Checkr Trust API (1.0)

Download OpenAPI specification:Download

API Development Team: checkr-trust@checkr.com URL: https://checkrtrust.com License: Proprietary

Checkr Trust API

Introduction

Checkr Trust is a modern, RESTful API-driven service designed to enhance trust and safety for your platform. The Checkr Trust API uses resource-oriented URLs, supports HTTPS for authentication and requests, and returns JSON responses.

The Checkr Trust API provides access to a rich set of data, including criminal records, traffic infractions, and registry checks. Once credentialed, you can start testing locally in minutes. For additional resources, please refer to our resource center. This documentation aims to help you quickly utilize Checkr Trust’s services, offering context and technical guidance for working with the API.

Intended Use Cases

Important: Any information accessed through Checkr Trust is not a "consumer report" under the Fair Credit Reporting Act (FCRA). Therefore, you must not use this information to determine eligibility for credit, insurance, employment, or any other purpose regulated under the FCRA. You may use this service only in accordance with your main service agreement with us and applicable law (including, for certain products, the Gramm-Leach-Bliley Act). Your access may be suspended or terminated if you violate or misuse this service.

Getting Started

The following sections will guide you through the steps necessary to start running checks with the Checkr Trust API:

Get credentialed
Authenticate with Checkr Trust
Create a Profile
Create a Check
Parse Check results
Create an Identity Verification
Parse Identity Verification results

Get Credentialed

Before you can request data from this API, you must first work with a Checkr Trust Account Executive or Customer Success representative to set up and credential your account.

Best practices for securing your API credentials:

Do not store your credentials in your codebase or commit them to version control. Instead, securely store the key only in your production environment, such as in environment variables.
Do not store your API key on the client side. All requests should be made from the server side, and only necessary data should be passed to the client.
If an API key is compromised, contact Checkr Trust immediately to revoke it. Checkr Trust will expire the current key and your Account Executive or Customer Success Representative will issue you a new one.

Authenticate with Checkr Trust

Your API key can be used to make any API call on behalf of your account, such as creating profiles and checks. Currently, your API key has unlimited access and must be secured accordingly. Checkr Trust will provide you with your Client Key and Secret Key, which can be exchanged for an access token via OAuth. The generated access tokens expire in 24 hours if not refreshed. Below is a step-by-step guide.

OAuth 2.0 Overview

OAuth 2.0 is an authorization framework that allows applications to obtain access to a HTTP service. User authentication is delegated to the service that hosts the user account, while third-party applications are authorized to access the user account.

Terminology

Resource Owner: The user authorizing an application to access their account.
Client: The application requesting access to the user's account.
Authorization Server: The server authenticating the Resource Owner and issuing access tokens to the Client.
Resource Server: The server hosting protected resources, capable of responding to requests using access tokens.

OAuth 2.0 Flow

Authorization Request
Authorization Grant
Access Token Request
Access Token Response

Obtaining an Access Token

Step 1: Register Your Application

Before you start, register your application with the Authorization Server to obtain your client_id and client_secret.

Step 2: Access Token Request

Make a POST request to the token endpoint with your client_id and client_secret in the body.

Example Request


$ curl --location 'https://api.checkrtrust.com/v1/accounts/token' \
--header 'Content-Type: application/json' \
--data '{
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET"
}'

Step 3: Access Token Response

If the request is successful, the Authorization Server responds with an access token, scopes, expiration time, and token type.

Example Successful Response:

{
"access_token": "eyJhb...(something long)...qJFlg",
"scope": "read:checks create:checks read:accounts read:account create:account delete:account",
"expires_in": 86400,
"token_type": "Bearer"
}

If the request fails, the Authorization Server responds with an error message.

Example Error Response:

{
"error": "access_denied",
"error_description": "Unauthorized"
}

Using the Access Token

Include the access token in the Authorization header when making requests to the Resource Server.

Example Request


curl --location 'https://api.checkrtrust.com/v1/checks' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ACCESS_TOKEN' \
--data '{
    "first_name": "John",
    "last_name": "Smith",
    "dob": "19880218"
}'

Error Handling If any step in the OAuth 2.0 flow encounters an error, the Authorization Server returns an error response. These errors can include invalid requests, invalid clients, and invalid grants.

Profiles

Profiles represent a set of Personally Identifiable Information (PII) for a person who will be checked. Profiles can be updated with the latest information for a person and be referenced to generate checks.

Create a New Profile

Creates a new Profile resource.

Required Fields

The required attributes for a Profile resource vary depending on its intended use. Each check will require a minimum set of attributes as shared below: Fields required to generate an Instant Criminal Check include:

first_name
last_name
dob (date of birth)

Validation for these attributes is performed when requesting a check, as the requirements depend on the check type.

Checks

Checks provide the resulting information relevant to the requested check for a set of PII. The response will include the check type and results.

Create a New Check

Creates a new check resource.

Required Fields The required attributes for a check resource vary depending on its intended use. Each check requires a minimum set of attributes. You can pass through the minimum set of PII or a profile_id to reference the profile’s PII. If both parameters are passed, the PII from the profile will take precedence. If the PII is insufficient for a check, a validation error will return a 401 Bad Request. Fields required to generate an Instant Criminal Check include:

first_name
last_name
dob (date of birth)

Parse Check Results

Synchronous responses for a check and GET requests for a check both contain the same information about the results of the check. A completed check with empty results indicates that there are no items on the person’s record for review. Results that are populated indicate items on the check that may require review. Results may not be used to determine eligibility for credit, insurance, employment, or any other purpose regulated under the FCRA. Additionally, Checkr Trust does not make any policy decisions on behalf of its customers.

Identity Verifications

Identity Verifications provide the resulting information relevant to the requested verification for a set of PII. The response will include the IDV type and results.

Create a New Identity Verification

Creates a new Identity Verification resource.

Required Fields The required attributes for an Identity Verification resource vary depending on its intended use. You can pass through the minimum set of PII or a profile_id to reference the profile’s PII. If both parameters are passed, the PII from the profile will take precedence. If the PII is insufficient for a verification, a validation error will return a 401 Bad Request. Fields required to generate an Identity Verification include:

first_name
last_name
idv_type
any of email, phone, dob or address

Parse Identity Verification Results

Synchronous responses for an Identity Verification and GET requests for an Identity Verification both contain the same information about the results. A completed Identity Verification will provide match scores for each attribute provided (first name, last name, email, phone, etc); and an overall match score. Additionally, Checkr Trust does not make any policy decisions on behalf of its customers.

Accounts

Endpoints and operations having to do with accounts and authorization. Account creation and credentialing will be done with a Checkr Trust team member.

Create token

Get a bearer token which will allow you to access the other endpoints in this API

Request

Request Body schema: application/json

the request to get a bearer token to use the API

client_id required	string
client_secret required	string

Responses

201

OK - success response from create token

401

Unauthorized - not allowed to response from create token

post/accounts/token

Request samples

Payload

application/json

{"client_id": "string",
"client_secret": "string"
}

Response samples

application/json

{"access_token": "eyJhb...(something long)...qJFlg",
"scope": "read:checks create:checks read:accounts read:account create:account delete:account",
"expires_in": 86400,
"token_type": "Bearer"
}

Checks

Checks provide the resulting information relevant to the requested check for a set of PII. Checks will include the Check type and results.

Get checks

Get a set of checks

Securityget-bearer-token-using-oauth2

Request

query Parameters

limit	integer [ 0 .. 999999 ] Default: 10 limit the number of records returned
skip	integer [ 0 .. 999999 ] Default: 0 skip a number of records before returning (for paging)

Responses

200

400

Bad Request

401

Unauthorized

500

Internal Server Error

get/checks

Response samples

application/json

[{"id": "5bb1242f-6963-4886-8f05-9ee965da2ca1",
"created_at": "2024-06-15 00:03:49.588",
"completed_at": "2024-06-15 00:03:49.588",
"results": [{"category": "string",
"person": {"first_name": "string",
"middle_name": "string",
"last_name": "string",
"suffix": "string",
"full_name": "string",
"dob": "19950401",
"photo_urls": ["string"
],
"name_aliases": ["string"
],
"dob_aliases": ["string"
],
"addresses": [{"street": "string",
"city": "string",
"state": "KY",
"zip_code": "04850",
"country": "US"
}
]
},
"cases": [{"case_number": "string",
"title": "string",
"category": "string",
"type": "string",
"status": "string",
"file_date": "string",
"arrest_date": "string",
"court_county": "string",
"court_name": "string",
"charges": [{"arrest_date": null,
"arresting_agency": null,
"offense_date": null,
"legal_code": null,
"description": null,
"type": null,
"classification": null,
"category": null,
"subcategory": null,
"subsubcategory": null,
"decision_date": null,
"final_action": null,
"city": null,
"county": null,
"state": null,
"fips_code": null,
"sentences": [ ],
"dispositions": [ ]
}
]
}
],
"source": {"category": "string",
"name": "string"
}
}
],
"profile_id": "bfcb6779-b1f9-41fc-92d7-88f8bc1d12e8",
"check_type": "instant_criminal"
}
]

Create check

Create a new check

Securityget-bearer-token-using-oauth2

Request

Request Body schema: application/json

the request to create a check

One of:

check_type	string (check_type) Enum: "instant_criminal" "sex_offender_registry"
input_type	string (input_type) Enum: "person" "address"
first_name required	string
middle_name	string
last_name required	string
dob required	string (dob_string) = 8 characters \d{8} A date in the form YYYYMMDD.
ruleset_id	string <uuid> (ruleset_id) Identifier of an existing ruleset containing filtering rules. To set up account rulesets, please reach out to your Checkr Trust Account Executive or Customer Success representative to set up the configuration.

Responses

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

500

Internal Server Error

post/checks

Request samples

Payload

application/json

{"first_name": "JOHN",
"last_name": "SMITH",
"dob": "19900101"
}

Response samples

application/json

{"id": "5bb1242f-6963-4886-8f05-9ee965da2ca1",
"created_at": "2024-06-15 00:03:49.588",
"completed_at": "2024-06-15 00:03:49.588",
"results": [{"category": "string",
"person": {"first_name": "string",
"middle_name": "string",
"last_name": "string",
"suffix": "string",
"full_name": "string",
"dob": "19950401",
"photo_urls": ["string"
],
"name_aliases": ["string"
],
"dob_aliases": ["string"
],
"addresses": [{"street": "string",
"city": "string",
"state": "KY",
"zip_code": "04850",
"country": "US"
}
]
},
"cases": [{"case_number": "string",
"title": "string",
"category": "string",
"type": "string",
"status": "string",
"file_date": "string",
"arrest_date": "string",
"court_county": "string",
"court_name": "string",
"charges": [{"arrest_date": "string",
"arresting_agency": "string",
"offense_date": "string",
"legal_code": "string",
"description": "string",
"type": "string",
"classification": "string",
"category": "string",
"subcategory": "string",
"subsubcategory": "string",
"decision_date": "string",
"final_action": "string",
"city": "string",
"county": "string",
"state": "string",
"fips_code": "string",
"sentences": [null
],
"dispositions": [null
]
}
]
}
],
"source": {"category": "string",
"name": "string"
}
}
],
"profile_id": "bfcb6779-b1f9-41fc-92d7-88f8bc1d12e8",
"check_type": "instant_criminal"
}

Get check

Get a single check with a given id

Securityget-bearer-token-using-oauth2

Request

path Parameters

check_id

required

string <uuid>

the uuid identifying the check

Example: 2b8313e8-4efd-45a1-b578-952b8313e890

Responses

200

401

Unauthorized

404

Not Found

500

Internal Server Error

get/checks/{check_id}

Response samples

application/json

{"id": "5bb1242f-6963-4886-8f05-9ee965da2ca1",
"created_at": "2024-06-15 00:03:49.588",
"completed_at": "2024-06-15 00:03:49.588",
"results": [{"category": "string",
"person": {"first_name": "string",
"middle_name": "string",
"last_name": "string",
"suffix": "string",
"full_name": "string",
"dob": "19950401",
"photo_urls": ["string"
],
"name_aliases": ["string"
],
"dob_aliases": ["string"
],
"addresses": [{"street": "string",
"city": "string",
"state": "KY",
"zip_code": "04850",
"country": "US"
}
]
},
"cases": [{"case_number": "string",
"title": "string",
"category": "string",
"type": "string",
"status": "string",
"file_date": "string",
"arrest_date": "string",
"court_county": "string",
"court_name": "string",
"charges": [{"arrest_date": "string",
"arresting_agency": "string",
"offense_date": "string",
"legal_code": "string",
"description": "string",
"type": "string",
"classification": "string",
"category": "string",
"subcategory": "string",
"subsubcategory": "string",
"decision_date": "string",
"final_action": "string",
"city": "string",
"county": "string",
"state": "string",
"fips_code": "string",
"sentences": [null
],
"dispositions": [null
]
}
]
}
],
"source": {"category": "string",
"name": "string"
}
}
],
"profile_id": "bfcb6779-b1f9-41fc-92d7-88f8bc1d12e8",
"check_type": "instant_criminal"
}

Identity Verifications

Identity Verifications provide the resulting information relevant to the requested verification for a set of PII. The response will include the IDV type and results.

Get identity verifications

Get a set of identity verifications

Securityget-bearer-token-using-oauth2

Request

query Parameters

limit	integer [ 0 .. 999999 ] Default: 10 limit the number of records returned
skip	integer [ 0 .. 999999 ] Default: 0 skip a number of records before returning (for paging)

Responses

200

400

Bad Request

401

Unauthorized

500

Internal Server Error

get/identity_verifications

Response samples

application/json

[{"id": "5bb1242f-6963-4886-8f05-9ee965da2ca1",
"created_at": "2024-06-15 00:03:49.588",
"completed_at": "2024-06-15 00:03:49.588",
"results": {"attribute_match_scores": {"first_name": 100,
"last_name": 100,
"dob": 100,
"phone": 100,
"email": 100,
"address": 100,
"city": 100,
"state": 100,
"zip_code": 100
},
"overall_match_score": 100,
"result_context": ["Address was fuzzy matched to the address on record"
]
},
"profile_id": "bfcb6779-b1f9-41fc-92d7-88f8bc1d12e8",
"idv_type": "pii_validation"
}
]

Create identity verification

Create a new identity verification

Securityget-bearer-token-using-oauth2

Request

Request Body schema: application/json

the request to create an identity verification

One of:

the request to create a new identity verification from set of PII

Any of:

The object must have DOB.

idv_type required	string (idv_type) Value: "pii_validation"
first_name required	string
middle_name	string
last_name required	string
dob required	string (dob_string) = 8 characters \d{8} A date in the form YYYYMMDD.
phone	string
email	string
	object (address)

Responses

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

500

Internal Server Error

post/identity_verifications

Request samples

Payload

application/json

{"first_name": "JOHN",
"last_name": "SMITH",
"idv_type": "pii_validation",
"email": "johnsmith@checkr.com"
}

Response samples

application/json

{"id": "5bb1242f-6963-4886-8f05-9ee965da2ca1",
"created_at": "2024-06-15 00:03:49.588",
"completed_at": "2024-06-15 00:03:49.588",
"results": {"attribute_match_scores": {"first_name": 100,
"last_name": 100,
"dob": 100,
"phone": 100,
"email": 100,
"address": 100,
"city": 100,
"state": 100,
"zip_code": 100
},
"overall_match_score": 100,
"result_context": ["Address was fuzzy matched to the address on record"
]
},
"profile_id": "bfcb6779-b1f9-41fc-92d7-88f8bc1d12e8",
"idv_type": "pii_validation"
}

Get identity verification

Get a single identity verification with a given id

Securityget-bearer-token-using-oauth2

Request

path Parameters

identity_verification_id

required

string <uuid>

the uuid identifying the identity verification

Example: 2b8313e8-4efd-45a1-b578-952b8313e890

Responses

200

401

Unauthorized

404

Not Found

500

Internal Server Error

get/identity_verifications/{identity_verification_id}

Response samples

application/json

{"id": "5bb1242f-6963-4886-8f05-9ee965da2ca1",
"created_at": "2024-06-15 00:03:49.588",
"completed_at": "2024-06-15 00:03:49.588",
"results": {"attribute_match_scores": {"first_name": 100,
"last_name": 100,
"dob": 100,
"phone": 100,
"email": 100,
"address": 100,
"city": 100,
"state": 100,
"zip_code": 100
},
"overall_match_score": 100,
"result_context": ["Address was fuzzy matched to the address on record"
]
},
"profile_id": "bfcb6779-b1f9-41fc-92d7-88f8bc1d12e8",
"idv_type": "pii_validation"
}

Profiles

Get profiles

get a set of profiles

Securityget-bearer-token-using-oauth2

Request

query Parameters

limit	integer [ 0 .. 999999 ] Default: 10 limit the number of records returned
skip	integer [ 0 .. 999999 ] Default: 0 skip a number of records before returning (for paging)

Responses

200

400

Bad Request

401

Unauthorized

500

Internal Server Error

get/profiles

Response samples

application/json

[{"id": "f43dd5e8-5f34-4366-b9e4-722cd54266ad",
"first_name": "string",
"middle_name": "string",
"last_name": "string",
"dob": "19950401",
"phone": "+14155551212",
"email": "j.doe@example.com",
"address": {"street": "string",
"city": "string",
"state": "KY",
"zip_code": "04850",
"country": "US"
},
"custom_id": "ABC-123",
"check_ids": ["5bb1242f-6963-4886-8f05-9ee965da2ca1"
]
}
]

Create profile

Create a new profile

Securityget-bearer-token-using-oauth2

Request

Request Body schema: application/json

the request to create a profile

first_name required	string
middle_name	string or null
last_name required	string
dob required	string (dob_string) = 8 characters \d{8} A date in the form YYYYMMDD.
phone	string (phone_string) +[1-9]\d{2,14} A phone number in the form +[country code][number including area code]. (E.164 format)
email	string (email_string) [\w+\-.]+@[a-z\d\-.]+\.[a-z]+ An email address.
	object (address)
custom_id	string (custom_id_string) <= 255 characters An identifier of your choice, if you wish to use one.

Responses

201

Created

400

Bad Request

401

Unauthorized

500

Internal Server Error

post/profiles

Request samples

Payload

application/json

{"first_name": "string",
"middle_name": "string",
"last_name": "string",
"dob": "19950401",
"phone": "+14155551212",
"email": "j.doe@example.com",
"address": {"street": "string",
"city": "string",
"state": "KY",
"zip_code": "04850",
"country": "US"
},
"custom_id": "ABC-123"
}

Response samples

application/json

{"id": "f43dd5e8-5f34-4366-b9e4-722cd54266ad",
"first_name": "string",
"middle_name": "string",
"last_name": "string",
"dob": "19950401",
"phone": "+14155551212",
"email": "j.doe@example.com",
"address": {"street": "string",
"city": "string",
"state": "KY",
"zip_code": "04850",
"country": "US"
},
"custom_id": "ABC-123"
}

Get profile

Get a single profile by id

Securityget-bearer-token-using-oauth2

Request

path Parameters

profile_id

required

string <uuid>

the uuid identifying the profile

Example: 2b8313e8-b578-45a1-4efd-952b8313e890

Responses

200

400

Bad Request

401

Unauthorized

404

Not Found

500

Internal Server Error

get/profiles/{profile_id}

Response samples

application/json

{"id": "f43dd5e8-5f34-4366-b9e4-722cd54266ad",
"first_name": "string",
"middle_name": "string",
"last_name": "string",
"dob": "19950401",
"phone": "+14155551212",
"email": "j.doe@example.com",
"address": {"street": "string",
"city": "string",
"state": "KY",
"zip_code": "04850",
"country": "US"
},
"custom_id": "ABC-123",
"check_ids": ["5bb1242f-6963-4886-8f05-9ee965da2ca1"
]
}

Update profile

Update a profile with a given id

Securityget-bearer-token-using-oauth2

Request

path Parameters

profile_id

required

string <uuid>

the uuid identifying the profile

Example: 2b8313e8-b578-45a1-4efd-952b8313e890

Request Body schema: application/json

the request to patch (modify) a profile

first_name	string
middle_name	string or null
last_name	string
dob	string (dob_string) = 8 characters \d{8} A date in the form YYYYMMDD.
phone	string (phone_string) +[1-9]\d{2,14} A phone number in the form +[country code][number including area code]. (E.164 format)
email	string (email_string) [\w+\-.]+@[a-z\d\-.]+\.[a-z]+ An email address.
	object (address)
custom_id	string (custom_id_string) <= 255 characters An identifier of your choice, if you wish to use one.

Responses

200

400

Bad Request

401

Unauthorized

404

Not Found

500

Internal Server Error

patch/profiles/{profile_id}

Request samples

Payload

application/json

{"first_name": "string",
"middle_name": "string",
"last_name": "string",
"dob": "19950401",
"phone": "+14155551212",
"email": "j.doe@example.com",
"address": {"street": "string",
"city": "string",
"state": "KY",
"zip_code": "04850",
"country": "US"
},
"custom_id": "ABC-123"
}

Response samples

application/json

{"id": "f43dd5e8-5f34-4366-b9e4-722cd54266ad",
"first_name": "string",
"middle_name": "string",
"last_name": "string",
"dob": "19950401",
"phone": "+14155551212",
"email": "j.doe@example.com",
"address": {"street": "string",
"city": "string",
"state": "KY",
"zip_code": "04850",
"country": "US"
},
"custom_id": "ABC-123"
}