Authentications

How Authentication Works

Authentication in AcuCheck establishes a secure access layer for all the platform operations involving customer financial data and report generation. It ensures that only authenticated users and systems can initiate customer onboarding, request financial reports, retrieve report results, and perform debt-to-income (DTI) evaluations.

All secured AcuCheck functionalities are gated behind the authentication. Requests that are not associated with an authenticated session are rejected by the platform.

Establishing an Authenticated Session

An authenticated session in AcuCheck is created when valid credentials are submitted to the authentication service. Authentication is performed using the login endpoint POST/api/v1/auth/login, which validates the credentials and issues an access token upon successful authentication.

The access token represents the authenticated identity and establishes the security context for all subsequent interactions with the AcuCheck platform.

Using the Access Token

Once issued, the access token must be included with all secured AcuCheck API requests. The token authorizes key operations such as creating customers, submitting report requests, retrieving report data, and accessing DTI-related outcomes.

Each access token is valid for 15 minutes from the time of issuance. During this window, all authorized actions must be performed within the same authenticated session.

By enforcing token validation across secured endpoints and applying a defined expiration period, AcuCheck ensures controlled access, minimizes the risk of unauthorized usage, and maintains secure session boundaries for all API interactions.

Validating an Active Session

AcuCheck provides a mechanism to validate whether an authenticated session remains active. The session status endpoint GET /api/v1/auth/status can be used to confirm that the access token is still valid and associated with an authenticated user or system.

Session validation supports long-running or multi-step workflows by allowing clients to confirm authentication state before performing secured actions.

Authentication Scope Across Platform Workflows

Authentication is enforced consistently across all AcuCheck workflows. An authenticated session is required to perform actions across customer management, financial report generation, report retrieval, and DTI evaluation.

This unified authentication model ensures that financial data access and report outcomes are always tied to an authenticated identity and can be audited reliably.

Secure Access to Customer Financial Data

Authentication plays a central role in protecting sensitive customer financial information within AcuCheck. Only authenticated sessions are permitted to access secured endpoints that expose customer details, transaction summaries, report data, and DTI outcomes.

Authentication works in combination with platform permissions to restrict data access based on organizational roles and responsibilities.

Session Continuity During Financial Assessment

Authenticated sessions in AcuCheck support continuous workflows that span multiple actions, such as customer creation followed by report requests and result retrieval. As long as the session remains valid, users and systems can continue interacting with the platform without re-authenticating.

This allows financial assessment workflows to proceed smoothly while maintaining consistent security controls.

Next Steps After Authentication

Once the authentication is established, users and systems can proceed to perform all the secured AcuCheck operations, including managing customers, requesting financial reports, and reviewing DTI outcomes. Permission enforcement and report workflows are described in the sections that follow.