Creating and Managing Users

Users represent a borrower and are the root object on the Onbo platform. Users can have multiple credit applications and active credit products attached to them. In general, multiple Users should not be created for the same underlying person or borrower. Onbo won't allow more than one User to be created with the same social security number. For more information about the User object and related API calls, see the Users section of the API reference.

Encrypting sensitive data

To protect the social security number (SSN) of your users, Onbo's API requires that the SSN is first encrypted. The ssn field of the /users POST call accepts an AES encrypted (CBC Mode) string of the user's SSN.

The snippet below provides an example of how to encrypt the SSN using your Onbo API secret.

function encrypt(YOUR_SECRET_KEY, ssn) {
  const iv = CryptoJS.lib.WordArray.random(16);
  return iv.concat(
    CryptoJS.AES.encrypt(
      CryptoJS.enc.Utf8.parse(`${encodeURI(ssn)}`),
      CryptoJS.enc.Utf8.parse(YOUR_SECRET_KEY.split('-').join('')),
      { iv: iv }
    ).ciphertext
  ).toString(CryptoJS.enc.Base64);
}

Passing a user's credit report or Plaid asset report

In order to use Onbo's decisioning engine for credit applications, you'll need to share one of the following items with us:

1. Credit report: a record of the borrower's credit repayments from one of the three bureaus

2. Plaid asset report: a snapshot of the borrower's bank account statements. For more information, check out Plaid's asset reports page

A user's report needs to be shared with Onbo prior to creating the credit application, either via the Create User or Update User method. Because these reports are large and complex, they need to be gzipped with base 64 encoding or the API call will fail.