Credential Management

Overview

Partner integration users often need to be authenticated and authorized with the Partner's system to order services for the subject loan. To provide a uniform experience for users, EPC can seamlessly manage user and client/company-level credentials on behalf of a Partner application, in the same way keychain-access works on MacOS and iOS.

When a Lender on-boards an application to be used by their organization, they can configure company-level credentials that are leveraged by all users in their organization, as well as assign individual credentials to users or groups of users. The specific requirements a Partner application may have for the credential sets to authenticate a Lending enterprise and its users, can be defined as part of the product's configuration, as we will illustrate in this section.

When a user interacts with a Partner application, EPC makes the company-level credentials and that user's assigned user-level credentials available to the application in both the origin and transaction request request - via the following REST API endpoints:

GET https://api.elliemae.com/partner/v2/origins/:id
GET https://api.elliemae.com/partner/v2/transactions/:id

If credentials have not been configured, or have been received but are invalid, the application can leverage EPC's JavaScript API to prompt the user to reconcile the situation and update their credentials.

Leveraging this feature:

Step 1: Defining your Application's Credential Requirements

Step 2: Delegating Credentials to your Test User

Step 3: Receiving Credentials during Transaction Origination/Fulfillment

Step 4: Reconciling Missing/Invalid Credentials