Users

Stilt Credit Infra Docs

Search…

Onbo documentation

Quickstart

Reference

Compliance requirements

Rejection Reasons

Users

Creating a new user, updating attributes and retrieving information

Creating a user
post
https://sandbox-api.stilt.com/v1
/users
Create new user in the platform
credit_report_xml_gzip and asset_report_json_gzip are required for underwriting, it's not required at the time of creating user but before calling application endpoint user should provide Credit Report and Plaid Asset Report.
credit_report_xml_gzip and asset_report_json_gzip are gzipped base64 encoded.
​
(in case the client choose to not use Stilt's underwriting these fields will not be mandatory)
Input Data Type
Column Name
Column Type
Validation
first_name
string
reg expression ^([aA-zZ]+[,.]?[ ]?|[aA-zZ]+['’-]?)+$
middle_name
string
empty or reg expression ^([aA-zZ]+[,.]?[ ]?|[aA-zZ]+['’-]?)+$
last_name
string
reg expression ^([aA-zZ]+[,.]?[ ]?|[aA-zZ]+['’-]?)+$
email
string
Valid email id from allowed domains
dob
date
%Y-%m-%d
ssn
string
AES Encrypted
address
JSON
Address JSON, for example:
{ 
  "line_1": "234 Main St", 
  "city": "San Francisco",
  "state": "CA",
  "zip": "95678",
  "country": "UNITED STATES"
}
phone
string
US Validation
citizenship
string
Please use alpha-2 ISO country codes: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements​
credit_report_xml_gzip
string
gzipped with base64 encoding
asset_report_json_gzip
string
gzipped with base64 encoding
Passing sensitive information
For creating a user we require SSN (US social security number), and you should make sure that SSN is always AES encrypted (In CBC Mode) sending over sensitive information without encryption is not allowed and it is a major security breach. 
We always store encrypted SSN in our database to make sure any type of security failure is not causing us to lose sensitive information
How to encrypt?
function encrypt(secret_key, ssn) {
  const iv = CryptoJS.lib.WordArray.random(16);
  return iv.concat(
    CryptoJS.AES.encrypt(
      CryptoJS.enc.Utf8.parse(`${encodeURI(ssn)} `),
      CryptoJS.enc.Utf8.parse(secret_key.split('-').join('')),
      { iv: iv }
    ).ciphertext
  ).toString(CryptoJS.enc.Base64);
}
You will always use secret_key to encrypt data and make sure to remove special characters like, it should be combination of numbers and string
How to create an HMAC header?
Please refer to the QuickStart guide for HMAC
API Authentication
Address JSON
Stilt only allows lending in US states, input address must be a valid US address. For passing address, you need to pass valid postal US address, here JSON schema for sending address
{
    "city": "San Francisco",
    "country": "UNITED STATES",
    "line_1": "404 Bryant St",
    "line_2": "123",
    "line_3": "456",
    "state": "CA",
    "zip": "94107"
 }
Updating user
put
https://sandbox-api.stilt.com/v1
/users/{userUUID}
Update user attributes
View user
get
https://sandbox-api.stilt.com/v1
/users/{userUUID}
Get user attributes
Get all users for the platform
get
https://sandbox-api.stilt.com/v1
/users/
Get all users for the platform
Delete user
delete
https://sandbox-api.stilt.com/v1
/users/{userUUID}
Delete user