": {} } ] ``` `newly_requested_fields` are only shown upon `update` and return new fields that should be added to the form as a result of the last update to live\_application. **For fields that allow multiple values (`multi_select`, `file_upload` field\_types)** Submit an array of values. ```curl curl -X PATCH https://komoju.com/api/v1/live_application/{id} \ -u platform_merchant_secret_key: \ -d '{ "visa_mastercard_credit_card.countermeasures_during_card_registration": [ "access_restrictions_during_card_registration"] }' ``` # 5. Complete the Live Application The required information may vary based on the seller's type (e.g., corporation, sole proprietorship). Our API responses will guide you through the entire onboarding process, providing additional fields under the `requested_fields` and `newly_requested_fields` arrays as needed. The live application must be completed by filling out all fields until `requested_fields`, `newly_requested_fields`, and `errored_fields` are empty. At this stage, the status field of the application should be set to `pending`. The information required typically falls into five categories: ## (1) Acceptance of KOMOJU Service Agreements To provide Platform Model service to your sellers, KOMOJU must establish a direct contractual relationship with them. It requires each Seller Merchant to consent to **KOMOJU Merchant Services Terms of Use** and **Privacy Policy**. As the Platform Merchant, you are responsible for ensuring your sellers agree to these terms when registering via your interfaces. **Referencing KOMOJU's service agreement** At a minimum, you must provide your sellers with links to the correct terms and obtain their explicit consent when starting the onboarding process. Here’s the recommended process: 1. Request [ Live Application: Show](https://doc.komoju.com/reference/showliveapplication) API to retrieve the URLs of **KOMOJU Merchant Services Terms of Use** and **Privacy Policy** from `service_agreement.agreed_to_tos`field. 2. Display these terms to your sellers on your platform when they opt into the service. 3. Submit your seller's consent back to KOMOJU via `service_agreement.agreed_to_tos`field in [ Live Application: Update](https://doc.komoju.com/reference/updateliveapplication) API. Here’s an example of how to present our terms to your users via your interface.

## (2) Company information Below is a detailed list of the company-related information required for registration.

Field	Type	Optional	Description
company\_information.company\_country	dropdown	false	Country of company's entity. * Since only a Japanese entity is allowed to use our service at this moment, you must select `JP`.
company\_information.corporation\_type	radio	false	The type of company, either`corporation` or `sole_proprietor`
company\_information.company\_phone	phone\_number	false	Company's phone number
company\_information.share\_capital\_amount	integer	false	Company's share capital. * This field is required when the company type is `corporation`.
company\_information.share\_capital\_currency	dropdown	false	The currency of the company's share capital. * This field is required when the company type is `corporation`.
company\_information.registration\_number	string	false	The corporate number is a 13-digit unique identifier for every Japanese corporation. ([reference](https://www.houjin-bangou.nta.go.jp/en/setsumei/)) * This field is required when the company type is `corporation`.
company\_information.company\_name	string	false	Company's name
company\_information.company\_name\_kana	string	false	Company's Katakana name
company\_information.company\_name\_alphabet	string	false	Company's Alphabet name
company\_information.company\_postal\_code	string	false	Postal code of company's address
company\_information.company\_prefecture\_state	string	false	Prefecture of company's address
company\_information.company\_prefecture\_state\_kana	string	false	Prefecture of company's address in Katakana
company\_information.company\_city	string	false	City of company's address
company\_information.company\_city\_kana	string	false	City of company's address in Katakana
company\_information.company\_address	string	false	Company's address
company\_information.company\_address\_kana	string	false	Company's address in Katakana
company\_information.company\_url	url	true	The URL of the company's official site.
company\_information.industry\_description	text	false	Description of the industry that the company belongs to
company\_information.business\_description	text	false	Description of the company's business
company\_information.employee\_number	integer	false	Number of employees
company\_information.establishment\_date	date	false	The date of the company's establishment
company\_information.office\_name	string	false	Name of the company's Customer Support Department.\ (Please provide information that can be disclosed to Seller Merchant's customers.)
company\_information.contact\_email	email	false	Email to contact the company's Customer Support\ (Please provide information that can be disclosed to Seller Merchant's customers.)
company\_information.contact\_phone	phone\_number	false	Phone number to contact the company's Customer Support\ (Please provide information that can be disclosed to your user's customers.)
company\_information.sole\_proprietor\_proofs	file\_upload	false	Provide proof of registration of sole proprietorship. * This field is required when the company type is `sole_proprietor`.

## (3) Personal Information Below is the required information for the Representative Director and Applicant. For Corporations: * The Representative Director and Applicant can be the same person. * The Applicant must have the authority to make decisions on corporate contracts. For Sole Proprietorships: * The Representative Director and Applicant should be the same person, so you only have to complete the `representative_director` fields.

Field	Type	Optional	Description
representative\_director\_information.first\_name	string	false	Representative Director's first name
representative\_director\_information.first\_name\_kana	string	false	Representative Director's first name in Katakana
representative\_director\_information.last\_name	string	false	Representative Director's last name
representative\_director\_information.last\_name\_kana	string	false	Representative Director's last name in Katakana
representative\_director\_information.date\_of\_birth	date	false	Representative Director's date of birth
representative\_director\_information.gender	radio	false	Representative Director's gender
representative\_director\_information.country	dropdown	false	Country of Representative Director's residence address
representative\_director\_information.postal\_code	string	false	Postal code of Representative Director's residence address
representative\_director\_information.prefecture\_state	string	false	Prefecture of Representative Director's residence address
representative\_director\_information.prefecture\_state\_kana	string	false	Prefecture of Representative Director's residence address in Katakana
representative\_director\_information.city	string	false	City of Representative Director's residence address
representative\_director\_information.city\_kana	string	false	City of Representative Director's residence address in Katakana
representative\_director\_information.address	string	false	Address of Representative Director's residence address
representative\_director\_information.address\_kana	string	false	Address of Representative Director's residence address in Katakana
representative\_director\_information.address\_building\_name	string	true	The building name of Representative Director's residence address.
representative\_director\_information.address\_building\_name\_kana	string	true	The building name in Katakana of Representative Director's residence address.
representative\_director\_information.phone	string	false	Phone number of Representative Director
applicant\_information.country	dropdown	false	Country of Applicant's residence address * This field is required when the company type is `corporation`.
applicant\_information.first\_name	string	false	Applicant's first name * This field is required when the company type is `corporation`.
applicant\_information.first\_name\_kana	string	false	Applicant's first name in Katakana * This field is required when the company type is `corporation`.
applicant\_information.last\_name	string	false	Applicant's last name * This field is required when the company type is `corporation`.
applicant\_information.last\_name\_kana	string	false	Applicant's last name in Katakana * This field is required when the company type is `corporation`.
applicant\_information.gender	radio	false	Applicant's gender * This field is required when the company type is `corporation`.
applicant\_information.date\_of\_birth	date	false	Applicant's date of birth * This field is required when the company type is `corporation`.
applicant\_information.identity\_document\_type	dropdown	false	The copy of Applicant's identity document. 1. Passport 2. Driver's license 3. ID card 4. My Number Card- If the company is `sole_proprietor`, upload Representative Director's identity document.
applicant\_information.identity\_front	single\_file\_upload	false	Upload a picture or scan of the front side of the Applicant's identity document * If the company is `sole_proprietor`, upload Representative Director's identity document.
applicant\_information.identity\_back	single\_file\_upload	false	Upload a picture or scan of the back side of the Applicant's identity document * The back side is required if the doc type is either Driver's License or ID Card. * If the company is `sole_proprietor`, upload Representative Director's identity document.

## (4) Site Information Below is the required information related to your website. * The store address must match the one listed on the website that hosts the Specified Commercial Transactions Law URL.

Field	Type	Optional	Description
site\_information.site\_name	string	false	Site's name * Site Name should be consistent with the name of the actual store.
site\_information.site\_name\_kana	string	false	Site's Katakana name
site\_information.site\_name\_alphabet	string	false	Site's Alphabet name
site\_information.site\_url	string	false	Site's URL
site\_information.note	string	true	If making a payment on Seller Merchant's store requires any login information or other credentials, please supply them here.\ We may need to view the entire payment flow from the end-user perspective during screening.
site\_information.establishment\_date	date	false	The date of the site's establishment
site\_information.industry\_type	dropdown	false	The industry type of the site's services and products. * If you're unsure, please select `other_not_listed_category`.
site\_information.site\_annual\_sales	integer	false	Annual sales forecast of the store
site\_information.site\_annual\_sales\_currency	dropdown	false	The currency of annual sales forecast
site\_information.site\_average\_transactional\_value	integer	false	The average order value of the store
site\_information.site\_average\_transactional\_currency	dropdown	false	The currency of the average order value
site\_information.site\_minimum\_product\_pricing\_cents	integer	false	The minimum price of a product in the store
site\_information.site\_minimum\_product\_pricing\_currency	dropdown	false	The currency of the minimum price
site\_information.site\_maximum\_product\_pricing\_cents	integer	false	The maximum price of a product in the store
site\_information.site\_maximum\_product\_pricing\_currency	dropdown	false	The currency of the maximum price
site\_information.store\_country	dropdown	false	The country of the store address. * The store address should match the one listed on the website that hosts the Specified Commercial Transactions Law URL.
site\_information.store\_postal\_code	string	false	The postal code of the store address.
site\_information.store\_prefecture\_state	string	false	The state of the store address
site\_information.store\_prefecture\_state\_kana	string	false	The state of the store address in Katakana
site\_information.store\_city	string	false	The city of the store address
site\_information.store\_city\_kana	string	false	The city of the store address in Katakana
site\_information.store\_address	string	false	Store's address
site\_information.store\_address\_kana	string	false	Store's address in Katakana
site\_information.sctl\_url	url	false	This represents Specified Commercial Transactions Law URL. * Please place the Specified Commercial Transactions Law page in a location that can be accessed directly from the top page. * Note: A Specified Commercial Transaction Act page is required when operating an online shop in Japan. During the review process, we check if the page exists and confirm the contents of the page. Please refer to [this page](https://help.komoju.com/hc/en-us/articles/4747504515102) for the appropriate content for the page.
site\_information.sales\_permit\_required	radio	false	Does the seller's business require a sales permit to be able to sell the products described? (Secondhand Dealer License, Liquor Sales License, Cosmetics Manufacturing and Sales License, Pharmaceutical Sales License)
site\_information.sales\_permits	file\_upload	false	Upload the copies of Sales permits if the answer is `true` in `site_information.sales_permit_required`
site\_information.aup\_accepted	terms\_of\_service	false	Please ensure the seller has acknowledged and agreed with the [acceptable use policy](https://en.komoju.com/acceptable-use-policy/).

## (5) Bank Account information Below is the required bank account information. For Corporations: * You can only register a bank account under the same name as the corporation applying. For Sole Proprietorships: * You can only register a bank account under the name of the representative or the business name. Before proceeding, please read [this guide](https://help.komoju.com/hc/en-us/articles/4747456646174) to ensure the bank account information is entered correctly. > ❗️ Possible payout delay > > If the account holder name is incorrect, there may be a delay in receiving the payout. Please make sure to accurately enter the half-width kana name as it appears in your bank passbook.

Field	Type	Optional	Description
bank\_account\_information.transfer\_type	dropdown	false	Limited to Japanese bank accounts. Therefore, the option is limited to `domestic`.
bank\_account\_information.default\_frequency	dropdown	false	You can decide the frequency that KOMOJU pays out to your user, either `weekly` or `monthly`. * Learn more about payout frequency [here](https://help.komoju.com/hc/en-us/articles/4747518278302)
bank\_account\_information.zengin\_bank\_name	string	false	Bank's name
bank\_account\_information.zengin\_bank\_code	string	false	Bank's code
bank\_account\_information.zengin\_branch\_name	string	false	Bank branch's name
bank\_account\_information.zengin\_branch\_code	string	false	Bank branch's code
bank\_account\_information.zengin\_account\_type	dropdown	false	The bank account type, either `ordinary` or `checking`
bank\_account\_information.zengin\_account\_number	string	false	The bank account number. * Please refer to [this guide](https://help.komoju.com/hc/en-us/articles/4747456646174) before filling out. If the bank of your bank account is under ゆうちょ銀行, please also refer to [this guide](https://www.jp-bank.japanpost.jp/kojin/sokin/koza/kj_sk_kz_furikomi_ksk.html) to see how to convert 8-digit ゆうちょ銀行's account number to 7 digits.
bank\_account\_information.zengin\_account\_holder\_kana	string	false	Account holder's Katakana name. * If the account holder's name is incorrect, there may be a delay in receiving the payout. Please make sure to accurately enter the half-width kana name as it appears in your bank passbook.
bank\_account\_information.currency	dropdown	false	Limited to `JPY` option since we only support Japanese domestic bank accounts for payout.

# 6. Review submitted information Request [Live Application: Show](https://doc.komoju.com/reference/showliveapplication) again to review all submitted information. The `submitted_fields` array will display the information you’ve already provided. # 7. Set up webhook You can set up webhooks to subscribe to events and receive notifications when there are updates to the review status of a Seller Merchant's application. * Learn more about Webhook events for Platform Model [here](https://doc.komoju.com/docs/platform-model-webhooks) # 8. Specify Seller Merchant's Owned Payment Methods > 📘 Owned Payment Methods can only be selected from your Common Payment Methods > > Please note that only the payment methods listed in your Common Payment Methods are available for selection as Owned Payment Methods. For more details, refer to [here](https://doc.komoju.com/docs/platform-use-case#payment-methods-setup-and-processing-fee-rate-setup). You will need to apply for the payment methods your Seller Merchant intends to use. To view applicable payment methods to apply for, use the [Live Application: Payment Methods](https://doc.komoju.com/reference/listliveapplicationpaymentmethods) API which will return the following: ```bash curl -X GET https://komoju.com/api/v1/live_application/{id}/payment_methods \ -u platform_merchant_secret_key: \ ``` * `submitted_payment_methods`lists the payment methods Seller Merchant has already applied for. * `unsubmitted_payment_methods` lists the applicable payment methods Seller Merchant has not yet applied for. To apply for a specific payment method, request [Live Application: Update Payment Method](https://doc.komoju.com/reference/updateliveapplicationpaymentmethod) API. Below are the details when applying for each payment method: ## (1) VISA/MasterCard Payment methods: `visa_mastercard_credit_card` Available for `corporation` and`sole_proprietor` Note: 3D Secure 2.0 will be used for all credit card payments except some integration types. For more details, please see [this article (Japanese)](https://ja.komoju.com/blog/news/3d-secure/). To enable credit card payments for your Seller Merchant, you will have to provide additional information about their business. **1st stage questionnaire:**

Field	Type	Optional	Description
shared\_payment\_method\_data.has\_processed\_cc\_before	checkbox	false	* Question\: Has your user's business processed credit card transactions before? Option\*: 1. True 2. False
shared\_payment\_method\_data.processes\_card\_info	checkbox	false	* Question\: Does you user intend to save or process credit card details? Option\: 1. True 2. False Should select `False`here since you should process the card instead of your seller.
shared\_payment\_method\_data.conducts\_door\_to\_door\_sales	checkbox	false	* Question\: Does your user's company operate Door-to-Door sales? Option\*: 1. True 2. False
shared\_payment\_method\_data.conducts\_telemarketing	checkbox	false	* Question\: Does your company operate Telemarketing Sales? Option\*: 1. True 2. False
shared\_payment\_method\_data.conducts\_mlm\_scheme	checkbox	false	* Question\: Does your company operate Network Marketing? Option\*: 1. True 2. False
shared\_payment\_method\_data.conducts\_business\_opportunity\_scheme	checkbox	false	* Question\: Does your company operate Business Opportunity (Biz-Opp)? Option\*: 1. True 2. False
shared\_payment\_method\_data.provides\_specified\_continuous\_services	checkbox	false	* Question\: Does your company provide specified continuous services (aesthetic salon, beauty care, language class, tutoring, tutoring school, marriage introduction service, computer class)? Option\*: 1. True 2. False
shared\_payment\_method\_data.violated\_consumer\_contract\_act	checkbox	false	* Question\: Has your business violated the Consumer Contract Act (消費者契約法) and lost a lawsuit due to the violation(s) in the past 5 years? Option\*: 1. True 2. False
shared\_payment\_method\_data.violated\_commercial\_transaction\_act	checkbox	false	* Question\: Has your business violated the Specified Commercial Transaction Act (特定商取引法) in the past five years and lost a lawsuit due to the violation(s) in the past? Option\*: 1. True 2. False

**2nd stage questionnaire: Reporting on Security Measures** KOMOJU has been requested by the Ministry of Economy, Trade and Industry (METI), the Japan Credit Association (JCA), and other organizations to request that EC merchants planning to introduce new credit card payment systems declare the status of their security measures based on the "Security Checklist" developed by the Credit Transaction Security Measures Council.\ The "Security Checklist" is a list of basic security measures that the Credit Card Transaction Security Council has compiled as part of the security measures that merchants should implement in order to build and operate EC sites, and covers the basic security measures set forth in the "[Credit Card Security Guidelines (Version 4.0)](https://www.j-credit.or.jp/security/pdf/Creditcardsecurityguidelines_4.0_published.pdf)" published by METI. We request that merchants newly applying for credit card settlement services declare the security measures listed on the next page based on this checklist and agree to implement and maintain the security measures. We have received guidance that if you do not agree to follow the above guidelines, you should not enter into a contract with us. Thank you for your cooperation. If you are a merchant who plans to introduce KOMOJU credit card payment systems, please indicate your implementation status of the following security measures. If the system has not yet been established, please answer on the premise that the items for each key measure will be satisfied upon completion of the establishment of the system. Also, please answer on the premise that the measures will be maintained not only at the time of signing a new franchise agreement, but also continuously after the agreement is signed.\ In principle, all items must be checked for a contract to be concluded. However, since the status of installation of each security measure is dependent on the system environment of your company, please check with your internal system staff or contracted system developer before checking the status of each security measure. If your system is outsourced, please confirm the status of the outsourced system before responding to our inquiry. Topic 1: Measures against inadequate access restrictions on the administrator's screen and administrator ID/PW mismanagement

Field	Type	Optional	Description
visa\_mastercard\_credit\_card.access\_restrictions	checkbox	false	* Question\: Restrict IP addresses accessible to administrators; if IP addresses cannot be restricted, set access restrictions such as basic authentication on the administrator screen. Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known
visa\_mastercard\_credit\_card.mfa\_implementation	checkbox	false	* Question\: Adopt two-step or two-factor authentication to prevent unauthorized use of acquired accounts. Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known
visa\_mastercard\_credit\_card.account\_lock\_v2	checkbox	false	* Question\: In the login form of the administrator screen, enable the account lock function and lock the account after 10 or less failed login attempts (based on PCI DSS ver 4.0). Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known

Topic 2: Measures against inadequate settings due to exposure of data directories

Field	Type	Optional	Description
visa\_mastercard\_credit\_card.public\_directories	checkbox	false	* Question\: Do not place important files in public directories. (Make certain directories private. Place important files in directories other than public directories.) Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known
visa\_mastercard\_credit\_card.file\_extension\_restrictions	checkbox	false	* Question\: Configure settings such as restricting file extensions and files that can be uploaded by web servers and web applications. Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known

Topic 3: Periodic vulnerability assessments or penetration tests, and measures to address web application vulnerabilities.

Field	Type	Optional	Description
visa\_mastercard\_credit\_card.vulnerability\_assessments	checkbox	false	* Question\: Conduct periodic vulnerability assessments or penetration tests, and take necessary corrective actions. Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known
visa\_mastercard\_credit\_card.sql\_injection\_and\_xss\_v2	checkbox	false	* Question\: As measures against SQL injection vulnerabilities and cross-site scripting vulnerabilities, use the latest plug-ins (preferably those without such vulnerabilities) and upgrade software versions. Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known
visa\_mastercard\_credit\_card.source\_code\_review	checkbox	false	* Question\: If a web application is developed or customized, conduct a source code review to confirm that it has been securely coded. Check input values of input forms at the same time. Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known

Topic 4: Installation and operation of anti-virus software as measures against malware

Field	Type	Optional	Description
visa\_mastercard\_credit\_card.anti\_virus\_software	checkbox	false	* Question\: Install anti-virus software as measures against malware detection/removal, etc., and update signatures, perform periodic full scans, etc. Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known

Topic 5: Countermeasures against malicious validation and credit masters

Field	Type	Optional	Description
visa\_mastercard\_credit\_card.against\_validation\_hack	checkbox	false	* Question: One or more of the following measures are implemented against malicious validation and credit masters. * Restrict access from suspicious IP addresses * Restrict input from the same account and hide error content so that error content is not known in the event of an error * Identity verification, including EMV 3-D Secure and SMS notification * Take measures such as setting a limit on the number of validity checks. * Option\: 1. `true`= Implemented (\You do not need to take any additional measures if you have introduced 3D Secure via KOMOJU.)2. `false`= Not known

Topic 6: Countermeasures against unauthorized login

Field	Type	Optional	Description
visa\_mastercard\_credit\_card.have\_countermeasures\_against\_unauthorized\_login	checkbox	false	* Question\: Does your site have a user login function (i.e., register/maintain a credit card number and log in to use that card number)? Option\*: 1. `true`= Yes 2. `false`= No

Topic 7: If you answered `true` to the `visa_mastercard_credit_card.have_countermeasures_against_unauthorized_login`, please answer the following questions regarding the anti-fraud login measures implemented in your system. (According to the rules of the Japan Credit Association, one or more of the measures listed below must be implemented in each of the following situations: member registration, member login authentication, and user attribute information change.)

Field	Type	Optional	Description
visa\_mastercard\_credit\_card.countermeasures\_during\_card\_registration	multi\_select	false	* Question\: Please check if you have implemented effective measures to prevent fraudulent use at the time of member registration (credit card number registration). Option\*: 1. `access_restrictions_during_card_registration` 2. `mfa_implementation_during_card_registration` 3. `user_information_validation_during_card_registration` 4. `fraud_detection_system_during_card_registration`

* `access_restrictions_during_card_registration`: Restrict access from suspicious IP addresses * `mfa_implementation_during_card_registration`: Identification by two-factor authentication, etc. * `user_information_validation_during_card_registration`: Confirmation of personal information at the time of member registration * `fraud_detection_system_during_card_registration`: Fraud detection system (Fraud service)

Field	Type	Optional	Description
visa\_mastercard\_credit\_card.countermeasures\_during\_authentication	multi\_select	false	* Question\: Please check if you have implemented effective countermeasures against fraudulent logins during login authentication after member registration. Option\*: 1. `access_restrictions_during_authentication` 2. `mfa_implementation_during_authentication` 3. `login_attempt_restriction_during_authentication` 4. `login_notification_during_authentication` 5. `device_fingerprint_during_authentication`

* `access_restrictions_during_authentication`: Restrict access from suspicious IP addresses * `mfa_implementation_during_authentication`: Identification by two-factor authentication, etc. * `login_attempt_restriction_during_authentication`: Tighten limits on the number of login attempts (to address account password cracking) * `login_notification_during_authentication`: Email and SMS notifications upon login, throttling, etc. * `device_fingerprint_during_authentication`: Device fingerprints, etc.

Field	Type	Optional	Description
visa\_mastercard\_credit\_card.countermeasures\_during\_user\_data\_modification	multi\_select	false	* Question\: Please check if you have implemented effective measures to prevent fraudulent use when changing member attributes (name, address, email address, etc.) after login. Option\*: 1. `access_restrictions_during_user_data_modification` 2. `mfa_implementation_during_user_data_modification` 3. `fraud_detection_system_during_user_data_modification`

* `access_restrictions_during_user_data_modification`: Restrict access from suspicious IP addresses * `mfa_implementation_during_user_data_modification`: Identification by two-factor authentication, etc. * `fraud_detection_system_during_user_data_modification`: Fraud detection system (Fraud service) ## (2) JCB/AMEX/Diners (Japan) Payment methods: `jcb_amex_diners_credit_card` Available for `corporation` and`sole_proprietor` Note: 3D Secure 2.0 will be used for all credit card payments except some integration types. For more details, please see [this article (Japanese)](https://ja.komoju.com/blog/news/3d-secure/). To enable credit card payments for your Seller Merchant, you will have to provide additional information about their business. **1st stage questionnaire:**

Field	Type	Optional	Description
shared\_payment\_method\_data.has\_processed\_cc\_before	checkbox	false	* Question\: Has your user's business processed credit card transactions before? Option\*: 1. True 2. False
shared\_payment\_method\_data.processes\_card\_info	checkbox	false	* Question\: Does you user intend to save or process credit card details? Option\: 1. True 2. False Should select `False`here since you should process the card instead of your seller.
shared\_payment\_method\_data.conducts\_door\_to\_door\_sales	checkbox	false	* Question\: Does your user's company operate Door-to-Door sales? Option\*: 1. True 2. False
shared\_payment\_method\_data.conducts\_telemarketing	checkbox	false	* Question\: Does your company operate Telemarketing Sales? Option\*: 1. True 2. False
shared\_payment\_method\_data.conducts\_mlm\_scheme	checkbox	false	* Question\: Does your company operate Network Marketing? Option\*: 1. True 2. False
shared\_payment\_method\_data.conducts\_business\_opportunity\_scheme	checkbox	false	* Question\: Does your company operate Business Opportunity (Biz-Opp)? Option\*: 1. True 2. False
shared\_payment\_method\_data.provides\_specified\_continuous\_services	checkbox	false	* Question\: Does your company provide specified continuous services (aesthetic salon, beauty care, language class, tutoring, tutoring school, marriage introduction service, computer class)? Option\*: 1. True 2. False
shared\_payment\_method\_data.violated\_consumer\_contract\_act	checkbox	false	* Question\: Has your business violated the Consumer Contract Act (消費者契約法) and lost a lawsuit due to the violation(s) in the past 5 years? Option\*: 1. True 2. False
shared\_payment\_method\_data.violated\_commercial\_transaction\_act	checkbox	false	* Question\: Has your business violated the Specified Commercial Transaction Act (特定商取引法) in the past five years and lost a lawsuit due to the violation(s) in the past? Option\*: 1. True 2. False

Field	Type	Optional	Description
jcb\_amex\_diners\_credit\_card.access\_restrictions	checkbox	false	* Question\: Restrict IP addresses accessible to administrators; if IP addresses cannot be restricted, set access restrictions such as basic authentication on the administrator screen. Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known
jcb\_amex\_diners\_credit\_card.mfa\_implementation	checkbox	false	* Question\: Adopt two-step or two-factor authentication to prevent unauthorized use of acquired accounts. Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known
jcb\_amex\_diners\_credit\_card.account\_lock\_v2	checkbox	false	* Question\: In the login form of the administrator screen, enable the account lock function and lock the account after 10 or less failed login attempts (based on PCI DSS ver 4.0). Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known

Topic 2: Measures against inadequate settings due to exposure of data directories

Field	Type	Optional	Description
jcb\_amex\_diners\_credit\_card.public\_directories	checkbox	false	* Question\: Do not place important files in public directories. (Make certain directories private. Place important files in directories other than public directories.) Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known
jcb\_amex\_diners\_credit\_card.file\_extension\_restrictions	checkbox	false	* Question\: Configure settings such as restricting file extensions and files that can be uploaded by web servers and web applications. Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known

Topic 3: Periodic vulnerability assessments or penetration tests, and measures to address web application vulnerabilities.

Field	Type	Optional	Description
jcb\_amex\_diners\_credit\_card.vulnerability\_assessments	checkbox	false	* Question\: Conduct periodic vulnerability assessments or penetration tests, and take necessary corrective actions. Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known
jcb\_amex\_diners\_credit\_card.sql\_injection\_and\_xss\_v2	checkbox	false	* Question\: As measures against SQL injection vulnerabilities and cross-site scripting vulnerabilities, use the latest plug-ins (preferably those without such vulnerabilities) and upgrade software versions. Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known
jcb\_amex\_diners\_credit\_card.source\_code\_review	checkbox	false	* Question\: If a web application is developed or customized, conduct a source code review to confirm that it has been securely coded. Check input values of input forms at the same time. Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known

Topic 4: Installation and operation of anti-virus software as measures against malware

Field	Type	Optional	Description
jcb\_amex\_diners\_credit\_card.anti\_virus\_software	checkbox	false	* Question\: Install anti-virus software as measures against malware detection/removal, etc., and update signatures, perform periodic full scans, etc. Option\*: 1. `true`= Implemented (to be implemented) 2. `false`= Not known

Topic 5: Countermeasures against malicious validation and credit masters

Field	Type	Optional	Description
jcb\_amex\_diners\_credit\_card.against\_validation\_hack	checkbox	false	* Question: One or more of the following measures are implemented against malicious validation and credit masters. * Restrict access from suspicious IP addresses * Restrict input from the same account and hide error content so that error content is not known in the event of an error * Identity verification, including EMV 3-D Secure and SMS notification * Take measures such as setting a limit on the number of validity checks. * Option\:1. `true`= Implemented (\You do not need to take any additional measures, if your Platform Merchant may clear this item by introducing 3D Secure at KOMOJU.)2. `false`= Not known

Topic 6: Countermeasures against unauthorized login

Field	Type	Description
jcb\_amex\_diners\_credit\_card.have\_countermeasures\_against\_unauthorized\_login	checkbox	* Question\: Does your site have a user login function (i.e., register/maintain a credit card number and log in to use that card number)? Option\*: 1. `true`= Yes 2. `false`= No

Topic 7: If you answered `true` to the `jcb_amex_diners_credit_card.have_countermeasures_against_unauthorized_login`, please answer the following questions regarding the anti-fraud login measures implemented in your system. (According to the rules of the Japan Credit Association, one or more of the measures listed below must be implemented in each of the following situations: member registration, member login authentication, and user attribute information change.)

Field	Type	Optional	Description
jcb\_amex\_diners\_credit\_card.countermeasures\_during\_card\_registration	multi\_select	false	* Question\: Please check if you have implemented effective measures to prevent fraudulent use at the time of member registration (credit card number registration). Option\*: 1. `access_restrictions_during_card_registration` 2. `mfa_implementation_during_card_registration` 3. `user_information_validation_during_card_registration` 4. `fraud_detection_system_during_card_registration`

Field	Type	Optional	Description
jcb\_amex\_diners\_credit\_card.countermeasures\_during\_authentication	multi\_select	false	* Question\: Please check if you have implemented effective countermeasures against fraudulent logins during login authentication after member registration. Option\*: 1. `access_restrictions_during_authentication` 2. `mfa_implementation_during_authentication` 3. `login_attempt_restriction_during_authentication` 4. `login_notification_during_authentication` 5. `device_fingerprint_during_authentication`

Field	Type	Optional	Description
jcb\_amex\_diners\_credit\_card.countermeasures\_during\_user\_data\_modification	multi\_select	false	* Question\: Please check if you have implemented effective measures to prevent fraudulent use when changing member attributes (name, address, email address, etc.) after login. Option\*: 1. `access_restrictions_during_user_data_modification` 2. `mfa_implementation_during_user_data_modification` 3. `fraud_detection_system_during_user_data_modification`

Field	Type	Optional	Description
paypay.accepted\_paypay\_tos	terms\_of\_service	false	Seller Merchant has read and agreed with the following terms and conditions and privacy policy. and also agrees to be contacted by PayPay regarding sales promotions. 1. [PayPay加盟店規約](https://about.paypay.ne.jp/terms/?merchant-online) 2. [PayPay加盟店ガイドライン](https://about.paypay.ne.jp/terms/merchant-online/guideline/online/) 3. [自治体等およびふるさと納税ポータルサイト運営会社への加盟店情報連携の同意について](https://paypay.ne.jp/store/introduction/jichitai-cp-houkatsu/)

## (4) Merpay Payment methods: `merpay` Available for `corporation` only. The following information is required when applying for Merpay:

Field	Type	Optional	Description
merpay.accepted\_merpay\_tos	terms\_of\_service	false	Seller Merchant has read and agreed with the following terms and conditions and privacy policy. 1. [メルペイ加盟店規約](https://www.merpay.com/merchant/terms/) 2. [メルペイプライバシーポリシー](https://static.jp.mercari.com/privacy)
shared\_payment\_method\_data.privacy\_policy\_url	string	false	URL of your user's privacy policy

## (5) Bank Transfer Payment methods: `bank_transfer` Available for `corporation` and`sole_proprietor` No additional information is required when applying for Bank Transfer. ## (6) Pay-easy Payment methods: `pay_easy` Available for `corporation` and`sole_proprietor` No additional information is required when applying for Pay-easy. ## (7) Konbini Payment methods: `convenience_store` Available for `corporation` and`sole_proprietor` The following information is required when applying for Merpay: | Field | Type | Optional | Description | | :------------------------------------------------ | :------ | :------- | :---------------------------------------------------------- | | shared\_payment\_method\_data.open\_time | string | false | Opening time of Seller Merchant's customer service | | shared\_payment\_method\_data.close\_time | string | false | Closing time of Seller Merchant's customer service | | convenience\_store.expected\_number\_of\_payments | integer | false | Seller Merchant's expected number of transactions per month | ## (8) 7-Eleven Payment methods: `seven_eleven` Available for `corporation` only For 7-Eleven payment, there is a screening process to ensure that the site and operation are in line with the regulations set by 7-Eleven. To enable 7-Eleven payments, your site must meet all the following requirements. The expected review time is approximately one to two months after applying. During the review process, both 7-Eleven and the KOMOJU Support Team may contact your user individually for confirmation or suggestions. The following information is required when applying for 7-Eleven:

Field	Type	Optional	Description
shared\_payment\_method\_data.open\_time	string	false	Opening time of Seller Merchant's customer service
shared\_payment\_method\_data.close\_time	string	false	Closing time of Seller Merchant's customer service
seven\_eleven.no\_direct\_delivery\_from\_producer	checkbox	false	* Description\: 7-Eleven payment is not available for products that are shipped directly from the place of production or from the manufacturer. Products must be in your own warehouse or contracted warehouse for immediate delivery at the time of order. Checkbox\*: No products are shipped directly from the place of production or from the manufacturer
seven\_eleven.no\_ticket\_sales	checkbox	false	* Description\: Admission tickets, spectator tickets, and other "ticket sales" cannot be handled. Checkbox\*: No tickets are sold
seven\_eleven.correct\_flow\_for\_order\_items	checkbox	false	* Description\: If you have products that are on backorder or made-to-order, the flow must be such that orders are accepted only after the products have arrived at your store or warehouse. Checkbox\*: We follow the above flow
seven\_eleven.delivery\_within\_two\_months	checkbox	false	* Description\: Made-to-order products (custom-made) and pre-order products (pre-launch products) must be shipped within two months of ordering.\ In addition, the specific date of shipment or arrival must be clearly indicated on the website for each product. \[Recommended] Delivery on YYYY/MM/DD (specific date) \[Acceptable] Delivery in early YYYY/MM (specified in the form of early, mid, or late month) \[Not Acceptable] Delivery in YYYY/MM, after YYYY/MM, delivery from YYYY/MM, etc\\ Checkbox\*: Sales of made-to-order and pre-order products are made in accordance with the above regulations
seven\_eleven.all\_items\_are\_cheaper\_than\_konbini\_limit	checkbox	false	* Description\: If you have merchandise that requires more than 300,000 yen per transaction, your site must clearly indicate "Konbini Payment(s) cannot be used for payments over 300,000 yen"\ If you handle transactions exceeding 300,000 yen and the above information cannot be confirmed on your website, the screening process will take longer.\\ Checkbox\*: Our merchandise meets the above regulation
seven\_eleven.display\_sales\_permit\_number	checkbox	false	* Description\: If you have products that require a sales license, you must clearly state the license number on your website. Also, if you are dealing with cosmetics, health foods, or supplements, please make sure that the description and sales are in accordance with the Pharmaceutical Affairs Law ( [https://www.mhlw.go.jp/shingi/2006/05/dl/s0525-4e.pdf](https://www.mhlw.go.jp/shingi/2006/05/dl/s0525-4e.pdf) ). Checkbox\*: Acknowledged
seven\_eleven.order\_fee\_is\_displayed	checkbox	false	* Description\: Shipping costs must be clearly listed on the site in an easy to understand manner by region or by product size. They should also be available for review before adding items to the shopping cart. Checkbox\*: Users can check the shipping cost before adding items to the shopping cart
seven\_eleven.no\_international\_transaction	checkbox	false	* Description\: 7-Eleven payment can only be used within Japan. 7-Eleven payment cannot be used for overseas orders or shipments. We also cannot provide 7-Eleven payment for non-Japanese websites. Checkbox\*: We will not use 7-Eleven payment for international orders, international shipping, or non-Japanese websites
seven\_eleven.provided\_info\_matches\_sctl	checkbox	false	* Description\: The application information you submitted to KOMOJU and the content of the "Notation based on Act of Specified Commercial Transactions" page must match. Checkbox\*: There are no discrepancies between the information submitted to KOMOJU and the content of the "Notation based on Act of Specified Commercial Transactions" page
seven\_eleven.sctl\_page\_has\_phone\_number	checkbox	false	* Description\: You phone number must be displayed on the "Notation based on Act of Specified Commercial Transactions" page.The phone number must be a landline number, cell phone numbers are not acceptable. If your phone number is different than the one specified on the "Notation based on Act of Specified Commercial Transactions" page, please enter your new phone number in the "Notes" section at the bottom of the form. Checkbox\*: The phone number is displayed on the "Notation based on Act of Specified Commercial Transactions" page
seven\_eleven.product\_pages\_are\_public	checkbox	false	* Description\: Are the product pages ready and publicly accessible? Checkbox\*: Product pages are ready and publicly accessible
seven\_eleven.have\_sold\_as\_regular\_price	checkbox	false	* Description\: If the product or service you are selling is listed with a regular price and a discounted price, do you have a record of selling it at the regular price?\ Please make sure that you are not in violation of the Act against Unjustifiable Premiums and Misleading Representations. [https://www.caa.go.jp/policies/policy/representation/fair\_labeling/representation\_regulation/double\_price/](https://www.caa.go.jp/policies/policy/representation/fair_labeling/representation_regulation/double_price/)\\ Checkbox\*: We have a track record of selling our products at both regular and discounted prices/this regulation does not apply to our product or service
seven\_eleven.site\_is\_public	checkbox	false	* Description\: Is the site URL accessible? If login is required, please write "ID/PW for site viewing" and include the login information in the "Notes" section at the bottom of the form. Checkbox\*: Site is accessible
seven\_eleven.note	string	true	1. Share the login credential here if ID/PW is required to access your user's site. 2. If your phone number is different than the one specified on the "Notation based on Act of Specified Commercial Transactions" page, please enter your new phone number here.

# 9. (Test environment only) Simulate the Live application status Once you complete the merchant application and at least one Owned Payment Method application, you'll be able to simulate the result of KOMOJU's review. (1) Simulate Merchant Application status Request [Live Application: Simulate Status](https://doc.komoju.com/reference/simulateliveapplicationstatus) API to simulate whether the merchant application will be `accepted` or `declined`. (2) Simulate Owned Payment Method Application status Request [Live Application: Simulate Payment Method Status](https://doc.komoju.com/reference/simulateliveapplicationpaymentmethodstatus) API to simulate the status (`accepted` or `declined`) of an Owned Payment Method application.