The 3rd Integration option is for customers who want to create their own UI, such as a website or mobile app, entirely using the CRS Consumer Credit API. User authentication is managed by the website or in the app.
Overview
The 3rd Integration option is for customers who want to create their own UI, such as a website or mobile app, entirely using the CRS Consumer Credit API. User authentication is managed by the website or in the app.
All custom screens created using the API require Equifax approval (see the compliance guide for approval guidelines). (Option 3 - API Integration for Custom Web or Mobile App)
With this option, you can create your own user experience for connecting your users to their credit data by leveraging the same eCredit Monitoring API that the widget is utilizing.
App Integration
Sign-up / Registration Terms of Use
Consumers must agree to CRS’s Terms of Use and Privacy Policy prior to the Identity processLinking to the Following Terms of Use and Privacy Policy is advised to maintain the latest verbiageBy clicking "Register” and creating an account you accept CRS’s Terms of Use and Privacy Policy. CRS does not maintain critical personal data, much less sell or otherwise disclose your personal information to anyone else. You may opt-out of email correspondence, except confirmation Emails, which often contain important information about your account.
- CRS Terms of Use https://app.termly.io/embed/terms-of-use/cd8446e8-9910-4a02-8f7c-36d9921a3bc7
- CRS Privacy Policy https://app.termly.io/embed/terms-of-use/958f774c-a642-41e7-9696-7ac060bdf44c
Login
Identity
Consumers must be notified and express specific consent to access third party data to verify identity
Required Identity Consent language:
You understand that by clicking “Continue”, you are explicitly agreeing to and providing “written instructions” to CRS under the Fair Credit Reporting Act to obtain your credit information from one or more of the three nationwide credit reporting agencies. Third-party sources, including your mobile carrier may be used to verify your identity. You authorize CRS to obtain such information for you to confirm your identity, and, for as long as you are a member of CRS, to provide you with your credit information. You may elect to terminate your account and this authorization at any time.
Identification (option 1): mobile
Mobile Identity Consent language:
Users must consent to receiving an SMS message for authentication – note that not all users will qualify to do mobile identification, roughly 60% do at the moment.
We will attempt to verify your identity by sending a text with a one-time code to your mobile phone number ending in xxxx.
Message and data rates may apply.
Identification (option 2): quiz
Users who don’t qualify or are unable to pass mobile verification must pass an identity quiz. Users will have at most 2 chances to pass a quiz, assuming enough questions can be generated. Users may re-enter and try to pass the identity quiz again, however two attempts (2 chances each) is the limit and will result in a 72-hr lockout.
Credit Score - Dashboard
The provider of the score is required – do not use a logo, you must have marketing approval from a bureau to use their logo. VantageScore® 3.0 using Equifax Data – must be present, just like that (VantageScore is one word and it’s a brand, ignore the mistake in this image). The date the score was pulled is required. The date the next score will be available is strongly encouraged, this is based on the weekly or monthly refresh you subscribe to VantageScore® 3.0 is known as an “educational score” and may differ from the FICO® Score used to determine credit availability – notice must be given
Credit Report
The provider of the report is required. The date the report was pulled is required.
Credit Monitoring
The provider of the alert is required. The date the alert is required.
Identity Restoration
This product content must be delivered as is.
Equifax® ID Restoration
Has your identity been compromised?
- A specialist will help you work through the process.
- Once your issues are resolved, we continue to monitor the situation for three months.
- Call today so that we may help you verify and begin resolving any discrepancies.
- Call 1-877-368-4940 today to get started
API Process Flow
Your custom application must perform the necessary exchange of information via the corresponding APIs. This diagram shows the API process flow.
B2C Communication & Token Flow
The diagram shows the communication exchange that must occur between the consumer, your servers (marked Customer Servers), CRS servers (marked CRS Tech Servers) and the Equifax Servers.
Compliance
Consumers must always know who they are dealing with. Content delivered to users must not be misleading in any way. Consumers must know where the data came from. Pages with consumer credit data must be compliant with all data presentation requirements and restrictions, no matter how small.
Login security must be present:
- Account lockout after 5 consecutive failed attempts
- Multi-step account recovery process
Customers may not access consumer data at any time. Saving data at any time is NOT PERMITTED under any circumstances.
Terms of Use and Privacy Policy are from and through CRS – there is no ability to white label this at this time.
Webhook Integration
Webhooks are available to notify you when an alert (or other notifications) comes in so that you can message users in whatever fashion you wish to return to your site.
Please refer to additional details on Webhook Integration.
Managing Users
The basic steps to create a new user and manage returning users, including data access:
- NEW USERS
- Direct API
- Customer Login
- Register New User: Be sure to save the userId when Registering a New User or you will not be able to generate a returning token for the user
- User API
- Preauth Token
- User Identity
- Phone Verify
- Send Mobile Code
- Verify Mobile Code
- Get EFX Config
- Equifax API
- OAUTH Token
- Credit Score Latest
- Credit Score History
- Credit Report List
- Credit Report Summary
- Credit Report (First in list)
- RETURNING USERS
- Direct API
- Customer Login
- New User Token
- User API
- Preauth Token - if (idpass=false), the next four calls would need to be made, otherwise skip to Get EFX Config if true)
- User Identity
- Phone Verify
- Send Mobile Code
- Verify Mobile Code
- Get EFX Config
- Equifax API
- OAUTH Token
- Credit Score Latest
- Credit Score History
- Credit Report List
- Credit Report Summary
- Credit Report (First in list)
- Direct API
The Consumer Credit - Getting Started - New User.postman_collection.json will walk you through these steps in order
When creating creating a new user:
Be sure to save the userId when Registering a New User or you will not be able to generate a returning token for the user. As a matter of security, we do not allow the listing of user IDs.
Once you create a user the identity information is hashed and used to verify if the same identity is being re-enrolled. If a matching hash is found it will skip the identification process. This is great in production, but may limit your ability to test. To get past this, just add a number to the USER_STREET_2 and increment it each time you register a new user and want to go through the full authentication process.
In the test environment it is important that you use the User Test Identity provided to you verbatim. You may change the email address and phone number ONLY.
Additional Notes:
- On Register New User - change the email to your email. You may add a +1, +2, etc to keep reusing the same email address (ex: test+1@test.com)
- On Register New User & User Identity - change the phone number to your mobile phone number or you won't receive the SMS messages.
- Using the Phone Verify, Send Mobile Code, Verify Mobile Code method, the code in the test system passes through, so you can just keep clicking the send on those functions, though you will receive the text as well.
- For the Get Identity Quiz and Verify Identity Quiz methods, you will need to find the correct answers and update the Verify Identity Quiz body accordingly to successfully authenticate using those methods.
- When registering a new user, be sure to save the userId or you will not be able to log that user in later. As a matter of security, we do not allow the listing of user IDs.
- REMEMBER - you MUST use the test user data EXACTLY as it is provided. Only the phone number and email should be changed.
Postman Collections
Access Credentials have been sent to you in a Postman Environment upon registration via email. The Postman Environment is pre-configured to allow you to use the scripts and walk through the Postman Scripts with minimal intervention to aid in understanding the API call structure.
Consumer Credit Postman Collections include pre-defined API calls to help you understand and develop your solution. See the Test API Postman Collection for additional documentation.
- The Consumer Credit - Test API.postman_collection.json includes some webhook tests to help you understand and develop your solution. See the Test API scripts for additional documentation.
- The Consumer Credit - Getting Started - New User.postman_collection.json will walk you through the Create New User steps in order
- The Consumer Credit - Getting Started - Returning User.postman_collection.json will walk you through the Returning User steps in order
- The Consumer Credit - User API.postman_collection.json provides all User-oriented APIs
- The Consumer Credit - Direct API.postman_collection.json will walk you through using the Direct API collection
- The Consumer Credit - EFX API.postman_collection.json has examples for all Equifax APIs