Users
Creating a new user, updating attributes and retrieving information

Creating a user

post
https://sandbox-api.stilt.com/v1
/users
Create new user in the platform
credit_report_xml_gzip and asset_report_json_gzip are required for underwriting, it's not required at the time of creating user but before calling application endpoint user should provide Credit Report and Plaid Asset Report.
credit_report_xml_gzip and asset_report_json_gzip are gzipped base64 encoded.
(in case the client choose to not use Stilt's underwriting these fields will not be mandatory)

Input Data Type

Column Name
Column Type
Validation
first_name
string
reg expression ^([aA-zZ]+[,.]?[ ]?|[aA-zZ]+['’-]?)+$
middle_name
string
empty or reg expression ^([aA-zZ]+[,.]?[ ]?|[aA-zZ]+['’-]?)+$
last_name
string
reg expression ^([aA-zZ]+[,.]?[ ]?|[aA-zZ]+['’-]?)+$
email
string
Valid email id from allowed domains
dob
date
%Y-%m-%d
ssn
string
AES Encrypted
address
JSON
Address JSON, for example: {
"line_1": "234 Main St",
"city": "San Francisco",
"state": "CA", "zip": "95678", "country": "UNITED STATES" }
phone
string
US Validation
citizenship
string
credit_report_xml_gzip
string
gzipped with base64 encoding
asset_report_json_gzip
string
gzipped with base64 encoding

Passing sensitive information

For creating a user we require SSN (US social security number), and you should make sure that SSN is always AES encrypted (In CBC Mode) sending over sensitive information without encryption is not allowed and it is a major security breach.
We always store encrypted SSN in our database to make sure any type of security failure is not causing us to lose sensitive information

How to encrypt?

function encrypt(secret_key, ssn) {
const iv = CryptoJS.lib.WordArray.random(16);
return iv.concat(
CryptoJS.AES.encrypt(
CryptoJS.enc.Utf8.parse(`${encodeURI(ssn)} `),
CryptoJS.enc.Utf8.parse(secret_key.split('-').join('')),
{ iv: iv }
).ciphertext
).toString(CryptoJS.enc.Base64);
}
You will always use secret_key to encrypt data and make sure to remove special characters like, it should be combination of numbers and string

How to create an HMAC header?

Please refer to the QuickStart guide for HMAC

Address JSON

Stilt only allows lending in US states, input address must be a valid US address. For passing address, you need to pass valid postal US address, here JSON schema for sending address
{
"city": "San Francisco",
"country": "UNITED STATES",
"line_1": "404 Bryant St",
"line_2": "123",
"line_3": "456",
"state": "CA",
"zip": "94107"
}

Updating user

put
https://sandbox-api.stilt.com/v1
/users/{userUUID}
Update user attributes

View user

get
https://sandbox-api.stilt.com/v1
/users/{userUUID}
Get user attributes

Get all users for the platform

get
https://sandbox-api.stilt.com/v1
/users/
Get all users for the platform

Delete user

delete
https://sandbox-api.stilt.com/v1
/users/{userUUID}
Delete user