Supergood | TransUnion API
Programmatically access TransUnion identity data, sanctions/PEP watchlists, consumer credit files, and TruValidate-style device risk signals with a stable REST API. Supergood builds and operates production-grade, unofficial TransUnion integrations so AML/KYC teams can automate onboarding, fraud checks, and compliance without heavy custom engineering.
Plain English: TransUnion is one of the three major credit bureaus and an information services company that provides consumer credit data, identity verification, fraud and device intelligence, and compliance tools. An unofficial API lets you programmatically pull identity match results, watchlist hits (sanctions, PEP, adverse media), credit report summaries and tradelines, and device risk assessments—and push new checks, consents, and review outcomes back into TransUnion-aligned workflows.
For a tech company integrating with TransUnion, this means you can ingest real-time identity and credit data to power KYC onboarding, run automated AML screenings, score login/signup events for fraud, and keep your compliance systems up to date with consents, permissible purpose metadata, and audit logs. You could trigger enhanced due diligence when risk rises, enrich your platform with credit signals (e.g., recent inquiries, file freeze), and unify watchlist decisions and adverse action notices across CRM, case management, and analytics.
What is TransUnion?
TransUnion (https://www.transunion.com/) is a global information and insights provider best known as a consumer credit bureau. The company also delivers robust identity verification, fraud prevention, and compliance products—including device intelligence and risk scoring (TruValidate), watchlist screening, and investigative datasets—used by financial institutions, fintechs, marketplaces, and enterprises.
Core product areas include:
- Credit Data & Scoring (Consumer credit files, tradelines, inquiries, public records, VantageScore)
- Identity Verification & KYC (Identity matching, document/ID validation, address/phone/email corroboration)
- Fraud & Device Intelligence (Device reputation, velocity checks, IP risk, email/phone risk)
- AML/Compliance (Sanctions & PEP screening, adverse media, ongoing monitoring)
- Tenant & Employment Screening (Consumer reports and background checks for landlords and employers)
- Analytics & Decisioning (Risk scores, segmentation, and portfolio management)
Common data entities:
- Consumers and Businesses (identifiers, names, DOB, SSN/EIN, contact data)
- Credit Reports (tradelines, inquiries, public records, score summaries)
- Identity Verification Results (match quality, risk score, file freeze, recommended action)
- Watchlist Screenings (sanctions/PEP hits, adverse media matches, match scores)
- Fraud Signals (device assessments, IP risk, velocity, reputation)
- Consents & Permissible Purpose (FCRA/GLBA-compliant disclosures, timestamps, source)
The TransUnion Integration Challenge
Financial firms rely on TransUnion’s portals and partner integrations daily, but turning those flows into API-driven automation is non-trivial:
- Permissible purpose and consent: FCRA/GLBA restrictions, audit trails, and disclosure handling are mandatory
- PII stewardship: SSN, DOB, and identity artifacts require strict encryption, redaction, and access controls
- Product breadth: Identity, watchlists, credit files, and device risk live in separate modules with nuanced schemas
- Authentication complexity: SSO/MFA and rotating session tokens complicate headless automation
- Data timeliness: Credit file changes, watchlist updates, and fraud signals must be polled or pushed reliably
How Supergood Creates TransUnion APIs
Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your TransUnion tenant.
- Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
- Maintains session continuity with automated refresh and change detection
- Normalizes responses so you can integrate once and rely on consistent objects across modules
- Aligns with customer entitlements, permissible purpose, and role-based permissions to ensure compliant access
Use Cases
Identity & KYC Onboarding
- Submit identity details (name, DOB, SSN, address, phone, email) for verification
- Detect file freeze, thin files, and identity discrepancies before account opening
- Store consent metadata, run re-verifications, and escalate to manual review when needed
AML Screening & Ongoing Monitoring
- Screen individuals and businesses against sanctions lists (OFAC/UN/EU), PEPs, and adverse media
- Configure fuzzy matching thresholds and list sets per geography and product
- Track hits and decisions for audit, trigger periodic rescreening, and notify case management systems
Credit & Risk Insights
- Pull credit report summaries to enrich onboarding risk scoring where permissible
- Ingest tradelines, recent inquiries, public records, and scores for underwriting or fraud signals
- Detect anomalies (e.g., multiple recent inquiries, new derogatory tradelines) and initiate enhanced due diligence
Fraud & Device Intelligence
- Assess device reputation, velocity, IP risk, and geo anomalies during login and signup
- Combine device, email, and phone risk into composite fraud scores for step-up authentication
- Route high-risk events to manual review or additional verification flows
Available Endpoints
Authentication
POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.
curl --request POST \
--url https://api.supergood.ai/integrations/<integration_id>/sessions \
--header 'Authorization: Basic <Base64 encoded token>' \
--header 'Content-Type: application/json' \
--data '{
"username": "[email protected]",
"password": "<password>",
"mfa": { "type": "totp", "code": "123456" }
}'
Example response
{
"authToken": "eyJhbGciOi...",
"expiresIn": 3600,
"user": {
"id": "u_tu_729c10",
"name": "KYC Ops",
"entitlements": ["identity_verification", "watchlists", "credit_reports", "fraud_device"]
}
}
POST /sessions/refresh: Refresh an existing token to keep sessions uninterrupted.
Identity Verifications
POST /kyc/identity-verifications: Submit a KYC identity verification request with core PII and consent.
curl --request POST \
--url https://api.supergood.ai/integrations/<integration_id>/kyc/identity-verifications \
--header 'Authorization: Bearer <authToken>' \
--header 'Content-Type: application/json' \
--data '{
"subject": {
"firstName": "Ava",
"lastName": "Lopez",
"dob": "1990-07-14",
"nationalId": {"type": "SSN", "value": "123-45-6789"},
"address": {
"line1": "415 Pine St",
"city": "Austin",
"region": "TX",
"postalCode": "78701",
"country": "US"
},
"phone": "+15125551234",
"email": "[email protected]"
},
"verificationType": "enhanced",
"consent": {"obtainedAt": "2026-01-20T13:45:00Z", "method": "electronic"},
"referenceId": "onb-req-4812"
}'
Example response
{
"verificationId": "iv_90e412",
"status": "matched",
"riskScore": 12,
"fileFrozen": false,
"matchDetails": {
"name": "strong",
"dob": "strong",
"ssn": "strong",
"address": "moderate",
"phone": "moderate",
"email": "weak"
},
"recommendedAction": "approve",
"createdAt": "2026-01-21T10:03:11Z"
}
AML Watchlist Screenings
POST /aml/watchlist-screenings: Screen an individual or business against sanctions, PEP, and adverse media sources.
curl --request POST \
--url https://api.supergood.ai/integrations/<integration_id>/aml/watchlist-screenings \
--header 'Authorization: Bearer <authToken>' \
--header 'Content-Type: application/json' \
--data '{
"subjectType": "individual",
"name": {"first": "Ava", "last": "Lopez"},
"dob": "1990-07-14",
"identifiers": [{"type": "SSN", "value": "123-45-6789"}],
"listSets": ["OFAC", "UN", "EU", "PEP", "AdverseMedia"],
"fuzzyThreshold": 0.88,
"consent": {"obtainedAt": "2026-01-20T13:45:00Z", "method": "electronic"},
"referenceId": "aml-req-9221"
}'
Example response
{
"screeningId": "ws_51af80",
"status": "completed",
"hits": [],
"pep": false,
"adverseMediaHits": 0,
"recommendedAction": "approve",
"createdAt": "2026-01-21T11:20:44Z"
}
Credit Reports
POST /credit-reports: Request a consumer credit report summary where permissible and with consent.
curl --request POST \
--url https://api.supergood.ai/integrations/<integration_id>/credit-reports \
--header 'Authorization: Bearer <authToken>' \
--header 'Content-Type: application/json' \
--data '{
"permissiblePurpose": "credit_extension",
"consumerConsent": {"obtainedAt": "2026-01-20T13:45:00Z", "method": "electronic"},
"subject": {
"firstName": "Ava",
"lastName": "Lopez",
"dob": "1990-07-14",
"ssn": "123-45-6789",
"addresses": [
{"line1": "415 Pine St", "city": "Austin", "region": "TX", "postalCode": "78701", "country": "US"}
]
},
"reportType": "summary",
"referenceId": "credit-req-3007"
}'
Example response
{
"reportId": "cr_7c3d21",
"vantageScore": 708,
"fileFrozen": false,
"tradelines": [
{"creditorName": "ABC Bank", "accountType": "credit_card", "balance": 1200.55, "status": "current", "openedDate": "2019-05-10"},
{"creditorName": "Auto Finance Co", "accountType": "auto_loan", "balance": 9500.00, "status": "current", "openedDate": "2024-06-02"}
],
"inquiries": [
{"subscriber": "XYZ Lending", "date": "2025-12-15"}
],
"publicRecords": [],
"addressHistory": [
{"line1": "415 Pine St", "city": "Austin", "region": "TX", "postalCode": "78701", "country": "US"}
],
"createdAt": "2026-01-22T08:15:12Z"
}
Device Risk Assessments
POST /fraud/device-assessments: Evaluate device reputation and event risk using TruValidate-style signals.
curl --request POST \
--url https://api.supergood.ai/integrations/<integration_id>/fraud/device-assessments \
--header 'Authorization: Bearer <authToken>' \
--header 'Content-Type: application/json' \
--data '{
"eventType": "signup",
"device": {
"deviceId": "dev_5a2f9c",
"fingerprint": "fp_8e91dd",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)...",
"ip": "203.0.113.42",
"os": "macOS",
"browser": "Chrome"
},
"user": {"email": "[email protected]", "phone": "+15125551234", "accountId": "acct_1029"},
"velocityWindowDays": 90,
"referenceId": "fraud-evt-8829"
}'
Example response
{
"assessmentId": "da_08ab73",
"riskScore": 78,
"riskBand": "high",
"reasons": ["device_velocity_high", "ip_proxy_suspected", "email_age_low"],
"reputation": {"knownFraud": true, "firstSeenAt": "2025-11-03T09:21:00Z", "events": 42},
"recommendedAction": "step_up_auth",
"createdAt": "2026-01-22T09:40:02Z"
}
Technical Specifications
- Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
- Response format: JSON with consistent resource schemas and pagination across modules
- Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
- Session management: Automatic reauth and cookie/session rotation with health checks
- Data freshness: Near real-time retrieval of identity checks, watchlists, credit report summaries, and device risk assessments
- Security: Encrypted transport, scoped tokens, PII redaction, and audit logging; respects TransUnion permissible purpose and role-based permissions
- Webhooks: Optional asynchronous delivery for long-running workflows (e.g., sanctions hits, credit report availability)
Performance Characteristics
- Latency: Sub-second responses for list/detail queries under normal load
- Throughput: Designed for high-volume onboarding checks, watchlist screening, and device assessments
- Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions
- Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates
Getting Started
- Schedule Integration Assessment
Book a 30-minute session to confirm your modules, licensing, and authentication model.
- Supergood Builds and Validates Your API
We deliver a hardened TransUnion adapter tailored to your workflows and entitlements.
- Deploy with Monitoring
Go live with continuous monitoring and automatic adjustments as TransUnion evolves.
Frequently Asked Questions
Q: Which TransUnion modules can this integration cover?
Supergood supports workflows across commonly used modules such as Identity Verification (KYC), AML Watchlist Screening (sanctions/PEP/adverse media), Credit Reports (summary and tradelines), and Fraud/Device Intelligence (TruValidate-style signals), subject to your licensing and entitlements. We scope coverage during integration assessment.
Q: How are consent, permissible purpose, and compliance handled?
We capture and persist consent metadata, require explicit permissible purpose for credit pulls, and enforce access scoping consistent with FCRA/GLBA. Audit logs, redaction, and encryption are enabled by default.
Q: Can you run watchlist and KYC checks at scale?
Yes. We batch and parallelize requests with rate-aware throttling. We offer webhooks for hits and review outcomes, and normalize fuzzy matching thresholds and list sets per region.
Q: Do you support device insights similar to TruValidate?
Yes. We ingest device, IP, and behavioral telemetry to return risk scores, velocity, reputation, and reasons, enabling step-up authentication or manual review flows.
Q: How are MFA and SSO handled for automation?
We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled. Sessions are refreshed automatically with secure challenge handling.
Related Integrations
Experian API - Programmatically access Experian credit and identity data with Supergood
Equifax API - Programmatically access Equifax credit and risk data with Supergood
Trulioo API - Programmatically access Trulioo global identity verification with Supergood
Ready to automate your TransUnion workflows?
Supergood can have your TransUnion integration live in days with no ongoing engineering maintenance.
