Become a partner
Acquiring banks, ISOs, payment facilitators, and gateways: tell us about your business below and we'll respond within one business day.
Try the live demo first
The portal at /portal ships with a demo API key built in — no signup needed. Walk through a full merchant SAQ in 10 minutes to see whether the flow fits your customer experience.
Apply for production access
Fill in the form below. After a 30-minute intro call and NDA/MSA execution, we mint your production cat_live_… API key. Fastest path is Concierge launch — live in under a week with zero code; a technical integration typically ships in 2–4 weeks.
What happens after you submit
Application form
Frequently asked
How long does the full onboarding take?
Fastest path: Concierge launch (bulk merchant import + branded invite emails) can be live in under a week with zero engineering — it's a CSV upload, not an integration. If you want a technical integration instead, most banks ship in 2–4 weeks; the longest part is your own legal review of our MSA/DPA. Once those are signed, technical integration is usually 3–5 engineering days for One-button launch (platform redirect) and about 2 weeks for a full Embedded (iframe) build.
Can we get sandbox access before signing anything?
Yes — instantly. The moment you submit this form we auto-provision a cat_test_… sandbox key and show it once on the confirmation page. It runs the same API and AI engine as production; sealed documents are watermarked TEST, nothing bills, and it's capped at 5 merchants. Your engineers can start integrating this afternoon while contracts and review run in parallel. The production cat_live_… key is issued at approval.
What does it cost?
You pay a flat fee per merchant assessment, billed monthly on a metered subscription. Reopens, edits, and API exploration within the same attestation year don't generate a new charge. An optional annual platform fee is available for partners who want a predictable base budget on top of usage. Pricing is negotiated per partner — high-volume partners settle in well below the standard rate. We'll send a signable Stripe Quote PDF before any billing turns on.
Do non-compliant outcomes still get billed?
Yes. The per-merchant fee covers performing the assessment, not the result. If a merchant's final SAQ comes back non-compliant, the fee still applies — the AI-driven flow ran, the AoC and SAQ documents were generated, and the gap analysis tells your client exactly what to remediate. That deliverable takes the same effort to produce as a clean attestation, and it's no less valuable.
How is merchant data isolated between partners?
Every API call is scoped to your partner ID via the X-API-Key header. You cannot read another partner's merchants, attempts, or audit logs even if you know their IDs. See the Authentication and Trust Center pages for the full architecture.
We're an MSP — how does this work for our business clients?
Every business that accepts cards needs an annual PCI SAQ. You sign up as a CAT partner, onboard each of your business clients as a merchant under your account, and run them through the SAQ flow once per year. We charge you a flat fee per completed merchant; you charge your clients whatever markup makes sense as part of your managed-services bundle. Full write-up at MSPs & resellers.
What integration surfaces do you support?
Four ways to launch, same compliance engine behind all of them: Concierge launch — live in under a week, zero code (technical name: bulk merchant invite — CSV import + branded email links); One-button launch — an afternoon (technical name: platform redirect / hand-off — we redirect back to your returnUrl with a status query string, SecureTrust / VikingCloud style); Embedded — about 2 weeks (technical name: iframe embed + REST API — build your own UI); and the AI-assistant add-on — an optional differentiator (technical name: MCP server — drop into a chatbot / AI agent). See Choose your integration for a decision tree.
Do you need PCI L1 attestation from us?
No — that's what we're solving for. As long as you're an acquiring bank, ISO, PayFac, or gateway in good standing with the card brands, you're eligible. Your merchants attest individually through our flow.
Can we white-label the merchant experience?
Yes. Every public surface accepts your branding — primary color, logo, support email, support URL. In iframe and platform-redirect flows the merchant sees your bank's identity throughout, with a small "powered by CAT" footer on the legal disclosures. We configure your branding during onboarding.