Connect API - KBA

Connect your users via KBA auth flow

Before getting started

As you look to integrate with the Connect API, please note that you will be responsible for displaying the Spinwheel End User Agreement, along with capturing consent to proceed with a connection to the platform. This Connect API will trigger an OTP via SMS with an expiration. This is necessary to ensure that the user is still run through the proper confirmation checks, and validity scoring functions that Spinwheel performs natively within the Drop-in Modules.


We have designed this API to enable flexibility and customization to the process, all while ensuring we can securely connect users with the highest connection rates. The process of connecting users is broken out into the following key steps as noted below.

The steps are as follows:

  1. Send a connect request via a POST to /v1/users/connect/kba with the end user's phone number, date of birth, and a unique extUserId which represents that user in your system.
  2. Upon the submission of the information at the first step and a match with the submitted user, you will return a series of KBA questions that will require the user's input/answers
  3. The user's answers are submitted back to Spinwheel via /v1/users/{userId}/connect/kba
  4. Once the answers are sent, Spinwheel will verify and provide the status back of the newly connected user.
  5. If you are looking to pull a user's liability information, you will need to call to order a credit report via /v1/users/{userId}/creditReports/order
  6. Listen to the USER_LIABILITIES_CONNECTED webhook to know when the user's credit report has been successfully connected

As with the Drop-in Modules, the connected users will have their information pulled in to their user object which can be accessed from the /v1/users endpoint.

What’s Next

GET your user details!