Skip to content
Last updated

🚀 Quick Start Guide

  1. Authentication: All API requests require authentication using API bearer token
  2. Sandbox Base URL: https://api.sandbox.congruitcredit.com
  3. Production Base URL: https://api.congruitcredit.com
  4. Rate Limits: 10 requests per second per IP address
  5. Response Format: All responses are in JSON format

Authentication

# Include the OAuth token in the Authorization header
curl -H "Authorization: Bearer BEARER_TOKEN" \
     https://api.congruitcredit.com/v1/[endpoint]

API Bearer Tokens

Each API call requires a short-lived bearer token in the authentication header. See the Authentication Guide for full details.

📚 Available APIs

In this documentation, we refer to two classes of API calls:

  • authentication calls which are always live and never mocked or tested
  • workhorse calls which return products and their attributes - these can be mocked or tested

Our Exchange APIs for the give-portion of our give-to-get programs. Use this endpoint to furnish consumer banking and loan details via api. We also support furnishing by csv files. Use the Evaluation endpoint to request credit and fraud reports for a consumer including the Exchange reports.

  • ACH transaction contributions
  • tradeline contributions

Our evaluation API for credit and fraud assessment:

  • Credit evaluation products, including Exchange products
  • Fraud detection and analysis products

Specialized API for authentication:

  • Bearer token generation and validation

📖 Documentation Structure

  • Getting Started: Basic setup
  • Authentication: Authentication using OAuth 2.0
  • API Reference: Complete endpoint documentation using OpenAPI

🔧 Development Tools

Interactive API Explorer

Try our APIs directly in your browser using the interactive documentation. Each endpoint includes:

  • Parameter validation
  • Request schemas
  • Response schema documentation

📞 Support

Getting Help

Rate Limits

Rate limits are evaluated over a rolling 5-minute window. This supports burst capacity that might exceed the average rate limit. For example, you have a burst in organic traffic that exceeds 10 requests per second but the burst only lasts for a minute before going back to a low baseline. The rate limit would be evaluated over a 5 minute period and you would not be throttled.

Requests/second
10

🔒 Security

Best Practices

  1. Never expose API credentials or tokens in client-side code
  2. Use HTTPS for all API requests
  3. Monitor usage for unusual activity

Permitted IPs

For enhanced security, you must add your specific IP addresses to our allowlist. See the Authentication Guide for details.


Ready to get started? Choose getting started from the navigation menu above to begin exploring our documentation.