Getting Started

Register for an Account

Create an Application

  • To create an application, Sign In. Your Dashboard page opens.
  • If you’ve been given a Partner Product Access Code, enter it in the provided field to gain access to a Partner Product that’s not publicly available.
  • Name  your application in the provided field and add an optional description, then click Next.
  • Select the API Products you want to include in your application. Click add.  Your app will appear on its own App Page where you can manage everything from a centralized location.

Experiment in Sandbox

  • After you’ve created your application then you can access Sandbox Credentials from the App Page.
  • On the app page, you can either use the Auto-Generated Access Token or manually generate one using the Client ID and Client Secret with the each product’s located under the added API Products. 
  • Call the APIs using the Access Token in the sandbox environment.
  • You have the flexibility to invite and manage collaborators for each of your applications. 

Promote to Test

  • When you’re ready to promote your app to the test environment, click the Test tab in the Credentials & Details panel on your app page.
  • Enter and manage whitelist IPs at any point - until you go live.
  • Select your targeted Go Live date and submit your request.
  • Your request and app details will be sent to the Equifax® product teams for review.  Typically, approval takes less than 48 hours. 
  • As soon as one or more API Products are approved, you’ll be notified by email and Test Credentials will be available on the app page. You can then use those credentials to call any/all approved APIs in the Test environment.

Go Live

  • After you’ve fully tested your app, just go through similar steps as performed in Test. 
  • Our team will review your app one more time. 
  • After approval, new Production credentials will be available in the Live tab of your app page.
  • Then you can validate your integration and call the API.
Roles & Permissions

Users within the developer portal are defined by roles which align with access privileges.

Role Definition Access & Privilegies
Account Owner
(or App Owner)
Every user/role within the portal must have an account which is created using a unique, non-personal, validated email address. View Public Products
Access Partner Products if applicable
Access Private Products if applicable
Access Product Documentation and API Reference
Create an App
Add Products to App
Remove Products from App
Invite & Manage Collaborators
Access Sandbox Credentials
Add & Manage IP Whitelists
Request Tier Promotion of App
Use Test/Live Credentials for Approved APIs

 

Collaborator A Collaborator is invited to read-only access an Application along the tier promotion journey. View Public Products
“Read-Only” Access to Invited Application
Access Product Documentation and API Reference to invited Partner and Private Products
Access Sandbox Credentials
Use Test/Live Credentials for Approved APIs
Equifax Product Owner API Products on the developer portal are owned and managed by Equifax Product Owner Team Members. Publish Products to Dev Portal
Manage App Owner Tier Promotion Access
Product Types

Our API Products are categorized by types that aligned to specific access privileges and workflows.
Public Products are exposed to existing and prospective customer users. 
Partner Products are made available to specific Equifax customers, strategic partners, or connectors.

  • A named or branded product configured for one or more specific customers.
  • A customized solution developed for a specific customer.
  • Solutions developed for a specific group of customers. For example, a migration solution.

Private Products are available only to internal Equifax users and developers.

Product Documentation

Each product has corresponding documentation which consists of Product Overview content, an API Reference and Additional API Documents (if applicable). 
Access to product documentation is based on product type:

  • Public Products: Available to all users regardless of login status.
  • Partner Products: Available to specific account owners who have a Partner Product Access Code.
  • Private Products: Available only to specific internal Equifax users.

Product Overview

The Product Overview helps users understand “Why should I use this product? What’s the value?” The content is made up of a basic description, top 3 benefits, key features and use cases for each product. 

API Reference

The API Reference, also known as the Technical Specification, provides users with an understanding of “How the Product works and how to integrate.”

To access an API Reference, select the API Product via the API Product Page and click the API Reference Tab next to Overview.

Additional API Documents

If an API product has additional documents (for example, FAQs, Getting Started procedures, sequencing documents, etc.), an additional tab becomes available next to the API Reference tab after sign in.

Security Standards

Authorization

Equifax uses OAuth 2.0, an industry-standard protocol that allows Equifax to grant permission for access to our products and services without sharing unique credentials with a third party. The protocol defines a process that allows limited access to resources hosted by web-based services accessed over HTTP. Tokens assigned to authenticated clients are required to access all protected resources.

OAuth 2.0 Grant Type

The type of access called “OAuth 2.0 grant type” used for Equifax APIs is client credentials – here the username and password are not required. Rather, you obtain the Access Token by providing only the client_id, client_secret, and the scope.

Setting up OAuth 2.0 requires getting credentials, requesting an Access Token, and accessing protected resources.

Client ID and Client Secret

When you Create an App, Equifax assigns a Client ID and Client Secret per environment for the API Products you want to access. You can manage these credentials on each of your App Pages. Our authorization server authenticates your application by verifying the supplied Client ID and Client Secret, so please keep these credentials safe.

Access Token

You must make a POST call to the token endpoint of the Authorization Server to generate an Access Token. Credentials and other parameters must be passed depending on the Authorization Server supported by your app’s connected APIs.

Access tokens are mapped to your credentials and determine your authorization to call the approved APIs you connected to your app. To call APIs in an environment, you must obtain a token from that environment.

Access protected resources:
All requests you make to Equifax APIs must contain a valid Access Token. Requests with invalid tokens will be denied access to the resource with the API, returning HTTP 401 status code.

Environments

We support multiple environments for all our APIs to help you:

  • Innovate without constraints.
  • Develop production ready applications.
  • Meet compliance needs.

Access requirements

You must have an approved set of API credentials (Client ID and Client Secret) for an environment to access it. This can be done by creating an app and adding APIs then promoting the app to each environment.

NOTE: The Base URLs listed for each of the environments below are API endpoints, not web endpoints.

Sandbox

  • Base URL: https://api.sandbox.equifax.ca
  • Monetization: You don’t incur any cost for testing the API in the Sandbox environment.
  • Usage constraints: Currently there are no constraints.

Test

  • Base URL: https://api.uat.equifax.ca
  • Monetization: You don’t incur any cost for testing the API in the UAT / Test environment.
  • Usage constraints: There are no usage constraints applied to our test APIs.

Live

  • Base URL: https://api.equifax.ca
  • Additional security: Apart from valid API credentials, production APIs can only be accessed from whitelisted IP Addresses.
  • Monetization: This varies according to the API product. Please contact your Equifax representative.
  • Usage constraints: Please contact your Equifax sales representative.
Versioning

Equifax supports explicit versioning of API contracts. We use the major version numbering scheme, which involves easily detectable patterns such as V1 or V2 in path segments to distinguish URIs by their version. For example, POST https://api.equifax.ca/namespace/v1/resource.

Backward incompatible changes to API contracts results in the release of a new version. While we track backward compatible changes, these changes do not alter existing API contracts. Instead, they result in new interfaces or modify internal implementation of an API to provide new behavior without impacting existing behavior.

As a consumer of Equifax APIs, you should create your application expecting that the following changes might occur without notification:

  • Addition of a new optional parameter to the URI.
  • Addition of new optional data elements to the request body.
  • APIs may return “redirection” http response code (301, 302) instead of the documented code for a method.
  • Addition of fields in the response bodies.
  • Rate limits applied to an API may change dynamically and may result in the API returning http status code 429.
  • APIs or their parameters and fields may be immediately deprecated for security reasons. Otherwise, Equifax will provide reasonable notice of deprecations.