# Upload employee compliance document

POST https://api.letsdeel.com/rest/v2/eor/workers/compliance-documents/{document_id}
Content-Type: multipart/form-data

Upload compliance document for an EOR employee.
 **Token scopes**: `worker:write`

Reference: https://developer.deel.com/api/eor-worker-endpoints/eor-worker-compliance/upload-eor-worker-compliance-document

## OpenAPI Specification

```yaml
openapi: 3.1.0
info:
  title: Deel HRIS SCIM API
  version: 1.0.0
paths:
  /eor/workers/compliance-documents/{document_id}:
    post:
      operationId: upload-eor-worker-compliance-document
      summary: Upload employee compliance document
      description: |-
        Upload compliance document for an EOR employee.
         **Token scopes**: `worker:write`
      tags:
        - subpackage_eorWorkerCompliance
      parameters:
        - name: document_id
          in: path
          description: Unique identifier for a compliance document in Deel.
          required: true
          schema:
            type: string
            format: uuid
        - name: Authorization
          in: header
          description: >
            ## Authentication

            The Deel API uses bearer tokens to authenticate requests. All API
            calls must be made over HTTPS — calls over plain HTTP or without
            authentication will fail.


            ```curl

            curl -X GET 'https://api.letsdeel.com/rest/v2/contracts' \
              -H 'Authorization: Bearer YOUR-TOKEN-HERE'
            ```


            [Learn more about authentication](/api/authentication)
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Successful operation.
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/eor-worker-compliance_uploadEORWorkerComplianceDocument_Response_200
        '400':
          description: >-
            Bad request. The file is missing or the document_id format is
            invalid.
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/UploadEmployeeComplianceDocument-v2026-01-01RequestBadRequestError
        '401':
          description: Authentication failed. Bearer token is missing, expired, or invalid.
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/UploadEmployeeComplianceDocument-v2026-01-01RequestUnauthorizedError
        '403':
          description: >-
            Forbidden. The worker does not have permission to upload to this
            compliance document, the document cannot be submitted in its current
            state, or the requirement is obsolete.
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/UploadEmployeeComplianceDocument-v2026-01-01RequestForbiddenError
        '404':
          description: The compliance document specified by document_id was not found.
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/UploadEmployeeComplianceDocument-v2026-01-01RequestNotFoundError
        '500':
          description: >-
            Internal server error. The file upload failed or an unexpected error
            occurred.
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/UploadEmployeeComplianceDocument-v2026-01-01RequestInternalServerError
      requestBody:
        description: The employee compliance document data to upload
        content:
          multipart/form-data:
            schema:
              type: object
              properties:
                file:
                  type: string
                  format: binary
                  description: >-
                    The employee compliance document to upload. Accepted
                    formats: PNG, JPG, JPEG, HEIC, PDF.
servers:
  - url: https://api.letsdeel.com/rest/v2
  - url: https://api-staging.letsdeel.com/rest/v2
components:
  schemas:
    EorWorkersComplianceDocumentsDocumentIdPostResponsesContentApplicationJsonSchemaData:
      type: object
      properties:
        success:
          type: boolean
          description: Indicates whether the file upload was successful.
      required:
        - success
      title: >-
        EorWorkersComplianceDocumentsDocumentIdPostResponsesContentApplicationJsonSchemaData
    eor-worker-compliance_uploadEORWorkerComplianceDocument_Response_200:
      type: object
      properties:
        data:
          $ref: >-
            #/components/schemas/EorWorkersComplianceDocumentsDocumentIdPostResponsesContentApplicationJsonSchemaData
      required:
        - data
      title: eor-worker-compliance_uploadEORWorkerComplianceDocument_Response_200
    EorWorkersComplianceDocumentsDocumentIdPostResponsesContentApplicationJsonSchemaErrorsItems:
      type: object
      properties:
        message:
          type: string
          description: Human-readable error message.
      required:
        - message
      title: >-
        EorWorkersComplianceDocumentsDocumentIdPostResponsesContentApplicationJsonSchemaErrorsItems
    UploadEmployeeComplianceDocument-v2026-01-01RequestBadRequestError:
      type: object
      properties:
        errors:
          type: array
          items:
            $ref: >-
              #/components/schemas/EorWorkersComplianceDocumentsDocumentIdPostResponsesContentApplicationJsonSchemaErrorsItems
      title: UploadEmployeeComplianceDocument-v2026-01-01RequestBadRequestError
    UploadEmployeeComplianceDocument-v2026-01-01RequestUnauthorizedError:
      type: object
      properties:
        errors:
          type: array
          items:
            $ref: >-
              #/components/schemas/EorWorkersComplianceDocumentsDocumentIdPostResponsesContentApplicationJsonSchemaErrorsItems
      title: UploadEmployeeComplianceDocument-v2026-01-01RequestUnauthorizedError
    UploadEmployeeComplianceDocument-v2026-01-01RequestForbiddenError:
      type: object
      properties:
        errors:
          type: array
          items:
            $ref: >-
              #/components/schemas/EorWorkersComplianceDocumentsDocumentIdPostResponsesContentApplicationJsonSchemaErrorsItems
      title: UploadEmployeeComplianceDocument-v2026-01-01RequestForbiddenError
    UploadEmployeeComplianceDocument-v2026-01-01RequestNotFoundError:
      type: object
      properties:
        errors:
          type: array
          items:
            $ref: >-
              #/components/schemas/EorWorkersComplianceDocumentsDocumentIdPostResponsesContentApplicationJsonSchemaErrorsItems
      title: UploadEmployeeComplianceDocument-v2026-01-01RequestNotFoundError
    UploadEmployeeComplianceDocument-v2026-01-01RequestInternalServerError:
      type: object
      properties:
        errors:
          type: array
          items:
            $ref: >-
              #/components/schemas/EorWorkersComplianceDocumentsDocumentIdPostResponsesContentApplicationJsonSchemaErrorsItems
      title: UploadEmployeeComplianceDocument-v2026-01-01RequestInternalServerError
  securitySchemes:
    deelToken:
      type: http
      scheme: bearer
      description: >
        ## Authentication

        The Deel API uses bearer tokens to authenticate requests. All API calls
        must be made over HTTPS — calls over plain HTTP or without
        authentication will fail.


        ```curl

        curl -X GET 'https://api.letsdeel.com/rest/v2/contracts' \
          -H 'Authorization: Bearer YOUR-TOKEN-HERE'
        ```


        [Learn more about authentication](/api/authentication)
    oauth2:
      type: http
      scheme: bearer
      description: >-
        Standard OAuth2 security scheme based on
        https://swagger.io/docs/specification/authentication/

```

## SDK Code Examples

```python
import requests

url = "https://api.letsdeel.com/rest/v2/eor/workers/compliance-documents/9b9fc43a-a90c-4615-ac50-baf1e314b53e"

payload = "-----011000010111000001101001--\r\n"
headers = {
    "Authorization": "Bearer <token>",
    "Content-Type": "multipart/form-data; boundary=---011000010111000001101001"
}

response = requests.post(url, data=payload, headers=headers)

print(response.json())
```

```javascript
const url = 'https://api.letsdeel.com/rest/v2/eor/workers/compliance-documents/9b9fc43a-a90c-4615-ac50-baf1e314b53e';
const form = new FormData();

const options = {method: 'POST', headers: {Authorization: 'Bearer <token>'}};

options.body = form;

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://api.letsdeel.com/rest/v2/eor/workers/compliance-documents/9b9fc43a-a90c-4615-ac50-baf1e314b53e"

	payload := strings.NewReader("-----011000010111000001101001--\r\n")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("Authorization", "Bearer <token>")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby
require 'uri'
require 'net/http'

url = URI("https://api.letsdeel.com/rest/v2/eor/workers/compliance-documents/9b9fc43a-a90c-4615-ac50-baf1e314b53e")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request.body = "-----011000010111000001101001--\r\n"

response = http.request(request)
puts response.read_body
```

```java
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.post("https://api.letsdeel.com/rest/v2/eor/workers/compliance-documents/9b9fc43a-a90c-4615-ac50-baf1e314b53e")
  .header("Authorization", "Bearer <token>")
  .body("-----011000010111000001101001--\r\n")
  .asString();
```

```php
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('POST', 'https://api.letsdeel.com/rest/v2/eor/workers/compliance-documents/9b9fc43a-a90c-4615-ac50-baf1e314b53e', [
  'headers' => [
    'Authorization' => 'Bearer <token>',
    'Content-Type' => 'multipart/form-data; boundary=---011000010111000001101001',
  ],
]);

echo $response->getBody();
```

```csharp
using RestSharp;

var client = new RestClient("https://api.letsdeel.com/rest/v2/eor/workers/compliance-documents/9b9fc43a-a90c-4615-ac50-baf1e314b53e");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "Bearer <token>");
request.AddHeader("Content-Type", "multipart/form-data; boundary=---011000010111000001101001");
request.AddParameter("undefined", "-----011000010111000001101001--\r\n", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```

```swift
import Foundation

let headers = ["Authorization": "Bearer <token>"]
let parameters = []

let boundary = "---011000010111000001101001"

var body = ""
var error: NSError? = nil
for param in parameters {
  let paramName = param["name"]!
  body += "--\(boundary)\r\n"
  body += "Content-Disposition:form-data; name=\"\(paramName)\""
  if let filename = param["fileName"] {
    let contentType = param["content-type"]!
    let fileContent = String(contentsOfFile: filename, encoding: String.Encoding.utf8)
    if (error != nil) {
      print(error as Any)
    }
    body += "; filename=\"\(filename)\"\r\n"
    body += "Content-Type: \(contentType)\r\n\r\n"
    body += fileContent
  } else if let paramValue = param["value"] {
    body += "\r\n\r\n\(paramValue)"
  }
}

let request = NSMutableURLRequest(url: NSURL(string: "https://api.letsdeel.com/rest/v2/eor/workers/compliance-documents/9b9fc43a-a90c-4615-ac50-baf1e314b53e")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```