Equifax

Supergood | Equifax API

Alex Klarfeld

Alex Klarfeld

7 min read

Programmatically access Equifax identity data, credit files, employment/income verification, watchlist screening, and fraud signals with a stable REST API. Supergood builds and operates production-grade, unofficial Equifax integrations so AML/KYC teams can automate onboarding, screening, and ongoing monitoring without heavy custom engineering.

Plain English: Equifax is a global data, analytics, and technology company best known as one of the major U.S. credit bureaus. An unofficial API lets you programmatically verify identities (SSN, DOB, address), screen customers against sanctions/PEP/adverse media, pull consumer credit and risk attributes, and verify employment/income via Equifax-owned datasets—all with audit trails, consent capture, and policy controls.

For a tech company integrating with Equifax, this means you can ingest real-time identity and risk data to power compliant onboarding flows, push consent artifacts and permissible purpose metadata, trigger employment/income checks for affordability or regulatory requirements, and enrich your platform with credit attributes, fraud signals, and watchlist hits. You can automatically rescreen customers, update risk tiers, and synchronize results to downstream systems (e.g., case management, analytics, CRM, decisioning) in lockstep.

What is Equifax?

Equifax (https://developer.equifax.com/) is a global provider of consumer and commercial data, credit bureau services, identity verification, fraud prevention, and decisioning tools used by financial institutions, fintechs, lenders, insurers, and enterprises to assess risk, comply with regulations, and fight fraud. Teams use Equifax to verify identities, check sanctions/PEP lists, obtain credit reports and scores, access alternative data and attributes, and perform employment/income verification (e.g., The Work Number) with strict compliance and consent controls.

Core product areas include:

  • Identity & Fraud: InstantID/eID verification, knowledge-based authentication (KBA), device and digital identity risk (via Equifax’s Kount), email/phone/address verification
  • Credit & Risk: Consumer credit files, scores, risk attributes, tradelines, inquiries, public records
  • Employment & Income: Employment status and payroll-derived income verification (e.g., The Work Number)
  • Compliance & AML: Sanctions/PEP/adverse media screening, ongoing monitoring, audit trails
  • Decisioning & Data Services: Attributes, models, and decisioning workflows for onboarding and underwriting

Common data entities:

  • Consumers (PII: name, SSN, DOB, address, phone, email)
  • Identity Checks (verification outcomes, match confidence, KBA challenges)
  • Watchlist Screenings (sanctions, PEP, adverse media matches, scores)
  • Credit Reports & Scores (tradelines, inquiries, public records, risk scores)
  • Employment & Income Records (employer info, status, pay history)
  • Consents & Permissible Purpose (policy metadata, timestamps, artifacts)
  • Fraud Signals (device, velocity, behavioral risk indicators)

The Equifax Integration Challenge

Financial services and fintech companies rely on Equifax daily, but turning portal-based, regulated workflows into API-driven automation is non-trivial:

  • Regulatory constraints: FCRA/GLBA rules, permissible purpose, and consumer consent must be enforced and auditable
  • Multi-product entitlements: Identity, credit, income, and fraud modules vary by licensing and tenant configuration
  • Authentication complexity: SSO/MFA and KBA challenges complicate headless automation and session lifecycle stability
  • Matching & disambiguation: Fuzzy name matching, address normalization, and identifiers require careful handling
  • Data partitioning: Key objects span identity checks, watchlists, credit, and income with context across multiple views

How Supergood Creates Equifax APIs

Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your Equifax tenant.

  • Handles username/password, SSO/OAuth, MFA (SMS, email, TOTP), and KBA challenge workflows securely
  • Captures and persists consent artifacts and permissible purpose metadata to meet compliance requirements
  • Maintains session continuity with automated refresh and change detection across Equifax modules
  • Normalizes responses so you can integrate once and rely on consistent resource schemas (identity, credit, income, watchlists)
  • Aligns with customer entitlements and role-based permissions to ensure compliant, least-privilege access

Use Cases

Onboarding & Identity Verification

  • Verify SSN, DOB, address, phone, and email with confidence scores and remediation paths (KBA or doc review)
  • Persist consent and permissible purpose records for audits
  • Drive automated pass/fail decisions or route to manual review with clear reasons

Sanctions/PEP & Adverse Media Screening

  • Screen applicants and customers against global sanctions and PEP lists with tuned match thresholds
  • Rescreen periodically to catch list updates and changes
  • Push hits to case management and maintain full audit of decisions and overrides

Credit & Income Data Sync

  • Order credit files and risk attributes to support underwriting and fraud checks
  • Verify employment/income to meet regulatory or affordability requirements
  • Normalize data for downstream analytics, decisioning, and regulatory reporting

Fraud & Risk Signals

  • Ingest device and digital identity risk signals (e.g., via Kount) to flag high-risk events
  • Use velocity and identity trust metrics to trigger enhanced due diligence
  • Feed signals into your risk engine for adaptive friction and step-up verification

Available Endpoints

Authentication

POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/sessions \
  --header 'Authorization: Basic <Base64 encoded token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "[email protected]",
    "password": "<password>",
    "mfa": { "type": "totp", "code": "123456" }
  }'

Example response

{
  "authToken": "eyJhbGciOi...",
  "expiresIn": 3600,
  "user": {
    "id": "u_eqfx_41a79c",
    "name": "KYC Ops",
    "entitlements": ["identity_checks", "watchlists", "credit_reports", "income_verifications"]
  }
}

POST /sessions/refresh: Refresh an existing token to keep sessions uninterrupted.

Identity Verification Checks

POST /kyc/identity-checks: Create an identity verification request with PII, consent, and permissible purpose.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/kyc/identity-checks \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "consumer": {
      "firstName": "Ava",
      "lastName": "Williams",
      "ssn": "123-45-6789",
      "dateOfBirth": "1992-07-14",
      "address": {
        "line1": "410 Market St",
        "city": "San Francisco",
        "region": "CA",
        "postalCode": "94105",
        "country": "US"
      },
      "phone": "+14155550123",
      "email": "[email protected]"
    },
    "consent": {
      "method": "checkbox",
      "version": "v1.3",
      "timestamp": "2026-01-20T15:42:10Z",
      "ipAddress": "203.0.113.56"
    },
    "permissiblePurpose": "account_opening",
    "options": {
      "returnKba": true,
      "addressNormalization": true
    },
    "referenceId": "onboard-req-9812"
  }'

Example response

{
  "checkId": "idc_7e9132",
  "status": "completed",
  "identityConfidenceScore": 0.96,
  "matchedFields": {
    "ssn": "verified",
    "dateOfBirth": "matched",
    "address": {
      "quality": "high",
      "normalized": {
        "line1": "410 MARKET ST",
        "city": "SAN FRANCISCO",
        "region": "CA",
        "postalCode": "94105-1234"
      }
    },
    "phone": "associated",
    "email": "associated"
  },
  "kbaChallenge": null,
  "createdAt": "2026-01-20T15:42:11Z"
}

Watchlist Screenings

POST /watchlists/screenings: Screen a consumer against sanctions, PEP, and adverse media with configurable match thresholds.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/watchlists/screenings \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "subject": {
      "firstName": "Ava",
      "lastName": "Williams",
      "dateOfBirth": "1992-07-14"
    },
    "lists": ["OFAC", "EU", "UN", "HMT"],
    "programs": ["sanctions", "pep", "adverse_media"],
    "threshold": 0.85,
    "fuzzy": true,
    "permissiblePurpose": "aml_screening",
    "referenceId": "aml-case-5551"
  }'

Example response

{
  "screeningId": "wls_92af01",
  "status": "completed",
  "hits": [
    {
      "listName": "OFAC",
      "entityName": "Ava WILLIAMS",
      "score": 0.87,
      "identifiers": {"dob": "1992-07-14", "country": "US"},
      "type": "sanctions",
      "url": "https://example.gov/ofac/entry/12345"
    }
  ],
  "pep": [],
  "adverseMedia": [],
  "createdAt": "2026-01-20T15:43:02Z"
}

Income Verifications

POST /income/verifications: Verify employment and retrieve payroll-derived income history when permitted.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/income/verifications \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "consumer": {
      "firstName": "Ava",
      "lastName": "Williams",
      "ssn": "123-45-6789"
    },
    "consentToken": "cns_78b4dd",
    "permissiblePurpose": "income_verification",
    "dateRange": {"from": "2025-01-01", "to": "2026-01-01"},
    "referenceId": "affordability-req-2026"
  }'

Example response

{
  "verificationId": "inc_0f19d3",
  "status": "completed",
  "employment": [
    {
      "employer": {
        "name": "MarketCo Inc.",
        "ein": "12-3456789"
      },
      "position": "Analyst",
      "startDate": "2023-03-01",
      "endDate": null,
      "employmentStatus": "active"
    }
  ],
  "incomeSummary": {
    "averageMonthlyIncome": 6200.50,
    "currency": "USD"
  },
  "payHistory": [
    {"payDate": "2025-12-30", "gross": 3200.00, "net": 2450.00, "hours": 160},
    {"payDate": "2025-11-30", "gross": 3100.00, "net": 2380.00, "hours": 160}
  ],
  "createdAt": "2026-01-20T15:44:29Z"
}

Credit Reports

POST /credit-reports: Order a consumer credit file and optional risk score with proper permissible purpose.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/credit-reports \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "consumer": {
      "firstName": "Ava",
      "lastName": "Williams",
      "ssn": "123-45-6789",
      "dateOfBirth": "1992-07-14",
      "address": {
        "line1": "410 Market St",
        "city": "San Francisco",
        "region": "CA",
        "postalCode": "94105",
        "country": "US"
      }
    },
    "permissiblePurpose": "account_opening",
    "product": {"code": "equifax_credit_file", "includeScore": true},
    "pullType": "soft",
    "referenceId": "underwriting-req-7719"
  }'

Example response

{
  "reportId": "cr_4bd25f",
  "status": "completed",
  "score": {"model": "VantageScore", "version": "3.0", "value": 712},
  "tradelines": [
    {"type": "revolving", "creditor": "Bank A", "balance": 1200.00, "limit": 5000.00, "status": "current"}
  ],
  "inquiries": [
    {"date": "2025-11-05", "subscriberCode": "LND123", "type": "soft"}
  ],
  "publicRecords": [],
  "addresses": [
    {"line1": "410 Market St", "city": "San Francisco", "region": "CA", "postalCode": "94105"}
  ],
  "createdAt": "2026-01-20T15:45:10Z"
}

Get full API Specs →

Technical Specifications

  • Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials; handles KBA where required
  • Response format: JSON with consistent resource schemas, pagination, and normalized fields across identity, watchlists, credit, and income modules
  • Rate limits: Tuned for enterprise throughput while honoring licensing, entitlements, and usage controls
  • Session management: Automatic reauth, cookie/session rotation, and health checks across multi-product workflows
  • Data freshness: Near real-time retrieval of identity checks, screenings, credit files, and income records
  • Security & Compliance: Encrypted transport, scoped tokens, audit logging; respects Equifax role-based permissions, FCRA/GLBA constraints, and permissible purpose requirements
  • Webhooks: Optional asynchronous delivery for long-running workflows (e.g., screenings, KBA challenges, credit report completion)

Performance Characteristics

  • Latency: Sub-second responses for identity checks and screenings under normal load; credit/income orders complete in seconds with retries
  • Throughput: Designed for high-volume onboarding and periodic rescreening across large customer bases
  • Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions and ensure consistent outcomes
  • Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates

Getting Started

  1. Schedule Integration Assessment

Book a 30-minute session to confirm your modules, licensing, permissible purpose, and authentication model.

  1. Supergood Builds and Validates Your API

We deliver a hardened Equifax adapter tailored to your workflows, compliance requirements, and entitlements.

  1. Deploy with Monitoring

Go live with continuous monitoring and automatic adjustments as Equifax evolves.

Schedule Integration Call →

Frequently Asked Questions

Q: Which Equifax modules can this integration cover?

Supergood supports workflows across Identity Verification (SSN/DOB/address, KBA), Compliance Screening (sanctions/PEP/adverse media), Credit Reports & Attributes, and Employment/Income Verification (where licensed), subject to your tenant’s entitlements. We scope coverage during integration assessment.

We capture consent artifacts (method, version, timestamp, IP) and require a permissiblePurpose value per request. These are persisted in audit logs and can be exported or pushed to your case management system for compliance.

Q: Can you support KBA challenges or document-based remediation?

Yes. We surface KBA challenges from Equifax flows and can expose document upload and review steps via signed URLs. Outcomes and artifacts are available via webhooks and polling with checksum validation.

Q: Do you offer continuous rescreening for sanctions/PEP?

Yes. We can schedule periodic rescreens, emit deltas via webhooks, and manage case state transitions with idempotent updates while respecting rate and permission constraints.

Q: Can credit and income data be normalized to our underwriting schema?

We can map tradelines, inquiries, scores, employment records, and pay history into your internal schema and deliver updates via webhooks or polling. We commonly integrate with decisioning engines and data warehouses.

Kount API - Device and digital identity fraud signals by Equifax

Ready to automate your Equifax workflows?

Supergood can have your Equifax integration live in days with no ongoing engineering maintenance.

Get Started →

Read more