API Overview
- Auth API
- Underwriting API
- Portal
- Prospect Adobe
- Prospect Document
- Prospect Dropbox Files
- Prospect Entities
- Prospect Extras
- Prospect Generate PDF
- Prospect Integration
- Prospect Logs
- Prospect Messages
- Prospect Ofac Search
- Prospect Plaid Email
- Prospect Resellers
- Prospects
- Prospect Scores
- Prospect Scores Average Bank Balance
- Prospect Scores Business Types
- Prospect Scores Equifax Owner Credit
- Prospect Scores Tax Id
- Prospects Scores Average Bank Balances Plaid Transaction
- Prospect Status
- Process API
- Main API
- API Onboarding Tutorial
- Verify API
Underwriting API
iCG Underwriting API allows to submit merchant applications programmatically
You can perform the following activities using Underwriting API.
- Submission of documents
- Verification of documents by the iCG technical team
- Onboard merchant
You can able to access the endpoints of the following operations in Underwriting API. - Portal
- Prospect Adobe
- Prospect Document
- Prospect Dropbox Files
- Prospect Entities
- Prospect Extras
- Prospect Generate PDF
- Prospect Integration
- Prospect Logs
- Prospect Messages
- Prospect Ofac Search
- Prospect Plaid Email
- Prospect Resellers
- Prospects
- Prospect Scores
- prospect Scores Average Bank Balance
- Prospect Scores Business Types
- Prospect Scores Equifax Owner Credit
- Prospect Scores Tax Id
- Prospects Scores Average Bank Balances Plaid Transaction
- Prospect Status
iCG Authentication Service
iCG APIs are secured by OAuth 2.0 ROPC grant type. The external application must obtain user authorization before it executes an endpoint call incase this API chooses to use OAuth 2.0 ROPC Grant. This authorization includes the following steps:
- You must first exchange the user's credentials for an access token.
- The access token is an object containing information for authorizing client requests and refreshing the token itself.
The end-to-end authorization request is represented in the below diagram.
sequenceDiagram participant Merchant participant ICG (token URL) autonumber Merchant ->>ICG (token URL): Client ID, username, password ICG (token URL)->>Merchant: id_token, access token, refresh tokenThe above step is to generate access token using the iCG provided Client id and with Merchant's user credentials.
Key Request Parameters
Once you receive the Client ID, and the user credentials, the next step is call the OAuth 2.0 ROPC endpoint to generate the access token.
Element Value Method POST Authorization Type OAuth 2.0 ROPC Auth URI https://auth.icheckdev.com/ Client ID *****(iCG application audience ID) Username {username} Password {password} grant_type password Sample cURL Request
curl -X POST \
--url 'https://auth.icheckdev.com/Login' \
--header 'Accept: application/json' \
--data 'grant_type=password' \
--data 'username={USERNAME}' \
--data 'password={PASSWORD}' \
--data 'client_id={iCG APPLICATION AUDIENCE ID}' \
On receiving the requests, iCG Authorization system validates all the parameters in the request and, if the request pass through the validation process, then it will generate your access token and return it in the response.
Sample Response Body
{
"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1laWQiOiJjNjFhY2JhYy02NjA4LTQ3Y2YtYWIxOS0wZWQ2YmY3NTI5MTciLCJ1bmlxdWVfbmFtZSI6IlN1c2VlbGEiLCJlbmNyeXB0ZWRfZW1haWwiOiJGcGJnZ1RqbTNkbXl2cFlWVlVZNnJzcHBDKzcweFIwWGoyeTR1Mm8rc1ZRPSIsInR5cGUiOiIiLCJpc3MiOiJodHRwczovL2F1dGguaWNoZWNrZGV2LmNvbS8iLCJhdWQiOiJmMWZhN2ZmZi05MmU0LTQxMzMtOGQxMC0zNjg2OGM0OTg3YWQiLCJleHAiOjE3MDQ5MDY1MjAsIm5iZiI6MTcwNDgyMDEyMH0.Q03E-HrXto9CBzHcC43qn2wZG5VpUV4hzIfcCuRGWu4"
"token_type":"bearer"
"expires_in":86399
}The response parameters and their descriptions are:
Parameter Description access_token The access token to be used to call the functional APIs token_type Bearer expires_in The number of seconds until the access token expires Benefits of Authentication Service
The Authentication Service is a vital and core service for ICG, as it guarantees users and services have the proper and minimum access required to the resources and services needed.
The Authentication Service serves as the unique point of customer and service (Application) authentication and authorization to all ICG products, services and resources.
The Service also provides the ability to manage users, services (Applications), roles, permissions (Audiences) and users and services (Applications) access level in a very granular way;.
This service is based on the industry-standard protocol for authorization OAuth 2.0 ROPC Grant type. It also allows for the implementation of industry standard features like two-factor authentication (2FA).
To view our list of APIs, please visit the Underwriting API page.