Authentication
How Authentication Works
AcuView uses a secure token-based authentication model that verifies the identity before granting access to borrower intelligence features. When you sign in, the client sends a login request containing valid credentials. AcuView validates these credentials and returns a short-lived JSON Web Token (JWT). This token represents the authenticated session and must accompany every subsequent API request. The platform checks this token on each call to ensure that you are an authorized lender who can view or manipulate borrower data.
Establishing an Authenticated Session
AcuView uses a secure token-based authentication model that verifies identity before granting access to borrower intelligence features. When you sign in, the client sends a login request containing valid credentials. AcuView validates these credentials and returns a short-lived JSON Web Token (JWT). This token represents the authenticated session and must accompany every subsequent API request. The platform checks this token on each call to ensure that you are an authorized lender who can view or manage borrower data.
Using the Token in Requests
Clients include the token in the Authorization: Bearer <token>
header for all API interactions. Because AcuView does not maintain persistent
server-side sessions, every call must contain a valid token. If a token expires
typically after sixty minutes AcuView returns a 401 Unauthorized
error. The application must then reauthenticate and retry the original request with
the new token. This model ensures session integrity and reduces the risk of improper
access.
Confirming the Authenticated User
To understand which user is associated with the active session, you can call the
whoAmI endpoint. This endpoint returns merchant ID, username,
assigned roles, product access, and client type tied to the token. It allows
organizations to confirm that applications are operating under the correct context
and that the caller has the appropriate permissions to perform borrower verification
and related actions.
This check is especially useful for teams with multiple user roles or shared integration environments.
Time Zone Requirements
Some AcuView operations rely on accurate time interpretation, especially when
displaying recency data, borrower activity timelines, and verification timestamps.
For these endpoints, you must include an X-Timezone header using a
valid IANA time zone format, such as America/Los_Angeles. AcuView
uses this value to align displayed dates and analytics with the lender’s local
region. Without this header, time-sensitive features may not return consistent
results, and the request may fail validation.
Authentication in the Lending Workflow
Authentication underpins all borrower verification and data access activities in AcuView. Once authenticated, you can search for borrowers by SSN and email, retrieve the latest borrower report, and review mismatches, recency indicators, health checks, and application analytics.
The authenticated session ensures that all actions are performed under the correct merchant account and that access remains secure, consistent, and aligned with your organization’s operational policies.
Secure Handling of Sensitive Data
AcuView masks sensitive identifiers such as SSNs and bank account numbers, even for authenticated users. Tokens give you access to borrower intelligence, but they do not expose raw identity details. Authentication works alongside AcuView’s masking standards to ensure data privacy and compliance while still allowing you to make well-informed decisions based on verified and normalized borrower attributes.
Updating Borrower Verification During a Session
Borrower data can change quickly as applicants submit multiple loan requests across different lenders. Each authenticated API call returns the most current verification results, mismatches, and recency analytics. Because tokens are valid only for the duration of an authenticated session, you can retrieve up-to-date borrower intelligence securely based on the borrower’s most recent activity.
This real-time refresh helps ensure that verification results and borrower insights reflect the latest available information during an active session.
Testing Authentication and Verifying Integration
During implementation, developers can authenticate against a test environment to validate login flows, token usage, and permission behavior. Simulated borrower records allow teams to ensure that their applications handle expired tokens, incorrect credentials, insufficient permissions, and role-based restrictions correctly. This testing ensures that production integrations behave reliably and securely once the system goes live.
Next Steps After Authentication
After establishing a valid session, you can begin creating loan records, verifying borrower identity and bank information, checking borrower history, and managing loan activity within AcuView. Authentication serves as the starting point for all workflows, ensuring that access remains secure, consistent, and aligned with your organization’s operational policies.