For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Truework.comAPI StatusGet your API key
HomeGuidesAPI referenceHelp
HomeGuidesAPI referenceHelp
    • Introduction
  • Using the API
    • Authentication
    • Versioning
    • Webhooks
    • Sandbox environment
    • Monitoring
    • Limits
  • Verification orders & reports
    • POSTCreate a target employer order
    • POSTCreate an employer search order
    • POSTCreate a Truework Direct order
    • GETGet one order
    • GETGet all orders
    • PUTCancel an order
    • GETGet one report
    • GETGet order events
    • POSTReverify a report
  • Public beta APIs
  • Previous API versions
    • API version 2022-08-01
    • API version 2020-12-07
    • API version 2019-10-15
      • POSTCreate a Credentials Session
      • POSTCreate a Verification
      • GETGet All Verifications
      • GETGet One Verification
      • PUTReverify a Verification
      • PUTCancel a Verification
      • GETGet One Report
LogoLogo
Truework.comAPI StatusGet your API key
Previous API versionsAPI version 2019-10-15

Create a Credentials Session

Deprecated
POST
/credentials/session
POST
/credentials/session
$curl -X POST https://api.truework-sandbox.com/credentials/session \
>     -H "Authorization: Bearer <token>" \
>     -H "Content-Type: application/json" \
>     -d '{
>  "permissible_purpose": "child-support",
>  "target": {
>    "first_name": "Jane",
>    "last_name": "Doe",
>    "social_security_number": "000-00-0000"
>  },
>  "type": "employment-income",
>  "use_case": "mortgage"
>}'
1{
2  "id": "AAAAAAAAQnIAAYd5YHFVOm8PNX2ecFbEjqV__upOKUE8YE_IK2GwSQTP",
3  "token": "qvsEXEdbnGCSW3UmwbUuYZ_jlA73BLHvFy93Ocv8tPI"
4}
Creates a new Credentials Session and returns a JSON object representing the newly created Credentials Session.
Was this page helpful?
Previous

Create a Verification

Next
Built with

Authentication

AuthorizationBearer
Bearer tokens conform to the [RFC6750](https://datatracker.ietf.org/doc/html/rfc6750#section-2.1) spec. Production API keys (secret keys) are prefixed with `tw_sk_` and sandbox keys are prefixed with `tw_sk_test_`. If your secret key is published, you should rotate your API keys. Truework.JS publishable keys are prefixed with `tw_pk_` and `tw_pk_test` respectively. **Examples** - For Authorization Headers: `Authorization: Bearer tw_sk_test_e508eb797edb95ade85284bcb54dd49ed45db1be` - For the "try it now" `token` field, input only the token itself, omitting `Bearer `.

Headers

AcceptenumOptionalDefaults to application/json
Specify the content type and version that the API should use. It's recommended to include this to avoid breaking changes.
Allowed values:

Request

permissible_purposeenumRequired

A valid purpose is required for Truework to process the verification request. Throughout the API, this is signified by the permissible_purpose field.

VALUEDESCRIPTION
child-supportDetermine child support payments (available to verifiers that represent a state or local child support enforcement agencies)
credit-applicationThe target’s application for credit
employee-eligibilityEmployee’s eligibility for a benefit granted by a governmental agency required by law to consider the employee’s financial responsibility or status
employee-requestThe target has issued the verifier written instruction to obtain this information
employee-review-or-collectionPerforming a review or collection of the target’s account
employmentEmployment purposes where the target has given prior written consent
insurance-underwriting-applicationUnderwriting insurance in response to the target’s application
legitimate-reason-initiatedLegitimate business need for the information in connection with a business transaction initiated by the target
legitimate-reason-reviewLegitimate business need to review the target’s account to determine whether the employee continues to meet the terms of the account
risk-assessmentTo assess the credit or prepayment risks associated with an existing credit obligation of the target
subpoenaFor a court order or a federal grand jury subpoena
targetobjectRequired
typeenumRequired
Allowed values:
use_caseenumRequired

The verification request use case describes the type of product the verification request is originating from. If omitted, the verifier type in account settings will be used as a default

VALUEDESCRIPTION
mortgageVerification for a mortgage
home-equityVerification for home equity
backgroundVerification for a background check
tenantVerification for a rental property
governmentVerification for government/social services
autoVerification for auto lending
lendingVerification for personal loans or consumer lending
creditVerification for credit cards
identityVerification for identity or fraud
insuranceVerification for insurance
healthVerification for health services
offersVerification for offers
account-managementVerification for account management
preapprovalVerification for preapprovals
metadatamap from strings to strings or nullOptionalDefaults to {}

A single level key-value JSON object that can be used to store custom data on the verification request. Keys and values must be strings.

reseller_originating_partyobject or nullOptional

Required for reseller requests, should not be provided for non-reseller requests.

Response headers

Datestring
For JSON requests, the date at which the request was signed
X-Truework-Signaturestring
For JSON requests, the signature of the request, see: https://www.truework.com/docs/verifications-signatures

Response

A Credentials Session was successfully created.
idstring>=1 character
tokenstring>=1 character

Errors

400
Bad Request Error
401
Unauthorized Error
403
Forbidden Error
406
Not Acceptable Error
429
Too Many Requests Error
451
Unavailable for Legal Reasons Error
500
Internal Server Error
501
Not Implemented Error

Bearer tokens conform to the RFC6750 spec.

Production API keys (secret keys) are prefixed with tw_sk_ and sandbox keys are prefixed with tw_sk_test_. If your secret key is published, you should rotate your API keys.

Truework.JS publishable keys are prefixed with tw_pk_ and tw_pk_test respectively.

Examples

  • For Authorization Headers: Authorization: Bearer tw_sk_test_e508eb797edb95ade85284bcb54dd49ed45db1be
  • For the “try it now” token field, input only the token itself, omitting Bearer .

For JSON requests, the signature of the request, see: https://www.truework.com/docs/verifications-signatures