# API Documentation

img
## 🚀 Quick Start Guide

1. **Authentication**: All API requests require authentication using API bearer token
2. **Sandbox Base URL**: `https://api.sandbox.congruitcredit.com`
3. **Production Base URL**: `https://api.congruitcredit.com`
4. **Rate Limits**: 10 requests per second per IP address
5. **Response Format**: All responses are in JSON format


### Authentication


```bash
# Include the OAuth token in the Authorization header
curl -H "Authorization: Bearer BEARER_TOKEN" \
     https://api.congruitcredit.com/v1/[endpoint]
```

### API Bearer Tokens

Each API call requires a short-lived bearer token in the authentication header. See the [Authentication Guide](/guides/authentication) for full details.

## 📚 Available APIs

In this documentation, we refer to two classes of API calls:

- **authentication** calls which are always live and never mocked or tests
- **workhorse** calls which return products and their attributes - these can be mocked or tested


### [Exchange API](/openapi/exchange/swagger/)

Our ACH Exchange API for ACH Returns give-to-get program:

- ACH transaction submissions


### [Evaluation API](/openapi/evaluation/swagger/)

Our evaluation API for credit and fraud assessment:

- Credit evaluation products, including ACH reports
- Fraud detection and analysis


### [Authentication API](/openapi/tokens/swagger/)

Specialized API for authentication:

- Bearer token generation and validation


## 📖 Documentation Structure

- **Getting Started**: Basic setup
- **Authentication**: Authentication using OAuth 2.0
- **API Reference**: Complete endpoint documentation


## 🔧 Development Tools

### Interactive API Explorer

Try our APIs directly in your browser using the interactive documentation. Each endpoint includes:

- Parameter validation
- Request schemas
- Response schema documentation


## 📞 Support

### Getting Help

- **Documentation**: This site contains comprehensive guides
- **API Status**: Check [status.congruitcredit.com](https://status.congruitcredit.com)
- **Technical Support**: [support@congruitcredit.com](mailto:support@congruitcredit.com)


### Rate Limits

Rate limits are evaluated over a rolling 5-minute window. This supports burst capacity that might exceed the average rate limit. For example, you have a burst in organic traffic that exceeds 10 requests per second but the burst only lasts for a minute before going back to a low baseline. The rate limit would be evaluated over a 5 minute period and you would not be throttled.

| Requests/second |
|  --- |
| 10 |


## 🔒 Security

### Best Practices

1. **Never expose API credentials or tokens** in client-side code
2. **Use HTTPS** for all API requests
3. **Monitor usage** for unusual activity


### Permitted IPs

For enhanced security, you must add your specific IP addresses to our allowlist. See the [Authentication Guide](/guides/authentication) for details.

**Ready to get started?** Choose an API from the navigation menu above to begin exploring our documentation.