Checkr Trust API (1.0)

Download OpenAPI specification:Download

API Development Team: checkr-trust@checkr.com URL: https://checkrtrust.com License: Proprietary

Checkr Trust API

Introduction

Checkr Trust is a modern, RESTful API-driven service designed to enhance trust and safety for your platform. The Checkr Trust API uses resource-oriented URLs, supports HTTPS for authentication and requests, and returns JSON responses.

The Checkr Trust API provides access to a rich set of data, including criminal records, traffic infractions, and registry checks. Once credentialed, you can start testing locally in minutes. For additional resources, please refer to our resource center. This documentation aims to help you quickly utilize Checkr Trust’s services, offering context and technical guidance for working with the API.

Intended Use Cases

Important: Any information accessed through Checkr Trust is not a "consumer report" under the Fair Credit Reporting Act (FCRA). Therefore, you must not use this information to determine eligibility for credit, insurance, employment, or any other purpose regulated under the FCRA. You may use this service only in accordance with your main service agreement with us and applicable law (including, for certain products, the Gramm-Leach-Bliley Act). Your access may be suspended or terminated if you violate or misuse this service.

Getting Started

The following sections will guide you through the steps necessary to start running checks with the Checkr Trust API:

Get Credentialed

Before you can request data from this API, you must first work with a Checkr Trust Account Executive or Customer Success representative to set up and credential your account.

Best practices for securing your API credentials:

  • Do not store your credentials in your codebase or commit them to version control. Instead, securely store the key only in your production environment, such as in environment variables.
  • Do not store your API key on the client side. All requests should be made from the server side, and only necessary data should be passed to the client.
  • If an API key is compromised, contact Checkr Trust immediately to revoke it. Checkr Trust will expire the current key and your Account Executive or Customer Success Representative will issue you a new one.

Authenticate with Checkr Trust

Your API key can be used to make any API call on behalf of your account, such as creating profiles and checks. Currently, your API key has unlimited access and must be secured accordingly. Checkr Trust will provide you with your Client Key and Secret Key, which can be exchanged for an access token via OAuth. The generated access tokens expire in 24 hours if not refreshed. Below is a step-by-step guide.

OAuth 2.0 Overview

OAuth 2.0 is an authorization framework that allows applications to obtain access to a HTTP service. User authentication is delegated to the service that hosts the user account, while third-party applications are authorized to access the user account.

Terminology

  • Resource Owner: The user authorizing an application to access their account.
  • Client: The application requesting access to the user's account.
  • Authorization Server: The server authenticating the Resource Owner and issuing access tokens to the Client.
  • Resource Server: The server hosting protected resources, capable of responding to requests using access tokens.

OAuth 2.0 Flow

  1. Authorization Request
  2. Authorization Grant
  3. Access Token Request
  4. Access Token Response

Obtaining an Access Token

Step 1: Register Your Application

Before you start, register your application with the Authorization Server to obtain your client_id and client_secret.

Step 2: Access Token Request

Make a POST request to the token endpoint with your client_id and client_secret in the body.

Example Request

$ curl --location 'https://api.checkrtrust.com/v1/accounts/token' \
--header 'Content-Type: application/json' \
--data '{
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET"
}'
Step 3: Access Token Response

If the request is successful, the Authorization Server responds with an access token, scopes, expiration time, and token type.

Example Successful Response:
{
"access_token": "eyJhb...(something long)...qJFlg",
"scope": "read:checks create:checks read:accounts read:account create:account delete:account",
"expires_in": 86400,
"token_type": "Bearer"
}

If the request fails, the Authorization Server responds with an error message.

Example Error Response:
{
"error": "access_denied",
"error_description": "Unauthorized"
}

Using the Access Token

Include the access token in the Authorization header when making requests to the Resource Server.

Example Request

curl --location 'https://api.checkrtrust.com/v1/checks' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ACCESS_TOKEN' \
--data '{
    "first_name": "John",
    "last_name": "Smith",
    "dob": "19880218"
}'

Error Handling If any step in the OAuth 2.0 flow encounters an error, the Authorization Server returns an error response. These errors can include invalid requests, invalid clients, and invalid grants.

Profiles

Profiles represent a set of Personally Identifiable Information (PII) for a person who will be checked. Profiles can be updated with the latest information for a person and be referenced to generate checks.

Create a New Profile

Creates a new Profile resource.

Required Fields

The required attributes for a Profile resource vary depending on its intended use. Each check will require a minimum set of attributes as shared below: Fields required to generate an Instant Criminal Check include:

  • first_name
  • last_name
  • dob (date of birth)

Validation for these attributes is performed when requesting a check, as the requirements depend on the check type.

Checks

Checks provide the resulting information relevant to the requested check for a set of PII. The response will include the check type and results.

Create a New Check

Creates a new check resource.

Required Fields The required attributes for a check resource vary depending on its intended use. Each check requires a minimum set of attributes. You can pass through the minimum set of PII or a profile_id to reference the profile’s PII. If both parameters are passed, the PII from the profile will take precedence. If the PII is insufficient for a check, a validation error will return a 401 Bad Request. Fields required to generate an Instant Criminal Check include:

  • first_name
  • last_name
  • dob (date of birth)

Parse Check Results

Synchronous responses for a check and GET requests for a check both contain the same information about the results of the check. A completed check with empty results indicates that there are no items on the person’s record for review. Results that are populated indicate items on the check that may require review. Results may not be used to determine eligibility for credit, insurance, employment, or any other purpose regulated under the FCRA. Additionally, Checkr Trust does not make any policy decisions on behalf of its customers.

Identity Verifications

Identity Verifications provide the resulting information relevant to the requested verification for a set of PII. The response will include the IDV type and results.

Create a New Identity Verification

Creates a new Identity Verification resource.

Required Fields The required attributes for an Identity Verification resource vary depending on its intended use. You can pass through the minimum set of PII or a profile_id to reference the profile’s PII. If both parameters are passed, the PII from the profile will take precedence. If the PII is insufficient for a verification, a validation error will return a 401 Bad Request. Fields required to generate an Identity Verification include:

  • first_name
  • last_name
  • idv_type
  • any of email, phone, dob or address

Parse Identity Verification Results

Synchronous responses for an Identity Verification and GET requests for an Identity Verification both contain the same information about the results. A completed Identity Verification will provide match scores for each attribute provided (first name, last name, email, phone, etc); and an overall match score. Additionally, Checkr Trust does not make any policy decisions on behalf of its customers.

Accounts

Endpoints and operations having to do with accounts and authorization. Account creation and credentialing will be done with a Checkr Trust team member.

Create token

Get a bearer token which will allow you to access the other endpoints in this API

Request
Request Body schema: application/json

the request to get a bearer token to use the API

client_id
required
string
client_secret
required
string
Responses
201

OK - success response from create token

401

Unauthorized - not allowed to response from create token

post/accounts/token
Request samples
application/json
{
  • "client_id": "string",
  • "client_secret": "string"
}
Response samples
application/json
{
  • "access_token": "eyJhb...(something long)...qJFlg",
  • "scope": "read:checks create:checks read:accounts read:account create:account delete:account",
  • "expires_in": 86400,
  • "token_type": "Bearer"
}

Checks

Checks provide the resulting information relevant to the requested check for a set of PII. Checks will include the Check type and results.

Get checks

Get a set of checks

Securityget-bearer-token-using-oauth2
Request
query Parameters
limit
integer [ 0 .. 999999 ]
Default: 10

limit the number of records returned

skip
integer [ 0 .. 999999 ]
Default: 0

skip a number of records before returning (for paging)

Responses
200

OK

400

Bad Request

401

Unauthorized

500

Internal Server Error

get/checks
Response samples
application/json
[
  • {
    }
]

Create check

Create a new check

Securityget-bearer-token-using-oauth2
Request
Request Body schema: application/json

the request to create a check

One of:
check_type
string (check_type)
Enum: "instant_criminal" "sex_offender_registry"
input_type
string (input_type)
Enum: "person" "address"
first_name
required
string
middle_name
string
last_name
required
string
dob
required
string (dob_string) = 8 characters \d{8}

A date in the form YYYYMMDD.

ruleset_id
string <uuid> (ruleset_id)

Identifier of an existing ruleset containing filtering rules. To set up account rulesets, please reach out to your Checkr Trust Account Executive or Customer Success representative to set up the configuration.

Responses
201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

500

Internal Server Error

post/checks
Request samples
application/json
{
  • "first_name": "JOHN",
  • "last_name": "SMITH",
  • "dob": "19900101"
}
Response samples
application/json
{
  • "id": "5bb1242f-6963-4886-8f05-9ee965da2ca1",
  • "created_at": "2024-06-15 00:03:49.588",
  • "completed_at": "2024-06-15 00:03:49.588",
  • "results": [
    ],
  • "profile_id": "bfcb6779-b1f9-41fc-92d7-88f8bc1d12e8",
  • "check_type": "instant_criminal"
}

Get check

Get a single check with a given id

Securityget-bearer-token-using-oauth2
Request
path Parameters
check_id
required
string <uuid>

the uuid identifying the check

Example: 2b8313e8-4efd-45a1-b578-952b8313e890
Responses
200

OK

401

Unauthorized

404

Not Found

500

Internal Server Error

get/checks/{check_id}
Response samples
application/json
{
  • "id": "5bb1242f-6963-4886-8f05-9ee965da2ca1",
  • "created_at": "2024-06-15 00:03:49.588",
  • "completed_at": "2024-06-15 00:03:49.588",
  • "results": [
    ],
  • "profile_id": "bfcb6779-b1f9-41fc-92d7-88f8bc1d12e8",
  • "check_type": "instant_criminal"
}

Identity Verifications

Identity Verifications provide the resulting information relevant to the requested verification for a set of PII. The response will include the IDV type and results.

Get identity verifications

Get a set of identity verifications

Securityget-bearer-token-using-oauth2
Request
query Parameters
limit
integer [ 0 .. 999999 ]
Default: 10

limit the number of records returned

skip
integer [ 0 .. 999999 ]
Default: 0

skip a number of records before returning (for paging)

Responses
200

OK

400

Bad Request

401

Unauthorized

500

Internal Server Error

get/identity_verifications
Response samples
application/json
[
  • {
    }
]

Create identity verification

Create a new identity verification

Securityget-bearer-token-using-oauth2
Request
Request Body schema: application/json

the request to create an identity verification

One of:

the request to create a new identity verification from set of PII

Any of:

The object must have DOB.

idv_type
required
string (idv_type)
Value: "pii_validation"
first_name
required
string
middle_name
string
last_name
required
string
dob
required
string (dob_string) = 8 characters \d{8}

A date in the form YYYYMMDD.

phone
string
email
string
object (address)
Responses
201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

500

Internal Server Error

post/identity_verifications
Request samples
application/json
{
  • "first_name": "JOHN",
  • "last_name": "SMITH",
  • "idv_type": "pii_validation",
  • "email": "johnsmith@checkr.com"
}
Response samples
application/json
{
  • "id": "5bb1242f-6963-4886-8f05-9ee965da2ca1",
  • "created_at": "2024-06-15 00:03:49.588",
  • "completed_at": "2024-06-15 00:03:49.588",
  • "results": {
    },
  • "profile_id": "bfcb6779-b1f9-41fc-92d7-88f8bc1d12e8",
  • "idv_type": "pii_validation"
}

Get identity verification

Get a single identity verification with a given id

Securityget-bearer-token-using-oauth2
Request
path Parameters
identity_verification_id
required
string <uuid>

the uuid identifying the identity verification

Example: 2b8313e8-4efd-45a1-b578-952b8313e890
Responses
200

OK

401

Unauthorized

404

Not Found

500

Internal Server Error

get/identity_verifications/{identity_verification_id}
Response samples
application/json
{
  • "id": "5bb1242f-6963-4886-8f05-9ee965da2ca1",
  • "created_at": "2024-06-15 00:03:49.588",
  • "completed_at": "2024-06-15 00:03:49.588",
  • "results": {
    },
  • "profile_id": "bfcb6779-b1f9-41fc-92d7-88f8bc1d12e8",
  • "idv_type": "pii_validation"
}

Profiles

Profiles represent a set of Personally Identifiable Information (PII) for a person who will be checked. Profiles can be updated with the latest information for a person and be referenced to generate checks.

Get profiles

get a set of profiles

Securityget-bearer-token-using-oauth2
Request
query Parameters
limit
integer [ 0 .. 999999 ]
Default: 10

limit the number of records returned

skip
integer [ 0 .. 999999 ]
Default: 0

skip a number of records before returning (for paging)

Responses
200

OK

400

Bad Request

401

Unauthorized

500

Internal Server Error

get/profiles
Response samples
application/json
[
  • {
    }
]

Create profile

Create a new profile

Securityget-bearer-token-using-oauth2
Request
Request Body schema: application/json

the request to create a profile

first_name
required
string
middle_name
string or null
last_name
required
string
dob
required
string (dob_string) = 8 characters \d{8}

A date in the form YYYYMMDD.

phone
string (phone_string) +[1-9]\d{2,14}

A phone number in the form +[country code][number including area code]. (E.164 format)

email
string (email_string) [\w+\-.]+@[a-z\d\-.]+\.[a-z]+

An email address.

object (address)
custom_id
string (custom_id_string) <= 255 characters

An identifier of your choice, if you wish to use one.

Responses
201

Created

400

Bad Request

401

Unauthorized

500

Internal Server Error

post/profiles
Request samples
application/json
{
  • "first_name": "string",
  • "middle_name": "string",
  • "last_name": "string",
  • "dob": "19950401",
  • "phone": "+14155551212",
  • "email": "j.doe@example.com",
  • "address": {
    },
  • "custom_id": "ABC-123"
}
Response samples
application/json
{
  • "id": "f43dd5e8-5f34-4366-b9e4-722cd54266ad",
  • "first_name": "string",
  • "middle_name": "string",
  • "last_name": "string",
  • "dob": "19950401",
  • "phone": "+14155551212",
  • "email": "j.doe@example.com",
  • "address": {
    },
  • "custom_id": "ABC-123"
}

Get profile

Get a single profile by id

Securityget-bearer-token-using-oauth2
Request
path Parameters
profile_id
required
string <uuid>

the uuid identifying the profile

Example: 2b8313e8-b578-45a1-4efd-952b8313e890
Responses
200

OK

400

Bad Request

401

Unauthorized

404

Not Found

500

Internal Server Error

get/profiles/{profile_id}
Response samples
application/json
{
  • "id": "f43dd5e8-5f34-4366-b9e4-722cd54266ad",
  • "first_name": "string",
  • "middle_name": "string",
  • "last_name": "string",
  • "dob": "19950401",
  • "phone": "+14155551212",
  • "email": "j.doe@example.com",
  • "address": {
    },
  • "custom_id": "ABC-123",
  • "check_ids": [
    ]
}

Update profile

Update a profile with a given id

Securityget-bearer-token-using-oauth2
Request
path Parameters
profile_id
required
string <uuid>

the uuid identifying the profile

Example: 2b8313e8-b578-45a1-4efd-952b8313e890
Request Body schema: application/json

the request to patch (modify) a profile

first_name
string
middle_name
string or null
last_name
string
dob
string (dob_string) = 8 characters \d{8}

A date in the form YYYYMMDD.

phone
string (phone_string) +[1-9]\d{2,14}

A phone number in the form +[country code][number including area code]. (E.164 format)

email
string (email_string) [\w+\-.]+@[a-z\d\-.]+\.[a-z]+

An email address.

object (address)
custom_id
string (custom_id_string) <= 255 characters

An identifier of your choice, if you wish to use one.

Responses
200

OK

400

Bad Request

401

Unauthorized

404

Not Found

500

Internal Server Error

patch/profiles/{profile_id}
Request samples
application/json
{
  • "first_name": "string",
  • "middle_name": "string",
  • "last_name": "string",
  • "dob": "19950401",
  • "phone": "+14155551212",
  • "email": "j.doe@example.com",
  • "address": {
    },
  • "custom_id": "ABC-123"
}
Response samples
application/json
{
  • "id": "f43dd5e8-5f34-4366-b9e4-722cd54266ad",
  • "first_name": "string",
  • "middle_name": "string",
  • "last_name": "string",
  • "dob": "19950401",
  • "phone": "+14155551212",
  • "email": "j.doe@example.com",
  • "address": {
    },
  • "custom_id": "ABC-123"
}