Supergood | Experian API

Programmatically access Experian identity verification, credit header insights, device risk signals, and watchlist screening results with a stable REST API. Supergood builds and operates production-grade, unofficial Experian integrations so your AML/KYC team can automate onboarding, screening, and monitoring without heavy custom engineering.

Plain English: Experian is a global credit bureau and data/analytics provider used to verify identities, detect fraud, and assess consumer and business risk. An unofficial API lets you programmatically pull identity match results, credit header/file presence indicators, device and contact risk scores, and sanctions/PEP/adverse media screening outcomes—and push new verification requests, re-screening schedules, and status updates back into Experian.

For a tech company integrating with Experian, this means you can ingest real-time identity verification outcomes to power automated onboarding decisions, run sanctions/PEP screening during customer signup, evaluate phone/email/device risk to trigger step-up checks, and monitor subjects for ongoing compliance. You can also normalize Experian data into your case management, CRM, and analytics stack, orchestrate re-screening, and keep your compliance systems (KYC orchestration, analytics, ticketing) in lockstep.

What is Experian?

Experian (https://www.experian.com/) is a global information services company and one of the major consumer credit bureaus. Businesses rely on Experian’s identity & fraud solutions, credit services, decision analytics, and data enrichment to verify identities, manage onboarding risk, and comply with regulatory requirements.

Core product areas include:

• Identity & Fraud: PII-based identity verification, risk scoring, device intelligence, and step-up verification orchestration (e.g., via platforms like CrossCore)
• Credit Services: Consumer and business credit file data, header presence checks, and summary attributes used in risk assessment
• Screening & Monitoring: Sanctions, PEP, and adverse media screening (often via integrated data sources) and ongoing re-screening workflows
• Decisioning & Analytics: Rules, scores, and models that inform approve/decline/review outcomes

Common data entities:

• Subjects/Consumers (name, DOB, SSN/Tax ID, addresses, phones, emails)
• Businesses (legal name, tax identifiers, addresses, officers)
• Verification Sessions (inputs, results, risk scores, recommended actions)
• Watchlist Screenings (sanctions/PEP/adverse media matches and dispositions)
• Credit Headers & File Summaries (file presence, tradeline counts, inquiries, derogatories)
• Device & Contact Risk (device IDs, IPs, phones, emails, reputation/velocity signals)

The Experian Integration Challenge

AML/KYC teams depend on Experian for verification and risk intelligence, but turning portal-based checks into API-driven automation is non-trivial:

• Compliance gating: Permissible purpose, consent, and audit requirements must be respected end-to-end
• Identity nuance: Deterministic vs. fuzzy matching, thin-file subjects, and partial matches require careful normalization
• Orchestration complexity: Step-up checks and multi-signal workflows span identity, device, and watchlists across multiple views
• Authentication constraints: SSO/MFA and session lifecycles complicate headless automation
• Rate and usage controls: Throughput must align with licensing, entitlements, and usage agreements

How Supergood Creates Experian APIs

Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your Experian tenant.

• Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
• Maintains session continuity with automated refresh and change detection
• Normalizes responses so you can integrate once and rely on consistent objects across modules
• Aligns with customer entitlements, permissible purpose, and role permissions to ensure compliant access

Use Cases

AML/KYC Onboarding

• Verify identity using bureau data with match details and risk scores
• Screen against sanctions/PEP/adverse media and record dispositions
• Trigger step-up verification for higher-risk or partial matches

Continuous Screening & Monitoring

• Schedule re-screenings and receive watchlist updates
• Track address/name changes and significant credit header events
• Maintain compliance logs across your case management and CRM

Device & Contact Risk

• Assess device, IP, phone, and email reputation to detect synthetic identities or mule activity
• Drive frictionless approvals for low-risk signals and step-up flows for anomalies

Credit Header Presence & Thin-File Handling

• Detect file presence and thin-file indicators to route alternative verification paths
• Use summary attributes to inform approve/review/decline decisions

Available Endpoints

Authentication

POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/sessions \
  --header 'Authorization: Basic <Base64 encoded token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "username": "[email protected]",
    "password": "<password>",
    "mfa": { "type": "totp", "code": "123456" }
  }'

Example response

{
  "authToken": "eyJhbGciOi...",
  "expiresIn": 3600,
  "user": {
    "id": "u_exp_3d9f10",
    "name": "KYC Operations",
    "entitlements": ["identity_verification", "watchlist_screening", "credit_header", "device_risk"]
  }
}

POST /sessions/refresh: Refresh an existing token to keep sessions uninterrupted.

Identity Verifications

POST /identity-verifications: Submit a subject for identity verification using bureau data and return match details, risk score, and a recommended action.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/identity-verifications \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "referenceId": "onb-req-7812",
    "subject": {
      "firstName": "Ava",
      "lastName": "Lopez",
      "dob": "1992-07-14",
      "ssn": "1234",
      "address": {
        "line1": "611 Market St",
        "city": "San Francisco",
        "region": "CA",
        "postalCode": "94105",
        "country": "US"
      },
      "phone": "+14155551234",
      "email": "[email protected]"
    },
    "options": {
      "fuzzyMatching": true,
      "returnReasons": true
    }
  }'

Example response

{
  "verificationId": "iv_7fa1c3",
  "status": "matched",
  "riskScore": 12,
  "recommendedAction": "approve",
  "matchDetails": {
    "name": {"match": true, "confidence": 0.98},
    "dob": {"match": true, "confidence": 0.99},
    "ssn": {"match": true, "confidence": 0.95, "type": "last4"},
    "address": {"match": true, "confidence": 0.92}
  },
  "filePresence": {"exists": true, "thinFile": false},
  "reasons": ["All core PII matched", "No derogatory identity indicators"],
  "createdAt": "2026-01-21T10:03:11Z"
}

Watchlist Screenings

POST /watchlist-screenings: Screen a subject against sanctions, PEP, and adverse media lists. Returns candidate matches with sources and risk levels.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/watchlist-screenings \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "referenceId": "onb-req-7812",
    "subject": {
      "firstName": "Ava",
      "lastName": "Lopez",
      "dob": "1992-07-14",
      "addresses": [
        {"line1": "611 Market St", "city": "San Francisco", "region": "CA", "postalCode": "94105", "country": "US"}
      ]
    },
    "lists": ["sanctions", "pep", "adverse_media"],
    "fuzzyThreshold": 0.85,
    "includeSources": true
  }'

Example response

{
  "screeningId": "wl_3a7bd9",
  "status": "no_hits",
  "matches": [],
  "riskScore": 0,
  "recommendation": "clear",
  "executedAt": "2026-01-21T10:04:55Z"
}

Example response with matches

{
  "screeningId": "wl_3a7c10",
  "status": "review",
  "riskScore": 58,
  "recommendation": "manual_review",
  "matches": [
    {
      "listType": "sanctions",
      "source": "OFAC-SDN",
      "entityName": "Avah Lopez",
      "confidence": 0.86,
      "riskLevel": "medium",
      "fieldsMatched": ["lastName", "dob"],
      "profileUrl": "https://source.example/record/123",
      "lastUpdated": "2025-12-05"
    }
  ]
}

Credit Header Summary

GET /subjects/{subjectId}/credit-summary: Retrieve high-level credit header/file presence indicators and summary attributes to inform verification paths.

Query parameters

• includeAddresses: boolean
• includeTradelineSummary: boolean

Example response

{
  "subjectId": "subj_19f8a2",
  "fileExists": true,
  "thinFile": false,
  "tradelineCount": 7,
  "inquiriesLast12Months": 3,
  "derogatoryCount": 0,
  "totalBalance": 24850.12,
  "lastReported": "2025-12-28",
  "addressesOnFile": [
    {"line1": "611 Market St", "city": "San Francisco", "region": "CA", "postalCode": "94105", "country": "US", "firstSeen": "2022-08-01"}
  ]
}

Device & Contact Risk Assessments

POST /devices/risk-assessments: Evaluate device, IP, phone, and email signals for fraud risk. Useful for detecting synthetic identities and mule accounts.

curl --request POST \
  --url https://api.supergood.ai/integrations/<integration_id>/devices/risk-assessments \
  --header 'Authorization: Bearer <authToken>' \
  --header 'Content-Type: application/json' \
  --data '{
    "referenceId": "onb-req-7812",
    "signals": {
      "deviceId": "dvc_98af21",
      "ipAddress": "203.0.113.42",
      "phone": "+14155551234",
      "email": "[email protected]"
    },
    "options": {"returnReasons": true}
  }'

Example response

{
  "assessmentId": "dr_8c21ee",
  "deviceRiskScore": 22,
  "ip": {"reputation": "clean", "proxyDetected": false, "geo": {"country": "US", "region": "CA"}},
  "phone": {"valid": true, "reachable": true, "firstSeenDays": 420, "velocity": {"recentAccounts": 0}},
  "email": {"valid": true, "disposable": false, "firstSeenDays": 730},
  "locationMismatch": false,
  "recommendation": "approve",
  "reasons": ["No proxy", "Low device velocity", "Established phone/email"],
  "createdAt": "2026-01-21T10:06:41Z"
}

Get full API Specs →

Technical Specifications

• Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
• Response format: JSON with consistent resource schemas and pagination across modules
• Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
• Session management: Automatic reauth and cookie/session rotation with health checks
• Data freshness: Near real-time retrieval of identity verifications, watchlist screenings, credit headers, and device/contact risk
• Security: Encrypted transport, scoped tokens, and audit logging; respects Experian role-based permissions, permissible purpose, and consent
• Webhooks: Optional asynchronous delivery for long-running workflows (e.g., reviews, re-screening, step-up verification outcomes)

Performance Characteristics

• Latency: Sub-second responses for list/detail queries under normal load
• Throughput: Designed for high-volume onboarding and batch screening operations
• Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions
• Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates

Getting Started

1. Schedule Integration Assessment

Book a 30-minute session to confirm your modules, licensing, and authentication model.

2. Supergood Builds and Validates Your API

We deliver a hardened Experian adapter tailored to your workflows and entitlements.

3. Deploy with Monitoring

Go live with continuous monitoring and automatic adjustments as Experian evolves.

Schedule Integration Call →

Frequently Asked Questions

Q: Which Experian modules can this integration cover?

Supergood supports workflows across commonly used areas such as Identity Verification (PII matching, risk scores), Watchlist Screening (sanctions/PEP/adverse media via integrated sources), Credit Header/File Summaries, and Device & Contact Risk—subject to your licensing and entitlements. We scope coverage during integration assessment.

Q: How are MFA and SSO handled for automation?

We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled. Sessions are refreshed automatically with secure challenge handling.

Q: How do you address permissible purpose, consent, and audit requirements?

We align with your Experian agreements and internal policies. The adapter enforces permissible purpose flags, captures consent metadata when available, and provides audit trails of inputs, results, and decisions.

Q: Do you store PII? Can we hash inputs?

PII is encrypted in transit and at rest. We offer configuration to tokenize or hash selected inputs (e.g., SSN last4, email) where supported by upstream matching, while preserving necessary fields for verification.

Q: Can you run batch screenings and re-screening schedules?

Yes. We support bulk ingestion pipelines with rate-aware batching, idempotency, and webhooks for completion. Re-screening can be scheduled per subject with status updates delivered asynchronously.

Related Integrations

Intralinks API - Programmatically access the Intralinks VDR with Supergood

Ready to automate your Experian workflows?

Supergood can have your Experian integration live in days with no ongoing engineering maintenance.

Get Started →