# Getting Started Guide

This comprehensive guide will walk you through setting up and using our APIs from scratch.

## Prerequisites

Before you begin, make sure you have:

- A modern web browser
- Basic knowledge of HTTP requests
- Your preferred programming language and tools
- A text editor or IDE


Congruit Onboarding process
## Account Setup

When you are ready for onboarding, we will supply you with credentials to access our services.

## Making Your First Request

### Bearer Token Authentication

All API requests require a bearer token in the Authorization header:

```bash
curl -H "Authorization: Bearer BEARER_TOKEN" \
     https://api.congruitcredit.com/v1/tokens/health
```

See the [Authentication Guide](/guides/authentication) for full details.

### Response Format

`exchange` API for furnishing ACH records and tradelines have responses that follow this structure:

```json
{
  "report": {
    "transactionId": "string",
    "receivedAt": "2019-08-24T14:15:22Z",
    "results": { … }
  }
}
```

`evaluation` API credit/fraud inquiry responses follow this structure:

```json
{
  "report": {
    "transactionId": "string",
    "receivedAt": "2019-08-24T14:15:22Z",
    "results": { … },
    "errors": [ … ],
    "consumerAlerts": [ … ]
  }
}
```

## Versioning

Congruit uses versioned API paths so that new features can be made available without compromising existing services and support an orderly upgrade path. We will notify customers as new API versions become available.

## Common Error Codes

| Code | Meaning | Action |
|  --- | --- | --- |
| `400` | Bad Request | Check your request parameters |
| `401` | Unauthorized | Verify your bearer token |
| `403` | Forbidden | Check your permissions |
| `404` | Not Found | Verify the endpoint URL |
| `422` | Unprocessible | Check your request parameters |
| `429` | Rate Limited | Wait and retry |
| `500` | Server Error | Contact support |


## Security

- **Never commit API credentials** to version control
- **Use environment variables** for API credentials
- **Use HTTPS** for all requests
- **Validate all inputs** before sending


## Sandbox

You must develop your integration against our Sandbox URLs before being approved for Production credentials. Be aware that you will have a different sets of credentials for each environment.

We deploy the same service to both Sandbox and Production so the behavior you see will be exactly the same. However, there is no consumer production data in Sandbox. All consumer data in Sandbox is mocked.

Sandbox root URL: `https://api.sandbox.congruitcredit.com/`

Production root URL: `https://api.congruitcredit.com/`

### Testing

Workhorse API calls against Sandbox are evaluated against completely separate databases of resources than production. Aside from that, the Sandbox environment behaves exactly the same as Production and the same codebase is deployed in both.

To test your API calls in Sandbox, use these test details:

| Test Item | Description |
|  --- | --- |
| **required** |  |
| explanId | your Account Manager will set up your first Explan and share the ID with you. |
| phoneNumber | use any valid 10-digit phone number. Or use ours! `727 606 4841` This is a string field that will be parsed for validation, so dashes may be included. It just needs to be a valid number, not necessarily assigned to someone. |
| name | use any random name here - but not an obviously fake name (Mickey Mouse) as these will fail validation. |
| address | use any random real address or it will fail validation. Or use ours! `1703 N McMullen Booth Road, #207 Safety Harbor, FL 34695` |
| **optional** |  |
| ipAddress | any address in dot format |
| governmentId | currently the only ID supported is SSN - use a random but valid SSN |


🔒 It is important you **never** submit real consumer identities to our Sandbox. Not even your own. Always use random but valid data items to construct your consumer details.

### Data from External Providers

Congruit products sometimes include real time calls to external data providers. We do not call those providers in Sandbox. Instead any data in the response is mocked. For this reason, Sandbox performance is typically faster than Production for those products.

### Refresh

We refresh (wipe out) our Sandbox databases periodically. As you would expect in production, the submission of data items in one API will affect the the results of the next API call. You are submitting credit inquiries against the consumer identities you are creating and testing. In addition, other Congruit customers are also hitting Sandbox so the specifics of each result is never predictable in advance. However, the format and structure of the responses will always remain invarient unless you move to a new version of the API call.

## Next Steps

Now that you're set up, explore:

- **[our Products](/guides/products)**: what are they and what to expect
- **[Credit vs Fraud](/guides/credit-and-fraud)**: Explore the differences between FCRA and fraud products and how to use them
- **[Exchange API Reference](/openapi/exchange/swagger/)**: ACH transaction and tradeline furnishing endpoints
- **[Evaluation API Reference](/openapi/evaluation/swagger/)**: Credit evaluation and fraud detection
- **[Authentication API Reference](/openapi/tokens/swagger/)**: Token management


## Need Help?

- **Documentation**: Browse this site for detailed guides
- **Technical Support**: Email [support@congruitcredit.com](mailto:support@congruitcredit.com)
- **Status**: Check [status.congruitcredit.com](https://status.congruitcredit.com)