- Authentication: All API requests require authentication using API bearer token
- Sandbox Base URL:
https://api.sandbox.congruitcredit.com - Production Base URL:
https://api.congruitcredit.com - Rate Limits: 10 requests per second per IP address
- Response Format: All responses are in JSON format
# Include the OAuth token in the Authorization header
curl -H "Authorization: Bearer BEARER_TOKEN" \
https://api.congruitcredit.com/v1/[endpoint]Each API call requires a short-lived bearer token in the authentication header. See the Authentication Guide for full details.
In this documentation, we refer to two classes of API calls:
- authentication calls which are always live and never mocked or tested
- workhorse calls which return products and their attributes - these can be mocked or tested
Our Exchange APIs for the give-portion of our give-to-get programs. Use this endpoint to furnish consumer banking and loan details via api. We also support furnishing by csv files. Use the Evaluation endpoint to request credit and fraud reports for a consumer including the Exchange reports.
- ACH transaction contributions
- tradeline contributions
Our evaluation API for credit and fraud assessment:
- Credit evaluation products, including Exchange products
- Fraud detection and analysis products
Specialized API for authentication:
- Bearer token generation and validation
- Getting Started: Basic setup
- Authentication: Authentication using OAuth 2.0
- API Reference: Complete endpoint documentation using OpenAPI
Try our APIs directly in your browser using the interactive documentation. Each endpoint includes:
- Parameter validation
- Request schemas
- Response schema documentation
- Documentation: This site contains comprehensive guides
- API Status: Check status.congruitcredit.com
- Technical Support: support@congruitcredit.com
Rate limits are evaluated over a rolling 5-minute window. This supports burst capacity that might exceed the average rate limit. For example, you have a burst in organic traffic that exceeds 10 requests per second but the burst only lasts for a minute before going back to a low baseline. The rate limit would be evaluated over a 5 minute period and you would not be throttled.
| Requests/second |
|---|
| 10 |
- Never expose API credentials or tokens in client-side code
- Use HTTPS for all API requests
- Monitor usage for unusual activity
For enhanced security, you must add your specific IP addresses to our allowlist. See the Authentication Guide for details.
Ready to get started? Choose getting started from the navigation menu above to begin exploring our documentation.