This section explains how user information is transmitted to Engine by MoneyLion's API via HTTP requests.
There are two steps involved for getting offers from Engine's 2nd Look Marketplace:
Step 1: Submit Lead
As the first step, partners should post to the Submit Lead endpoint with the user's information:
POST to https://api.engine.tech/leads/rateTables
Post Request Authorization
Engine will provide testing and production API access tokens. All requests to the Engine API must be authenticated using a bearer token specified in the Authorization header.
The header value is prefixed with the string "Bearer". Please contact your Engine Partner Manager for an appropriate bearer token for API testing.
The required format of the request (in JSON) is shown below:
curl -L -X POST 'https://api.engine.tech/leads/rateTables' \-H 'Content-Type: application/json' \-H 'Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \-H 'User-Agent: curl/7.68.0' \--data-raw '{"productTypes":["other"],"personalInformation":{"firstName":"John","lastName":"Doe","email":"john@example.com","city":"New York","state":"NY","primaryPhone":"2125556789","address1":"175 5th Ave","address2":"Apartment 5","zipcode":"10010","dateOfBirth":"1993-10-09","ssn":"230-13-2346"},"loanInformation":{"purpose":"debt_consolidation","loanAmount":10000},"mortgageInformation":{"propertyStatus":"own_with_mortgage"},"creditInformation":{"providedCreditRating":"good"},"financialInformation":{"employmentStatus":"employed","employmentPayFrequency":"biweekly","annualIncome":80000},"legalInformation":{"consentsToFcra":true,"consentsToTcpa":true,"consentsToSms"true, "fcraLanguage": "By checking this box/clicking 'agree' I hereby consent to the 'E-Sign Agreement', the 'Credit Authorization Agreement', the Terms of Service and Privacy Policy, and I am providing written consent under the Fair Credit Reporting Act (FCRA) for [Engine by MoneyLion and/or Insert Company Name], its partners and financial institutions to obtain consumer report information from my credit profile. I request that my information be provided to their partners, lenders, and financial services partners to provide me with financial recommendations, which may also include debt relief, credit repair, credit monitoring or other related services", "tcpaLanguage": "I agree to be contacted by [Engine by MoneyLion and/or Insert Company Name] its partners and their affiliated companies and financial institutions via email, postal mail service and/or at the telephone number(s) I have provided above to explore various financial products and services I inquired about, including contact through automatic dialing systems, artificial or pre-recorded voice messaging, or text message. Consent is not required as a condition to utilize the service, and you may choose to be contacted by an individual customer care representative(s) by calling XXXXX or emailing XXXX."},"sessionInformation":{"ipAddress":"x.x.x.x","userAgent":"MyApp/2.1 (iOS 16.3; iPhone13,2)"}}'
Required Fields:
Product Types
Field
Type
Required?
Sample Value
Enum/Comment
productTypes*
Array of strings
Y
"loan", "other"
Enum:
"loan"
"loan", "other"
"other"
*In the productTypes array, you may pass ["loan"] for the lead to receive First Look / Personal Loan offers only), ["other"] for the lead to receive Second Look Marketplace offers only, or ["loan", "other"] for the lead to receive 1st Look offers when eligible, or else Second Look offers (if not eligible for any 1st Look offers).
"By checking this box/clicking 'agree' I hereby consent to ..."
Must include the exact FCRA language shown to users.
consentsToSms
Boolean
No
true
Highly recommended
consentsToTcpa
Boolean
No
true
Highly recommended*
tcpaLanguage
String
Conditional
"By checking this box/clicking 'agree' I hereby consent to ..."
Required if consentsToTcpa is true. Must include the exact TCPA language shown to users.
*Although the FCC has postponed the effective date of the TCPA One-to-One Consent Rule—meaning the consentsToTcpa field is no longer strictly required (i.e. does not need to be true—Engine still strongly encourages our channel partners to obtain user consent to maintain the highest standards of compliance and performance.
Session Information
Field
Type
Required? (Yes/No)
Sample Value
Enum/Comment
ipAddress
String
Yes
8.8.8.8
Used for fraud detection by Engine and Financial Institution partners
userAgent
String
Yes
MyApp/2.1 (iOS 16.3; iPhone13,2)
Used for fraud detection/prevention by Financial Institution partners
sessionInformation.userAgent should reflect the userAgent of the client (i.e. consumer's device), which is different from the User-Agent required in request headers (which should reflect the channel partner's server).
Client Tags
Field
Type
Required (Yes/No)
Sample Value
Enum/Comment
clientId
array
No
clientId123
Client Tags can be added for ease of reporting/attribution (i.e. for the partner's convenience when Engine reports metrics to the partner). Refer to Client Tags for Reporting for details
Regex Validations
The following fields have the regex checks and will return errors if your lead submission does not adhere to this logic:
personalInformation.primaryPhone
The primary must be a string of 10 digits, with or without a leading 1, and with or without special characters e.g. ()-.
The area code cannot be the same 3 digits repeated, e.g. 222 or 333.
personalInformation.zipcode
The zip code must be a string of either:
5 digits
5 digits, a hyphen -, and 4 more digits
personalInformation.ssn
The SSN cannot have all digits in each group be identical (e.g., 111-11-1111 or 222-22-2222).
The following specific SSNs are not allowed because they are commonly used in examples or considered invalid:
123-45-6789
219-09-9999
078-05-1120
The first group of three digits cannot be:
666
000
Any number starting with 9 (e.g., 900–999).
The middle group of two digits cannot be:
00
The last group of four digits cannot be:
0000
Response from the Submit Lead Endpoint
After posting to the Submit Lead endpoint, partners will receive a response almost instantaneously. Below is a sample response:
You’ll receive the following information upon a successful request. Note that the initial response does not include complete offer information.
uuid: Engine’s Rate Table UUID, used to retrieve offer data
leadUuid: Engine’s Lead UUID, which partners should retain for internal records
loanOffers - This is an array that contains 1st Look offers (i.e. prequalified/preapproved loan offers).
specialOffers - This is an array that contains 2nd Look Marketplace offers (i.e. alternative products such as debt relief and credit builders)
pendingOriginators - Deprecated field. Partners should ignore this field.
pendingResponses - This is a list of FI partners from which Engine is awaiting responses.
If pendingResponses is empty, it means all offers from Engine's Financial Partners for the lead have been returned. The supply partner will not need to make any further API calls (i.e. ignore Step 2 below)
If pendingResponses is NOT empty, it means Engine is still awaiting responses from FI partners. In this common scenario, the supply partner will need to continue to step 2 and poll the GET originator/rateTables/:uuid endpoint until all requests to FI partners are resolved.
leadUuid is not needed to make the second call to retrieve offers, but you should record it in case you need to reach out to your Partner Manager regarding any questions or issues regarding that lead.
Step 2: Poll the GET /originator/rateTables endpoint for a Specific rate table uuid until pendingResponses is empty
Below are the instructions for the secondary request(s) that channel partners need to follow, in order to retrieve the complete offers for a specific user from Step 1:
Capture uuid: Capture the uuid returned in Engine's response (the call made in Step 1)
Execute GET request: Use the captured uuid to make a GET request to the endpoint below:
GET https://api.engine.tech/originator/rateTables/:uuid
Polling: If there are pendingResponses (i.e. the array is not empty), continue polling every second.
Rate tables will typically resolve within 15 seconds if productTypes is set to "other" .
Below is a sample response from step 2's GET originator/rateTables/:uuid request. The pendingResponses field is empty, showing that all responses from Financial Institution partners have been received by the Engine.
For your visibility, below are the typical response time it takes for Engine to receive offers from all our Financial Institutions partners.
Response types are mapped to HTTP status codes. In particular:
200 OK: when data is successfully returned for a GET request
201 Created: when new data is submitted via a POST
400 Bad Request: the submitted data is malformed
401 Unauthorized: when the Authorization header is missing, if the value is invalid, or if the corresponding access token lacks the required scopes to complete the request
404 Not Found: the URL is invalid, or the resource ID reference in the URL does not exist
422 Unprocessable Entity: the submitted data is properly formatted, but invalid according to business logic (some legacy endpoints use 409 Conflict in this case)
