Credit Report API Flow

Accessing data through our Array API follows the same flow regardless of origin. You can use this flow when using our API through your server as well as directly from a mobile device. Hybrid approaches are also possible depending on your specific use case. Please feel free to contact our team with any integration questions you might have and we’ll be happy to lend a hand.

1. Create User

The first step is creating the user in our Array system.

## User - Add
curl -X "POST" "" \
     -H 'Content-Type: application/json; charset=utf-8' \
     -d $'{
  "appKey": "3F03D20E-5311-43D8-8A76-E4B5D77793BD",
  "firstName": "Thomas",
  "lastName": "Friedman",
  "ssn": "666234390",
  "dob": "1975-01-01",
  "address": {
    "state": "CO",
    "street": "535 30 RD A",
    "city": "Grand Junction",
    "zip": "81504"

You’ll also have the option to define your own personalized client key by entering it as an additional parameter. As a reminder, you’ll see a conflict error if this specific client key is already in use.

2. Retrieve Questions

The second step is to retrieve authentication for the user from the necessary providers. You’ll need approval from at least one provider in order to proceed. The second and third providers then serve as backup options for situations where questions can’t be found, users answer questions incorrectly, etc. We suggest you make sure to use multiple providers and explicitly state which are enabled and in what order. As a reminder, the Array API applies the same process to each provider.

## Authenticate - Get KBA Questions
curl "{clientKey}&provider1=tui&provider2=exp&provider3=efx" \
     -H 'Content-Type: application/json; charset=utf-8'

At this point, you should receive an Authentication Token notifying you that the authentication is underway. You can use this for any future authentication requests for this user in this session.

3. Submit Answers

The third step is to submit the user-provided responses in order for us to pass them along to the authentication provider. Afterwards you’ll either be notified that the authentication was successful (upon which you’ll receive a user token), or that the authentication failed/more questions are necessary.

As a reminder, each question has a unique identifier and array of possible answers. Each answer also has a unique identifier. The submitted answers should create a JSON object with property names representing each question identifier and values representing the correct answer identifier:

## KBA - Provide Answers
curl -X "POST" "" \
     -H 'Content-Type: application/json; charset=utf-8' \
     -d $'{
  "appKey": "3F03D20E-5311-43D8-8A76-E4B5D77793BD",
  "answers": {
    "{questionId}": "{answerId}",
    "{questionId}": "{answerId}",
    "{questionId}": "{answerId}"
  "clientKey": "{clientKey}",
  "authToken": "{authToken}"

When you receive a user token for a successful authentication, you should store it in a secure location on the user’s device or in your database so it can be accessed easily for later use. This allows users to order products and services from Array directly without the need for backend programming.

This token is similar to the client token you were issued when you signed up for Array. However, the user token is linked only to the person it is issued to and can also be used to order products and services, so it should be protected as personal information.

4. Order Credit Report

The fourth step is to order a credit report by entering the unique product code into the endpoint. All Array products offer this ability. Since the endpoint is already authenticated, you’ll be able to enter the client token (if going through your server) or the user token (if going through the user’s device/through the Array web or mobile component )

## Report - Order
curl -X "POST" "" \
     -H 'x-credmo-user-token: {userToken}' \
     -H 'Content-Type: application/json; charset=utf-8' \
     -d $'{
  "clientKey": "{clientKey}",
  "productCode": "{productCode}"

This example above demonstrates a direct order from the user’s device through the user token. If you were using this API endpoint through your server you’d use the x-credmo-client-token header in your request. You’ll only need to provide one or the other and your client token should never be placed in your website or mobile application source code.

5. Retrieve Credit Report

After ordering a credit report you’ll receive a reportKey and displayToken. They’re both designed to work from any device but once they’ve been used on a specific device through a specific network they cannot be used again elsewhere.

The order and retrieval processes are designed to fully support ordering products from your backend server and retrieving data directly through the user’s device. This is our recommended best practice for both compliance and data security reasons.

## Report - Retrieve
curl "{reportKey}&displayToken={displayToken}" \
     -H 'Content-Type: application/json'

We have several formats available that you can find in our documentation, including JSON, XML, and PDF. The data formats such as JSON/XML are standardized across all credit report products so you only have to parse once to analyze the data you need.

  • JSON: application/json
  • JSONP: application/javascript
  • XML: application/xml
  • XMLP: application/xmlp
  • RAW: application/raw
  • RAWP: application/rawp
  • TUI 3B JSON: application/json-tucreportv6
  • TUI 3B JSONP: application/javascript-tucreportv6
  • PDF: application/pdf
  • HTML: text/html

The End

The Team at Array has designed this integration to be quick and easy for clients and we’re excited to see what you’ll do with all of your options. Please reach out to our team any time with questions about product, process, or anything in between. We're always happy to help.