Application decisioning
MPLs perform due diligence for every loan request they receive. An application can be submitted to the Preapproval API whether or not it has been approved or denied. If it hasn’t yet been approved, MPLs can revise the loan application later after a decision was reached, approved, or denied (this includes rejected applications), in accordance with the Fair Lending law.
IMPORTANT To access the links below you must have the following IP addresses allowlisted:
Sandbox - 66.206.202.39 , 66.206.202.12
Production -66.206.202.62 , 66.206.202.15
- API scope for sandbox is: CosLending:PreApproval:stg
API | Description |
POST /applications/approve | Post an application marked as approved |
POST/preapproval/v2/applications/{id}/attachments | Post file attachments to an existing application |
POST /applications/deny | Post an application marked as denied, with a declination object attached |
POST /application | Post an application without the decisioning |
POST /applications/{id}/approve | Update an existing application to approved status |
POST /applications/{id}/deny | Update an existing application to denied status |
PATCH /applications/{id} | Update the content of a certain object within the application. |
Notes:
- During implementation, Cross River (CR) and the MPL may agree on additional fields to be passed to CR based on the MPL's unique operating model.
- During implementation, CR and the MPL may also agree on the content of the data using the Data Dictionary Monday board. Questions on specific fields should be posted there. If you don't yet have access, contact your Relationship Manager (RM).
- Data types and schemas are available directly in Swagger, which is the "source of truth".
- MPLs should send in their Final Decision using either POST /approve or POST /deny.
- The rules that run when sending in the PreApproval API, are informational. They do not change the status of the application automatically.
When posting an application using the Preapproval API, Cross River checks the data against a set of regulatory rules and returns the rule results in the API response. The rules run on the Post /Application call (known in the Postman collection as non-decisioned). The rules will run on POST /applications/approve as well. The response body includes rule results in the ruleSetResults object, which includes information about the rule and the data used when running the rule. If one of the rules fails on Preapproval, you can assume it will also fail in Arix.
- Currently, there are no webhooks in preapproval.
- The results of the rules are returned synchronously in the response.
- Cross River Ops cannot manually override the result of a rule in pre-approval.
- Pre-approval rules do not alter the status of an application in pre-approval sent in by an MPL.
The following is an example of a ruleSetResults object that contains the CR Internal List Rule.
The Data Dictionary is presented to each MPL during the onboarding process. The content to be sent will be agreed upon between CR and the MPL before launch. If you can't access the Data Dictionary, contact your RM.
Use this API to send in a unique application that hasn't been submitted already, and mark it as approved. This is the preferred method for sending in an approved application.
- For applications that were approved, but not accepted, you should use this API and mark AcceptedByCustomer as false.
- For applications that were approved and accepted by the customer, you should use this API and mark AcceptedByCustomer as true.
The API returns a unique ID that represents this application in our system.
If the decision changes afterwards, you can update it using POST /applications/{ID}/deny.
Use this API to send in a unique application that hasn't been submitted already, and mark it as denied. This is the preferred method of sending in an application that has a final status of denied. For denied applications, an ApplicationDeniedRequest Object containing the reasons for denial, must be sent in along with the application information.
The API returns a unique ID that represents this application in our system. If the decision changes afterwards, you can update it using POST /applications/{ID}/approve.
Use this API to send in a unique application that hasn't been submitted already, and where a decision hasn't yet been made yet about the loan application. We do not recommend this method of sending in applications unless you have a special use case that requires it.
The API returns a unique ID that represents this application in our system.
When a decision is made, you can update it using POST /applications/{id}/deny, POST /applications/{id}/approve, and update any fields that need updating using PATCH /applications/{id}.
Use this API to update a value or add a key value inside an application that has already been submitted so that it can be marked as approved. Certain values that are required for approved will need to be added before changing an application to approved.
IMPORTANT
- We currently only support the add operation, which is used to add a key/ value. If the key already exists, the add operation will replace the value.
- Unlike our other Preapproval APIs, Patch does not validate fields sent in and will always receive a 200. Use our UI to check your changes.
The example below will change the investor's name to "John Smith". If the investor's name was not previously submitted, this will add the name.
See here for more information about Patch.
Use this API to approve an application that has already been submitted. If the application is missing any required fields for an approved application, first use PATCH to add the missing data.
This API only marks the application as approved and does not update other information.
- No Body is used in this call.
- Use PATCH to update application information.
Use this API to mark as denied an application that has already been submitted.
An ApplicationDeniedRequest Object containing the reasons for denial and other denial information must be submitted along with the application information.
IMPORTANT Deprecated: CSV File to SFTP folder
For partners who onboarded before 2021, you should continue dropping application tapes into the SFTP folder until you're ready to migrate to API.
- The file format is .csv.
- Naming convention: MplId_ApplicationTape_yyyymmdd.csv, where yyyymmdd is the date of file generation.
- Data in the report should be for prior-day applications.
- If a loan changes status (such as from denied to funded), you should include the updated loan record in the tape with the UpdatedFlag. The flag indicates that this record updates a previous credit decision for this loan.
This new preapproval API allows you to upload supporting files associated with an application and further improves our compliance practices.
IMPORTANT The zip file should contain the complete document package. This includes:
- The loan agreement
- AAN
- Credit report
- Relevant documents or responses from vendors used to decision the application according to your credit underwriting policy as well as your BSA-AML processes
- Any data point used as input to your model
For a list of acceptable attachment naming conventions, please refer to Supporting loan documents
The API is available in the latest Postman collection and in the Swagger documentation.