Download OpenAPI specification:Download
Yardstik is a modern platform offering a mix of screening, fraud, and compliance products designed to help you vet candidates ASAP. Our REST API utilizes predictable, resource-oriented URLs which are authenticated via a single API key and leverage JSON in all responses.
For more about Yardstik, visit yardstik.com. If you're ready to start your integration, reach out to support@yardstik.com to speak with our Enterprise Solutions team.
To start ordering reports with Yardstik, follow these steps
Our Enterprise Solutions team will work with you to create your accounts (one on our staging environment and one on production). For platforms, we'll also guide you through your subaccount setup. In order to credential your accounts, we'll need a few key pieces of information from you:
Legal Business Information
The full legal name of your business and EIN as they appear on your government registration documents
Account Owner Contact Info
The first/last name and email address for the person who'll be managing your Yardstik account
Permissible Purpose
As a consumer reporting agency in the United States, Yardstik is regulated by federal, state, and local levels of government, primarily by the Fair Credit Reporting Act (FCRA). When requesting a consumer report on an individual, the FCRA requires that we collect from you a "permissible purpose", which is just a fancy way of saying: you need to have a specific, legally-protected reason for ordering consumer reports.
Here are some examples
Desired Screenings
Based on the types of screenings you'd like to run on your candidates, our team will create the appropriate Packages for your account.
Once you're up and running, you'll have access to the Yardstik API as well as the admin features at app.yardstik.com where you can use developer tools, manage reports, view metrics, etc.
Once your staging and production accounts have been created, you'll have access to the Developer Tools section in Yardstik. You'll need to create an API key in each of your accounts, which you'll use to authenticate your requests in each environment. Make sure to store your full API key somewhere secure (like a password manager). For security reasons, the only time you'll see the full key displayed in Yardstik is right after you create it.
Remember, anyone with access to your API keys can make API calls on your behalf. Therefore, we recommend these best practices to keep your API keys safe
If you believe your API key has been compromised, create a new API key and switch over to using that one, then delete your compromised API key.
Yardstik uses HTTP API key authentication. To authenticate, include your API key in the header of all your API requests using the format "Account {API_KEY}" (with the word "Account" preceding your API key).
curl -X GET https://api.yardstik.com/accounts \
-H 'Authorization: Account [YOUR_API_KEY]' \
-H 'Accept: application/json'
[
{
"id": "cc0df11d-a502-47ec-8aa1-ba0738030ca7",
"account_name": "Global Dynamics",
"first_name": "Nathan",
"last_name": "Stark",
"email_address": "nathan.stark@globaldynamics.com",
"url": "https://www.globaldynamics.com",
"tech_email_address": "it@globaldynamics.com",
"support_email_address": "support@globaldynamics.com",
"support_phone": "541-555-4376",
"actions_email_address": "hr@globaldynamics.com",
"compliance_email_address": "hr@globaldynamics.com",
"logo": "https://vignette.wikia.nocookie.net/eureka/images/d/dd/Global_dynamics.jpg",
...
},
...
]
If you're seeing a similar response, you're authenticated and can make requests to our API.
Reports are the main resource you'll care about. They contain the findings for each candidate, whether you're running a background check, identity verification, or a more specialized screening like Social Media. That being said, there are some other resources which need to be in place before you can order a report.
Candidates
First off, you'll need to create a candidate with whom you'll associate the report. This is the person whose information we'll use when we run the report.
Packages
Based on your business requirements, our team will choose the appropriate screenings and group them into packages for your account. Each time you order a report, you'll specify a package; this will determine the candidate information required for that report. For example, if you want to run a report with a package that includes a Motor Vehicle Record screening, we'll need the candidate's Driver's License Number and State.
Reports With Invitations
If you'd like Yardstik to invite your candidate to fill out their information in Yardstik's UI, create an invitation and we'll automatically create a corresponding report to go with it. Based on the package you specify, we'll generate a form where the candidate will fill out all the information required to run their report. Their invitation will include a link to their unique form.
Reports Without Invitations
If you don't need Yardstik to send an invitation because you've embedded Yardstik's UI and you'd like your candidate to fill out their information as part of your in-app workflow, you can skip the invitation call and create a report instead. Once the report is created, you can grab the apply
url from the metadata in the response and serve that up in your embedded view.
Alternatively, if you'd like to provide all the candidate information yourself (rather than asking the candidate to fill it in), you can create a report with the parameter account_candidate_consented: true
. In your API call, you'll need to send along all the information required to run the report, based on the package you specify. To order reports this way, you'll need this feature enabled for your account. Your organization will assume full legal responsibility for collecting the FCRA disclosure and consent agreements from each candidate.
Sample Redirect Flow
To create a candidate, collect the candidate's information and POST
it to our /candidates route. We'll return a candidate ID. Using the candidate id
along with your account id
and one of your package id
s, POST
this data to the /reports endpoint to order a new report. This will return the apply
url in the metadata, which you can use to direct the candidate to their unique intake form.
Once the candidate fills out the form and submits disclosures, the report will begin processing.
Yardstik uses webhooks to publish events any time certain situations occur. You can subscribe to receive those events, allowing your application to react in real time.
To subscribe, use the Webhooks tool to register your URL to receive POST
requests for your desired event type. Repeat for each event type you'd like to listen for.
Webhook event types | Publishes an event each time this occurs in your account |
---|---|
candidate.created | a candidate is successfully created |
candidate.updated | a candidate is updated, e.g. name has changed |
candidate.deleted | a candidate is deleted |
candidate.consented | a candidate submits signed legal docs, including consent to a background check |
candidate.paid | a candidate successfully completes payment (only applies in scenarios where the candidate is responsible to pay for their report) |
transaction.created | a payment transaction is created |
transaction.updated | a payment transaction is updated |
transaction.deleted | a payment transaction is deleted |
invitation.created | an invitation (and its corresponding report) is successfully created |
invitation.updated | an invitation to a report is updated, e.g. an expired invitation is refreshed |
invitation.deleted | an invitation to a report is deleted |
report.created | a report is successfully created |
report.updated | a report is updated, e.g. the report status has changed Note: this is likely the most important event type to listen for, as it sends lots of important updates about each report |
report.completed | a report reaches one of the "done" statuses Note: if you don't want to be notified of every report update, but you want to know when each report is completed, you can listen for this event type instead of report.updated |
report.submitted | a report is submitted (the candidate provides all required data) |
report.deleted | a report is deleted |
monitor.created | a monitor is created |
monitor.updated | a monitor is updated |
monitor.deleted | a monitor is deleted |
monitor_record.created | a monitor returns a new record about one of your candidates |
monitor_record.updated | a monitor record is updated |
monitor_record.deleted | a record a monitor returned about one of your candidates is deleted |
account.updated | your account is updated |
sub_account.active | a subaccount is activated by the Yardstik team |
Here's some more info about the Webhooks resource
Using Webhook Signing, you can ensure that requests sent to your application are from Yardstik and have not been tampered with. You should use the webhook signature to avoid processing requests that are not from Yardstik and to protect your application from bad actors.
To enable webhook signatures, create an API key named WEBHOOK_SIGNATURE
(see: Get Your API Keys). Make sure you copy the API key to a safe location before closing the modal, as it will not be visible again later. Yardstik will automatically use your WEBHOOK_SIGNATURE
API key to sign the webhook payload using an SHA-256 HMAC hex digest. For platform accounts and any subaccounts, each one will each need their own WEBHOOK_SIGNATURE
API key in order to receive the signature.
You'll use this API Key to generate your own HMAC hash against the payload you recieved to verify that
The HMAC hash value that Yardstik uses to sign your webhook will be included in the headers of the request as: x-yardstik-webhook-signature
You'll use theWEBHOOK_SIGNATURE
API key to generate an HMAC hash of the body
of the request and validate the authenticity of that webhook.
If the value of x-yardstik-webhook-signature
is: a1342d29ce3b28c4416482f64a3e8b9f452a22755646d7ca9a553e654676b693
Then your app should also calculate the value as: a1342d29ce3b28c4416482f64a3e8b9f452a22755646d7ca9a553e654676b693
As long as those two values are equal, you should accept the request. If they differ, your application should reject the webhook and stop processing.
A verification function can be used to validate the HMAC-SHA256
value using a crypto library of your choice, such as the Node.js crypto
module. The function should calculate a hash using your WEBHOOK_SIGNATURE
API key, and ensure that the result matches the hash sent by Yardstik.
This is a simple Node.js example showcasing how to validate webhook signatures using Crypto libraries behind an Express server
const crypto = require('crypto');
const express = require('express');
const app = express();
const port = 3000;
app.use(express.json());
app.post('/', (req, res) => {
const SIGNATURE = req.get('x-yardstik-webhook-signature');
const BODY = req.body;
console.log(BODY);
const HASH = crypto.createHmac('sha256', process.env.WEBHOOK_SIGNATURE).update(JSON.stringify(BODY)).digest('hex');
console.log(`This is the x-yardstik-webhook-signature: ` + SIGNATURE);
console.log(`This is your application's calculated hash: ` + HASH);
// Respond with a 200, if you do not respond with a success code Yardstik will retry the request.
res.sendStatus(200);
})
app.listen(port, () => {
console.log(`Example app listening on port ${port}`)
})
Example app listening on port 3000
{
id: '42eff0e4-9bca-45da-a143-2d4e1e271d88',
event: 'updated',
resource_id: 'efa32155-f8cb-4331-954c-11db22ae773d',
account_id: '16fab437-3ab5-4ee1-8a47-16ab41410a5e',
account_name: 'Example Account',
resource_type: 'report',
resource_url: 'https://api.yardstik.com/reports/efa32155-f8cb-4331-954c-11db22ae773d',
status: 'processing',
timestamp: '2024-07-10T18:56:44Z'
}
This is the x-yardstik-webhook-signature: a1342d29ce3b28c4416482f64a3e8b9f452a22755646d7ca9a553e654676b693
This is your application's calculated hash: a1342d29ce3b28c4416482f64a3e8b9f452a22755646d7ca9a553e654676b693
The function above uses an environment variable name WEBHOOK_SIGNATURE
that contains the API key you created.
The app will extract the body
from the request sent to the /
endpoint and use the Node.js crypto library and your API key to create its own hex digest that should match the header included in the request.
Using a tool like ngrok, you can start this locally and receive calls from our API to your dev workstation to verify that webhook signing is working. Note: Ask your security team before running port forwarding applications that expose your app to the internet!
Additional sample webhook responses, POST bodies, and more are available in the Webhooks resource section.
If your webhook signature has been lost or compromised, you can decommission it in Yardstik and create a new one. Here are some best practices for keeping your keys safe. If your webhook signature isn't working, don't hesitate to reach out to support@yardstik.com.
candidate.created
WebhookRegister a webhook for the candidate.created
event type using the Create Webhook Route. This webhook will be triggered when a new candidate is created.
candidate.created
Webhook Response{
"id": "a87b1e1a-e9aa-4929-9f30-ad1f9b481a8c",
"url": "https://www.yourcompany.com/webhooks/candidate_created",
"webhook_type": "candidate.created"
}
candidate.created
Webhook POST
body{
"id": "dcd9a3db-d885-4695-8a92-5556126000c5",
"event": "created",
"resource_id": "67cae505-0bac-4eaf-a255-95421d04e303",
"account_id": "e829bc40-89eb-4054-94e3-7e826373f8ec",
"account_name": "Venture Industries",
"resource_type": "candidate",
"resource_url": "https://api.yardstik.com/candidates/67cae505-0bac-4eaf-a255-95421d04e303"
}
Now that the webhook was triggered, you should receive the response body presented above. You can use this to get the candidate ID from the resource_url
key.
report.created
WebhookLet's say you also want to be notified each time a report is created. To do so, you can register for the report.created
event type.
report.created
Webhook Requestcurl -X POST https://api.yardstik.com/accounts/[YOUR_ACCOUNT_ID]/webhooks \
-H 'Authorization: Account [YOUR_API_KEY]' \
-H 'Accept: application/json'
-H 'Content-Type: application/json' \
--data-raw '{
"webhook_type_id": "48a9b600-e7ff-4039-bcb2-04cddab97ba8",
"url": "https://www.yourcompany.com/webhooks/report_created"
}'
Again, you would create a webhook for report.created
.
report.created
Webhook Response{
"id": "89ade71a-e9aa-4929-9f30-ad1f93245abf",
"url": "https://www.yourcompany.com/webhooks/report_created",
"enabled": true,
"webhook_type": "report.created",
"webhook_description": "A report has been created."
}
And once a report is created, you will be sent this
report.created
Webhook POST
body{
"id": "e7331072-7865-4dca-9cd2-1643656a84c7",
"event": "created",
"resource_id": "e7e0b119-7714-44a2-900e-9b98a4e5b1c6",
"account_id": "e829bc40-89eb-4054-94e3-7e826373f8ec",
"account_name": "Venture Industries",
"resource_type": "report",
"resource_url": "https://api.yardstik.com/reports/e7e0b119-7714-44a2-900e-9b98a4e5b1c6"
}
From creation to completion, each report has the potential to go down a few different paths. The best way to know the current state of any given report is by checking its status. If you've opted to use an invitation with your report, the invitation also has a status. The happiest path is when no records are found on the candidate and the report sails through to a clear
status. But since that's not always the case, we want to help you understand what else can happen.
Status | Description |
---|---|
invite_sent | The invitation sent successfully, but the candidate hasn't taken action yet |
viewed | The candidate viewed the invitation, but hasn't clicked through to the form yet |
clicked | The candidate clicked the invitation link, but hasn't completed the intake form |
completed | The candidate submitted the intake form and the report will begin processing |
canceled | The invitation (and its corresponding report) was canceled, preventing the candidate from accessing the form |
expired | The invitation expired, preventing the candidate from accessing the form |
Here's some more info about the Invitations resource
There are many different statuses a candidate's report can be in. Here, we've grouped the statuses to illustrate what they mean in relation to the report's progress. The detailed descriptions of each status are below.
Not Started | Moving Along | Paused | Action Needed | Done |
---|---|---|---|---|
Created Expired |
Queued Processing Pending Pre-Adverse Approved To Process |
Info Requested Dispute Pending Approval YS QA Review Exception |
Consider | Clear Proceed Final Adverse Canceled Pass Fail |
Status | Description |
---|---|
created | The report was successfully created and is ready to receive candidate information/consent |
expired | The report was created, but didn't receive candidate information/consent before its invitation's expiration date. An expired report can be reopened by refreshing its invitation. For more about expiration and how to customize, see Invitations. |
queued | The report is waiting for the next screening to start processing |
processing | Our verifications team is processing the report |
pending | We're waiting on a response from a third party (e.g. a court runner is retrieving records for a County Criminal check) |
pre_adverse | In response to the report being in consider status, one of your admins decided to kick off the Adverse Action process |
approved_to_process | On reports where the candidate is a minor, this indicates that their guardian provided consent for us to process their report |
info_requested | The candidate information we received wasn't sufficient to run the report. We've asked the candidate to provide the information we need and are waiting for their response. |
dispute | The candidate has filed a dispute regarding the accuracy or completeness of the results in their report. Our verifications team is investigating. |
pending_approval | On reports where the candidate is a minor, this indicates that we're waiting for their guardian to provide consent for us to process the report |
ys_qa_review | If you've opted for us to manage the Adverse Action process for you, this indicates that results have been added to the report which may disqualify the candidate. Our verifications team is reviewing and will decide next steps based on your adjudication matrix. |
exception | There is an issue with the report data (e.g. SSN is incorrect) that is preventing the report from processing. Our verifications team will contact the candidate for the correct information. |
consider | Results have been added to the report which may disqualify the candidate. One of your admins needs to review and decide whether to set the report to proceed or kick off the Adverse Action process. |
clear | The report has finished processing and no disqualifying results were found |
proceed | In response to the report being in consider status, one of your admins decided to set the report to proceed , indicating that the results found do not disqualify the candidate |
final_adverse | The Adverse Action process is complete and it has been determined that the results found disqualify the candidate |
canceled | The report was canceled and no decision has been made about the candidate. No additional activity will occur on this report. |
pass | On reports where there are exclusively pass/fail outcomes (e.g. reports with Identity Verification and no additional screenings), pass indicates a positive "done" state |
fail | On reports where there are exclusively pass/fail outcomes (e.g. reports with Identity Verification and no additional screenings), fail indicates a negative "done" state |
Here's some more info about the Reports resource
Consolidating data from several sources into a report is a complex process that can sometimes lead to unintended discrepancies between the collected information and what the consumer (i.e. candidate) knows or believes to be true. This is why the FCRA provides consumers a mechanism to dispute inaccuracies. As a consumer reporting agency, Yardsik has an obligation to provide accurate reports. When a candidate logs a dispute, we take action right away to determine whether the dispute is frivolous or if a correction to the report is necessary. We take this obligation seriously and have established internal processes to appropriately investigate, respond to, and resolve disputes in a timely manner. No action from you is needed during the dispute process.
When our findings include results which may disqualify the candidate, we set the report status to consider
. This gives your organization the opportunity to review the report and decide whether the candidate will proceed
in your process or not. If you determine that they've been disqualified, create an adverse action (via the Yardstik UI or API) and specify which violations factored into your decision. This will set the report status to pre-adverse
and kick off the FCRA-required legal process called "Adverse Action".
Adverse Action offers the candidate the opportunity to understand exactly which results disqualified them. When the adverse action is created, Yardstik will send the candidate an email containing all the FCRA-required information, including the violations you specified. The candidate will then have a set number of days (based on your account notifications setting) during which they may respond to you and provide additional information about themselves for you to consider. If you have your own process for completing an "individualized assessment", you'll want to complete that within this timeframe. The minimum number of days prescribed by the FCRA is 7, but you can set it higher.
If you change your mind during this time, you can cancel the adverse action (via the Yardstik UI or API), which will automatically move the report to the next stage. If you take no action, when the timeframe elapses the report will automatically be completed with a final adverse
status and Yardstik will notify the candidate as such.
Here's some more info about the Adverse Actions resource
violations
parameter is required?In the response of the Get a Report Route, you'll have the adverse_action_settings
key. Within is the mandatory_selection_of_violations
key, which tells you whether or not you need to select violations when creating a new adverse action (most often, you do).
adverse_action_settings: {
"mandatory_selection_of_violations": true
}
In the response of the Get a Report Route, you'll have the report_screenings
key, which is an array. For each report screening, you'll have an array of records
, and inside each record
you'll have an array of violations
. (A record may not have violations. For example, a clear
report probably won't have any violations.)
For each violation, you'll have a description
and possibly a disposition
and disposition_date
.
You can map all the violations and select the ones you want to use for the adverse action.
{
"id": "2ee83662-ea17-4233-95b9-288ee3fcb9ff",
"reference_id": null,
"candidate_id": "66bdcd96-adf8-4b8a-b599-ea0040a11b79",
"status": "consider",
"response_status": null,
"submitted_at": "2021-04-26T22:33:18.269Z",
"completed_at": "2021-04-30T15:44:24.333Z",
"created_at": "2021-04-26T21:51:06.880Z",
"decision": "",
"usage_amount": null,
"process_sequentially": true,
"created_by": "cool_email@yardstik.com",
"permissible_purpose": {
"id": "a2c00755-b57e-40e1-9876-2c5640ce53be",
"name": "Employment",
"configurations": { "initial_status": "pre_adverse" }
}
},
"candidate": {
"id": "66bdcd96-adf8-4b8a-b599-ea0040a11b79",
"full_name": "John Clean",
"email": "cool_email@yardstik.com",
"phone_masked": null,
"date_of_birth_masked": "#######-12",
"ssn_masked": null,
"driver_license_number_masked": null,
"full_address": {
"address": "Mineapolis",
"zip_code": "12345",
"city": "Mineapolis",
"state": "MN"
},
},
"account_id": "d210dcdd-c9d4-4ced-a594-8402cb6a2ab4",
"account_name": "Account Name",
"report_url": null,
"adverse_action_id": null,
"report_screenings": [
{
"id": "e11b7d00-9b55-4879-8f6e-c3859f16347d",
"type": "Criminal",
"label": "CountyCriminal",
"name": "CountyCriminal",
"status": "consider",
"order": 0,
"decision": "Consider",
"response_status": "ready",
"created_at": "2021-04-26T22:33:18.218Z",
"report_url": "",
"elapsed_timing": "1 week",
"records": [
{
"category": {
"key": "County",
"value": "NY-NYOCA"
},
"messages": [],
"violations": [],
"personal_data": {},
"other_information": {
"jurisdiction": "NY-NYOCA",
"pending_notes": null
}
}
],
"comments": []
},
{
"id": "c6851635-9ce4-47ce-a246-531fbe36aac0",
"type": "Criminal",
"label": "StateCriminalCourt",
"name": "StateCriminalCourt",
"status": "consider",
"order": 0,
"decision": "Consider",
"response_status": "ready",
"created_at": "2021-04-26T22:33:18.228Z",
"report_url": "",
"elapsed_timing": "1 week",
"records": [
{
"category": {
"key": "State",
"value": "NEW YORK"
},
"messages": [],
"violations": [
{
"comments": null,
"sentence": "24 Months Or Pretrial Intervention Next Court Date 01/01/2021",
"file_date": "2021-03-20",
"case_number": "ABCDEFG",
"description": "Felony",
"disposition": "Court: Pre Trial Intervention",
"jurisdiction": "NEW YORK",
"offense_date": null,
"count_offense": "1. Possession Of Schedule 4 Substance",
"dob_on_record": "XXXX-04-01",
"ssn_on_record": null,
"name_on_record": "MESS, HANK",
"disposition_date": "2021-03-20"
},
{
"description": "This one Has Only the description",
}
],
"personal_data": {},
"other_information": {
"jurisdiction": "NEW YORK",
"pending_notes": null
}
},
{
"category": {
"key": "State",
"value": "MINNESOTA"
},
"messages": [],
"violations": [
{
"comments": null,
"sentence": "24 Months Or Pretrial Intervention Next Court Date 10/08/2015",
"file_date": "2014-08-20",
"case_number": "POIUYTREWQ",
"description": "Felony",
"disposition": "Court: Pre Trial Intervention",
"jurisdiction": "MINNESOTA",
"offense_date": null,
"count_offense": "1. Possession Of Schedule 4 Substance",
"dob_on_record": "XXXX-04-01",
"ssn_on_record": null,
"name_on_record": "MESS, HANK",
"disposition_date": "2015-09-18"
},
{
"comments": null,
"sentence": "24 Months Or Pretrial Intervention Next Court Date 10/08/2015",
"file_date": "2014-08-20",
"case_number": "502008CF012155YXYXMB",
"description": "Felony",
"disposition": "Court: Pre Trial Intervention",
"jurisdiction": "MINNESOTA",
"offense_date": null,
"count_offense": "2. Possession Of Schedule 2 Substance",
"dob_on_record": "XXXX-04-01",
"ssn_on_record": null,
"name_on_record": "MESS, HANK",
"disposition_date": "2014-09-18"
},
...
],
"personal_data": {},
"other_information": {
"jurisdiction": "MINNESOTA",
"pending_notes": null
}
}
],
"comments": []
}
],
"report_screenings_total": 2,
"report_screenings_completed": 2,
"elapsed_timing": "4 days",
"package_name": "State Criminal Court",
"comments": [],
"course": {
"has_courses": false,
"courses_completed": false
},
"meta": {
"entity": "https://app.yardstik.com/reports/1234....",
"apply": "https://profile.yardstik.com/candidates/1234
},
"adverse_action_settings": {
"mandatory_selection_of_violations": false
}
}
If you're going to be operating as a platform account in Yardstik (where your customers will have their own Yardstik subaccounts "underneath" yours and they'll be the ones ordering reports), this section is for you. To manage subaccounts, you'll need this feature enabled for your account.
As a platform account, in your Yardstik account settings, you can add your logo and brand colors, which will alter the look of Yardstik for your subaccount admins.
Just like your own account, when you create a subaccount to represent one of your customers, you'll need to specify a permissible purpose and at least one package. Your subaccounts must use a subset of the permissible purposes and packages associated with your platform account. You'll also need to provide the credentialing information highlighted in the Get Your Accounts section.
Permissible Purposes
To see a list of your platform account's permissible purposes, check the Get Account Route. The response body will have an array of permissible_purposes
with an id for each. When you create a subaccount, you'll provide the permissible_purpose_id
for each permissible purpose you want the subaccount to be able to use.
Packages
Similarly, to see a list of your platform account's packages, check the Get Packages Route. The response body will have an array of account_packages
with an id for each. When you create a subaccount, you'll provide an account_packages
array with the id
for each package you want the subaccount to be able to use. This will automatically create those packages within the subaccount, using the same configurations as the platform account.
Inside the account_packages
array, your objects must follow this format:
account
or candidate
(if not provided, this will inherit the platform account package's setting) Note: if set to candidate
, the candidate will be asked to provide their credit card information in a payment form. Their report won't start processing until we've successfully received their payment.How to provide the account_packages
parameter
"account_packages": [
{
"id": "the UUID of one of the platform account packages",
"name": "the name of the subaccount package",
"paid_by": "candidate"
},
{
"id": "the UUID of one of the platform account packages",
"name": "if not provided, will inherit the platform account package's name",
"paid_by": "account"
}
]
Subaccount Owner
The subaccount owner will be set based on the email_address
you provide when you create the subaccount. The owner will be responsible for signing legal documents and completing their subaccount setup in Yardstik.
Here's some more info about the Subaccounts Resource
Once the subaccount is created, Yardstik will send an email to the subaccount owner with a link to sign into Yardstik, where they'll be prompted to create their user account and sign applicable legal documents. Our onboarding team will review everything, and once it all looks good, they'll mark the subaccount credentialed
. We'll notify the subaccount owner that they now have full access to Yardstik and can complete any additional setup, e.g. adding their brand settings, customizing their notifications, and inviting additional admin users.
Note: The API key generated when the subaccount is created won't be active until the subaccount is credentialed
. Once the API key is active, you can use it to manage Yardstik resources via the API. To get notified when your subaccounts become credentialed
, subscribe to the sub_account.active
webhook event type.
sub_account.active
Webhook Requestcurl -X POST https://api.yardstik.com/accounts/[YOUR_ACCOUNT_ID]/webhooks \
-H 'Authorization: Account [YOUR_API_KEY]' \
-H 'Accept: application/json'
-H 'Content-Type: application/json' \
--data-raw '{
"webhook_type_id": "48a9b600-e7ff-4039-bcb2-04cddab97ba8",
"url": "https://www.yourcompany.com/webhooks/sub_account_active"
}'
sub_account.active
Webhook Response{
"id": "89ade71a-e9aa-4929-9f30-ad1f93245abf",
"url": "https://www.yourcompany.com/webhooks/report_completed",
"enabled": true,
"webhook_type": "sub_account.active",
"webhook_description": "A subaccount has been activated by Yardstik support."
}
sub_account.active
Webhook POST
body{
"id": "ca64ad1a-2018-41c4-b369-dd5c3c1581dc",
"event": "active",
"resource_id": "21e2830c-b886-4234-a31d-5fa316069b21",
"account_id": "e829bc40-89eb-4054-943-7e826373f8ec",
"account_name": "Venture Capital",
"resource_type": "sub_account",
"resource_url": "https://api.yardstik.com/accounts/21e2830c-b88e-42e-a5ed-5e316069b21"
}
All top-level API resources have support for bulk fetches via list
API methods. Yardstik uses page-based
pagination via the page
and per_page
parameters. For example, you can list invitations, candidates, and reports.
curl -X GET https://api.yardstik.com/invitations?page=2&per_page=25 \
-H 'Authorization: Account [YOUR_API_KEY]' \
-H 'Accept: application/json'
list
API Request ParametersParameter | Description |
---|---|
page |
The page number to retrieve. type: integer default: 1
|
per_page |
The number of records per page. type: integer default: 50 minimum: 1 maximum: 200
|
The page
parameter determines which page of results will be returned in the response, and defaults to 1
if not
set or set to an invalid type. If the value of page
exceeds the total_number of pages available, the response will include an empty data array.
The per_page
parameter determines the maximum number of results included in each response. The maximum value
allowed is 200, with a default value of 50.
per_page
value, the response will include all available resources.per_page
value is an invalid type, the default value of 50 is used.list
API Response Structure{
"object": "list",
"meta": {
"page": 2,
"per_page": 25,
"total_count": 137,
"total_pages": 6
},
"data": [
{
"object": "invitation",
"id": "18e00b78-e620-4ecf-a01a-eb810f1b6751",
... additional response attributes based on resource schema
},
{
"object": "invitation",
"id": "d0102680-e2de-4af8-9034-f88ccb4ad267",
... additional response attributes based on resource schema
},
... additional resources in the page
]
}
The standard response for all top-level list
API requests will include at least these attributes
Attribute | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
object |
The type of object returned. type: string default: "list"
|
||||||||||
meta |
Metadata associated with the response. Attributes:
|
||||||||||
data |
An array of the requested resources. type: array Notes: May be an empty array [] if no resources are available. |
For all listing endpoints, we support a filtering query param called query
that allows you to pass a field name and a matcher to use to filter the results down a specific set. We
also support two query params called order_by
and order
that let you pass the field name you want to order by, and the direction you want the results ordered. When combined with
Pagination, this allows you to build a custom UI for listing out resources.
Parameter | Description |
---|---|
query |
Field name to filter on. type: string |
curl -g -X GET \
'https://api.yardstik.com/reports?query[created_at_lt]=2022-01-01' \
-H 'Authorization: Account [YOUR_API_KEY]' \
-H 'Accept: application/json'
curl -g -X GET \
'https://api.yardstik.com/reports?query[updated_at_gteq]=2022-01-01T00:00:00.000Z'
-H 'Authorization: Account [YOUR_API_KEY]' \
-H 'Accept: application/json'
curl -g -X GET \
'https://api.yardstik.com/reports?query[created_at_lt]=2021-04-01&query[created_at_gt]=2021-03-23' \
-H 'Authorization: Account [YOUR_API_KEY]' \
-H 'Accept: application/json'
Predicates | Description | Notes |
---|---|---|
*_eq |
Equal |
query[status_eq]=created Individual check, to do multiple see *_in
|
*_not_eq |
Not equal |
query[status_not_eq]=created Individual check, to do multiple see *_not_in |
*_lt |
Less than | query[created_at_lt]=2022-01-01 |
*_lteq |
Less than or equal to | query[created_at_lteq]=2022-01-01 |
*_gt |
Greater than | query[created_at_gt]=2022-01-01 |
*_gteq |
Greater than or equal to | query[created_at_gteq]=2022-01-01 |
*_null |
Is null | query[completed_at_null]=true |
*_not_null |
Is not null | query[completed_at_not_null]=true |
*_in |
Match any value in array | query[status_in][]=clear&query[status_in][]=consider |
*_not_in |
Match none of the values in array | query[status_not_in][]=clear&query[status_not_in][]=consider |
*_start |
Starts with | query[status_start]=con |
*_not_start |
Does not start with | query[status_not_start]=con |
*_end |
Ends with | query[status_end]=sider |
*_not_end |
Does not end with | query[status_not_end]=sider |
*_cont |
Contains | query[status_cont]=con |
*_not_cont |
Does not contain | query[status_not_cont]=con |
*_true |
Is true | query[active_true]=true |
*_false |
Is false | query[active_false]=true |
Parameter | Description |
---|---|
order_by |
Field name to sort on. type: string |
order |
Specifies the direction to sort. Accepts asc and desc . Defaults to asc when not passedtype: string |
created_at
in default ascending order (oldest first)curl -g -X GET \
'https://api.yardstik.com/reports?order_by=created_at
-H 'Authorization: Account [YOUR_API_KEY]' \
-H 'Accept: application/json'
updated_at
in descending order (newest first)curl -g -X GET \
'https://api.yardstik.com/reports?order_by=updated_at&order=desc
-H 'Authorization: Account [YOUR_API_KEY]' \
-H 'Accept: application/json'
You can use pagination, querying and ordering all on the same call to fully control the results.
This will get all reports created between March 23, 2021 and April 1, 2021 and order them by the created_at
field with newest first while limiting the results to 20 per page.
curl -g -X GET \
'https://api.yardstik.com/reports?query[created_at_lt]=2021-04-01&query[created_at_gt]=2021-03-23&order_by=created_at&order=desc&page=1&per_page=20' \
-H 'Authorization: Account [YOUR_API_KEY]' \
-H 'Accept: application/json'
We return a number of standard HTTP errors. Below are some of the most common errors that you may run into while developing.
Status | Definition |
---|---|
400 | Bad Request |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
422 | Unprocessable Entity |
500 | Internal Server Error |
Below are the status codes with more information on what could have occurred.
The server cannot process the request. This error is most likely due to malformed request syntax.
400
Bad Request
The request is valid, but you are unable to execute the request. This error is most likely due to the API key not having the necessary permissions, or a prohibited action is attempted, such as creating a duplicate record where one already exists.
403
Forbidden
The requested resource could not be found but may be available in the future. This error is often encountered when an id
that does not exist is passed in a request. If you encounter this error, ensure that you are referencing the correct id
and that it exists in your account.
404
Not Found
{
{
"title": "Report Not Found",
"detail": "The report was not found",
"meta": {
"report_id": "INVALID_REPORT_ID"
},
"src": {},
"status": 404
}
}
The request was well-formed, but was unable to be processed due to semantic errors. This error is most likely due to including invalid data in POST
, PATCH
, and PUT
requests. Refer to the request documentation to ensure you are supplying the required attributes, and that the attribute types are correct.
422
Unprocessable Entity
Unprocessable Entity
{- "title": "Resource not updated",
- "detail": "There was a problem updating this resource.",
- "meta": { },
- "src": { },
- "status": 422
}
An internal server error occurred due to an unexpected condition, and is most likely due to an issue with our servers. If you encounter such an error, please reach out to support@yardstik.com and we will work with you to resolve the issue.
code: 500
status: Internal Server Error
Yardstik has published a public npm library for utilizing Yardstik embeddable views https://www.npmjs.com/package/@yardstik/embeddable-sdk
You can also check out this quick start demo example of how it all works https://github.com/yardstik/embeddable-sdk-demo
The Yardstik embeddable-sdk library is available as an npm package.
with npm
npm i @yardstik/embeddable-sdk
with yarn
yarn add @yardstik/embeddable-sdk
Here is a quick example to get you started:
import { Yardstik } from '@yardstik/embeddable-sdk';
Each available page view is a separate method on the exported Yardstik library object. The currently supported views are as follows:
To create an instance of the desired view, which will be attached to a specified container on your page, call the applicable method and pass in the configuration object.
const yardstikReport = new Yardstik.CandidateReportIframe(
{
token: myToken,
reportId: myReportId,
container: containerRef.current,
domain: myDomain
}
);
The config object for the CandidateReportIframe takes the following parameters:
token: string
- JWT for authorization
reportId: string
- The ID of the report that you would like to review
container: HTMLElement
- Container to which the iframe will be attached
domain: string
- Yardstik domain that you would like to call
width?: string
- Optional width of the iframe
height?: string
- Optional height of the iframe
fullScreen?: boolean
- Optional, if true, iframe will fill the entire page
The config object for the AccountDisclosureIframe takes the following parameters:
token: string
- JWT for authorization
accountId: string
- The ID of the account that you would like to review
container: HTMLElement
- Container to which the iframe will be attached
domain: string
- Yardstik domain that you would like to call
width?: string
- Optional width of the iframe
height?: string
- Optional height of the iframe
fullScreen?: boolean
- Optional, if true, iframe will fill the entire page
To obtain a JWT to include in the config object (from your backend), make a request to the JWT Route using your API token for authorization.
In order to allow the parent to take action, each iframe view is set up to post certain message events to the parent page in which it is contained.
loaded
: Each iframe instance will post a 'loaded' message event when the iframe content has fully loaded. The parent page could listen for this event to trigger an action, such as rendering the iframe visible or turning off a loading animation.
yardstikReport.on('loaded', () => {
console.log("The iframe is ready.");
setIframeReady(true)
;})
expiration
: Each iframe instance will post an 'expiration' message event when the authorization token has expired. The parent can listen for this event to trigger an action, such as requesting a new JWT from your backend to refresh the session or instructing the user to refresh the page, so that a new token is generated.
yardstikReport.on('expiration', () => {
console.log("The JWT has expired.");
setTokenExpired(true);
})
Accounts are your primary resource for configuring the Yardstik platform. Use this to manage users, settings, and API keys.
List all accounts that you have access to.
OK
Bad Request
Unauthorized
Forbidden
Not Found
[- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "account_name": "string",
- "first_name": "string",
- "last_name": "string",
- "email_address": "user@example.com",
- "url": "string",
- "tech_email_address": "user@example.com",
- "support_email_address": "user@example.com",
- "support_phone": "string",
- "compliance_email_address": "user@example.com",
- "actions_email_address": "user@example.com",
- "configurations": {
- "client_app": {
- "disable_invite_button": true
}, - "sub_accounts": {
- "receive_webhooks": true
}, - "managed_adverse_action": "string",
- "allow_candidate_consented": "string"
}, - "features": {
- "view:reports": true,
- "create:reports": true,
- "view:candidates": true,
- "view:invitations": true,
- "create:api_tokens": true,
- "create:candidates": true,
- "create:web_tokens": true,
- "create:invitations": true,
- "create:sub_accounts": true,
- "create:account_webhooks": true
}, - "company_phone_number": "string",
- "additional_company_info": "string",
- "owner_title": "string",
- "legal_business_name": "string",
- "state_of_incorporation": "string",
- "ein": "string",
- "legal_entity_type": "string",
- "billing_contact_first_name": "string",
- "billing_contact_last_name": "string",
- "billing_email": "string",
- "address": {
- "id": "string",
- "line1": "string",
- "line2": "string",
- "city": "string",
- "state": "st",
- "zip_code": "strin",
- "current": true
}, - "logo": "string",
- "meta": {
- "entity": "string"
}, - "permissible_purposes": [
- {
- "id": "string",
- "name": "string",
- "default": "string",
- "required_signed_documents": "string",
- "signed_documents": "string"
}
]
}
]
Generate a new API key.
Created
Unauthorized
Forbidden
Not Found
Unprocessable Entity
{ }
{- "id": "70adc786-904b-4954-9adb-0ede9f949c62",
- "api_token": "c6b6e55f-5b3a-479a-9ea8-d95d13856c7d",
- "name": "Checking x",
- "header": "Authorization: User c6b6e55f-5b3a-479a-9ea8-d95d13856c7d"
}
Account settings for a given account ID.
OK
Unauthorized
Not Found
{- "styles": {
- "primary_color": "FFCD01",
- "secondary_color": "FFCD02",
- "navigation": {
- "primary_color": "FFCD01",
- "secondary_color": "FFCD02",
- "accent_color": "8E17BF"
}, - "invitation": {
- "primary_color": "FFCD01"
}
}, - "invitations": {
- "expiration_in_days": 7
}, - "adverse_actions": {
- "final_adverse_notification_days": 7
}, - "reports": {
- "create_delay_for_same_account_package": 30
}, - "report_notifications": {
- "clear": true,
- "consider": true
}
}
Get a single account setting for the given account ID and setting key.
OK
Unauthorized
Not Found
{- "primary_color": "FFCD01",
- "secondary_color": "FFCD01"
}
Update an account setting for the given account ID and setting key.
OK
Bad Request
Unauthorized
Forbidden
Not Found
Unprocessable Entity
{- "primary_color": "FFCD01"
}
{ }
Account details.
OK
Created
Bad Request
Unauthorized
Not Found
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "account_name": "string",
- "first_name": "string",
- "last_name": "string",
- "email_address": "user@example.com",
- "url": "string",
- "tech_email_address": "user@example.com",
- "support_email_address": "user@example.com",
- "support_phone": "string",
- "compliance_email_address": "user@example.com",
- "actions_email_address": "user@example.com",
- "configurations": {
- "client_app": {
- "disable_invite_button": true
}, - "sub_accounts": {
- "receive_webhooks": true
}, - "managed_adverse_action": "string",
- "allow_candidate_consented": "string"
}, - "features": {
- "view:reports": true,
- "create:reports": true,
- "view:candidates": true,
- "view:invitations": true,
- "create:api_tokens": true,
- "create:candidates": true,
- "create:web_tokens": true,
- "create:invitations": true,
- "create:sub_accounts": true,
- "create:account_webhooks": true
}, - "company_phone_number": "string",
- "additional_company_info": "string",
- "owner_title": "string",
- "legal_business_name": "string",
- "state_of_incorporation": "string",
- "ein": "string",
- "legal_entity_type": "string",
- "billing_contact_first_name": "string",
- "billing_contact_last_name": "string",
- "billing_email": "string",
- "address": {
- "id": "string",
- "line1": "string",
- "line2": "string",
- "city": "string",
- "state": "st",
- "zip_code": "strin",
- "current": true
}, - "logo": "string",
- "meta": {
- "entity": "string"
}, - "permissible_purposes": [
- {
- "id": "string",
- "name": "string",
- "default": "string",
- "required_signed_documents": "string",
- "signed_documents": "string"
}
]
}
Subaccounts are children of a platform account, and can be used to isolate resources and configuration settings. For a more detailed explanation, check out the Platforms and Subaccounts section.
Retrieve a paginated list of all subaccounts that belong to your platform account. See Pagination.
List of subaccounts
Bad Request
Unauthorized
Forbidden
Not Found
{- "object": "list",
- "meta": {
- "page": 2,
- "per_page": 25,
- "total_count": 137,
- "total_pages": 6
}, - "data": [
- [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "account_name": "string",
- "first_name": "string",
- "last_name": "string",
- "owner_email": "user@example.com",
- "email_address": "user@example.com",
- "url": "string",
- "tech_email_address": "user@example.com",
- "support_email_address": "user@example.com",
- "status": "string"
}
]
]
}
From your platform account, create a subaccount.
You'll need to provide at least one permissible purpose. You may also provide the account_packages information from your platform account. For a more detailed explanation, check out the Platforms and Subaccounts section.
Upon creating a new subaccount you will get a 201 Created
response.
If you send another POST with the same account_name
it will refresh the API token and return 200 OK
with the existing account details.
To make any further updates to the new subaccount, use the new API key from that account and call the PATCH Accounts route.
account_name required | string Name of the subaccount. |
Array of objects The account packages that will be created for the subaccount. If this field and the permissible_purpose_ids are provided together, the permissible purpose from the account packages provided should be included in the permissible_purpose_ids. | |
actions_email_address | string Actions email address of the subaccount. |
additional_company_info | string Any extra information that you want to provide. |
required | object |
billing_contact_first_name | string The first name of the billing contact. |
billing_contact_last_name | string The last name of the billing contact. |
billing_email | string The email of the billing contact. |
company_phone_number | string This is for our business verification purposes and will not be included on candidate communication. Must be E.164 format, e.g. +14155552671. |
compliance_email_address | string Compliance email address of the subaccount. |
create_api_key | boolean If |
ein | string |
email_address required | string Email address of the subaccount owner. This person will be responsible for signing the subaccount's legal documents during credentialing. |
first_name required | string First name of the subaccount owner. |
last_name required | string Last name of the subaccount owner. |
legal_business_name | string The account legal business name. |
legal_entity_type | string The type of the legal entity, valid options: |
owner_title | string The title of the owner of the account. |
permissible_purpose_id | string <UUID> The unique identifier for the subaccount permissible purpose. This field is not required when the account packages or permissible_purpose_ids are provided. |
permissible_purpose_ids | Array of strings <UUID> The unique identifiers for the subaccount permissible purposes. If this field and the account packages are provided they should match the account packages permissible purposes. |
state_of_incorporation | string |
support_email_address | string Support email address of the subaccount. |
support_phone | string Support phone number of the subaccount. Must be E.164 format, e.g. +14155552671. |
tech_email_address | string Tech email address of the subaccount. |
url | string Relevant URL for subaccount. |
Account already exists
Created
Bad Request
Unauthorized
Not Found
Unprocessable Entity
{- "email_address": "string",
- "account_name": "string",
- "first_name": "string",
- "last_name": "string",
- "address": { }
}
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "account_name": "string",
- "first_name": "string",
- "last_name": "string",
- "owner_email": "user@example.com",
- "email_address": "user@example.com",
- "url": "string",
- "tech_email_address": "user@example.com",
- "support_email_address": "user@example.com",
- "support_phone": "string",
- "compliance_email_address": "user@example.com",
- "actions_email_address": "user@example.com",
- "address": {
- "id": "string",
- "line1": "string",
- "line2": "string",
- "city": "string",
- "state": "st",
- "zip_code": "strin",
- "current": true
}, - "logo": "string",
- "meta": {
- "entity": "string"
}, - "permissible_purposes": [
- {
- "id": "string",
- "name": "string",
- "default": "string",
- "required_signed_documents": "string",
- "signed_documents": "string"
}
], - "api_tokens": [
- {
- "id": "string",
- "name": "string",
- "token": "string",
- "created_at": "string"
}
]
}
You can get the details of any subaccount that belongs to your platform account.
OK
Bad Request
Unauthorized
Not Found
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "account_name": "string",
- "first_name": "string",
- "last_name": "string",
- "email_address": "user@example.com",
- "url": "string",
- "tech_email_address": "user@example.com",
- "support_email_address": "user@example.com",
- "support_phone": "string",
- "compliance_email_address": "user@example.com",
- "actions_email_address": "user@example.com",
- "configurations": {
- "client_app": {
- "disable_invite_button": true
}, - "sub_accounts": {
- "receive_webhooks": true
}, - "managed_adverse_action": "string",
- "allow_candidate_consented": "string"
}, - "features": {
- "view:reports": true,
- "create:reports": true,
- "view:candidates": true,
- "view:invitations": true,
- "create:api_tokens": true,
- "create:candidates": true,
- "create:web_tokens": true,
- "create:invitations": true,
- "create:sub_accounts": true,
- "create:account_webhooks": true
}, - "company_phone_number": "string",
- "additional_company_info": "string",
- "owner_title": "string",
- "legal_business_name": "string",
- "state_of_incorporation": "string",
- "ein": "string",
- "legal_entity_type": "string",
- "billing_contact_first_name": "string",
- "billing_contact_last_name": "string",
- "billing_email": "string",
- "address": {
- "id": "string",
- "line1": "string",
- "line2": "string",
- "city": "string",
- "state": "st",
- "zip_code": "strin",
- "current": true
}, - "logo": "string",
- "meta": {
- "entity": "string"
}, - "permissible_purposes": [
- {
- "id": "string",
- "name": "string",
- "default": "string",
- "required_signed_documents": "string",
- "signed_documents": "string"
}
]
}
Packages are collections of background screens, searches, and verifications used to create a report.
Returns a list of available account packages for an account using the API token.
This list will be refreshed as new account packages are added or old ones are removed.
Use id
from each package to order new reports or create invitations.
DO NOT USE package_id
to order a report, this is a reference ID to the parent package in our database and is only to be used by Yardstik. Make sure you're always using the id
instead, which is scoped to your account.
Defaults to listing all report packages. To get monitor packages, use the query param query[action_type_eq]=monitor
OK
Bad Request
Unauthorized
Forbidden
Not Found
[- {
- "id": "6b9f20bf-f2ff-45a4-916a-4112f4502c72",
- "package_id": "04689d9c-a3c8-4b96-9662-53d972f14122",
- "package": "Gold Standard 2",
- "name": "test",
- "package_system_name": "covid_screening",
- "action_type": "monitor",
- "screenings": [
- {
- "id": "3957b063-dcc8-4745-8300-dbd01a76f65d",
- "name": "MVR",
- "label": "MVR",
- "screening_type": "MVR",
- "intake_fields": [
- {
- "name": "driver_license_number",
- "type": "string",
- "label": "Driver License Number",
- "required": true
}
]
}
], - "intake_fields": [
- {
- "name": "first_name",
- "type": "string",
- "label": "First Name",
- "required": true
}, - {
- "name": "middle_name",
- "type": "string",
- "label": "Last Name",
- "required": false
}, - {
- "name": "last_name",
- "type": "string",
- "label": "Last Name",
- "required": true
}
]
}, - {
- "id": "835086c3-3a41-41a5-8b97-f3406c424d76",
- "package_id": "269a6069-5bd7-4b90-ae9b-ecdee7055daf",
- "package": "Basic",
- "name": "test",
- "package_system_name": "covid_screening",
- "action_type": "monitor",
- "screenings": [
- {
- "id": "3957b063-dcc8-4745-8300-dbd01a76f65d",
- "name": "CovidScreening",
- "label": "Covid Screening",
- "screening_type": "Certificate Verification",
- "intake_fields": [
- {
- "name": "certificate_number",
- "type": "string",
- "label": "Certificate Number",
- "required": true
}
]
}
], - "intake_fields": [
- {
- "name": "first_name",
- "type": "string",
- "label": "First Name",
- "required": true
}, - {
- "name": "middle_name",
- "type": "string",
- "label": "Last Name",
- "required": false
}, - {
- "name": "last_name",
- "type": "string",
- "label": "Last Name",
- "required": true
}
]
}
]
You can add custom fields to resources in an account. To begin leveraging candidate custom fields please reach out to support@yardstik.com for field setup.
Retrieve a paginated list of Account Custom Fields. See Pagination.
List of Account Custom Fields
Unauthorized
Not Found
{- "meta": {
- "page": 2,
- "per_page": 25,
- "total_count": 137,
- "total_pages": 6
}, - "data": [
- {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "name": "string",
- "label": "string",
- "description": "string",
- "value": "string",
- "custom_field_type": "string",
- "resource": "Candidate",
- "enabled": true
}
]
}
Candidates represent the people you'll be running reports on. All candidates must consent to the required legal documents before the report can begin processing. Use this resource to collect all Personally Identifiable Information (PII) required to order a report or invite the candidate.
Retrieve a paginated list of candidates. See Pagination.
List of candidates
Unauthorized
Not Found
{- "object": "list",
- "meta": {
- "page": 2,
- "per_page": 25,
- "total_count": 137,
- "total_pages": 6
}, - "data": [
- {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "object": "candidate",
- "first_name": "string",
- "middle_name": "string",
- "no_middle_name": true,
- "last_name": "string",
- "email": "joe.clean@example.com",
- "phone": "+14155552671",
- "ssn_masked": "string",
- "date_of_birth": "2019-08-24T14:15:22Z",
- "gender": "string",
- "driver_license_number": "string",
- "driver_license_state": "string",
- "previous_driver_license_number": "string",
- "previous_driver_license_state": "string",
- "evergreen": "string",
- "external_id": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "meta": {
- "entity": "string",
- "create_report": "string"
}, - "addresses": {
- "object": "list",
- "data": [
- {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "object": "address",
- "line1": "string",
- "line2": "string",
- "city": "string",
- "state": "string",
- "zip_code": "string",
- "country": "string"
}
]
}, - "custom_fields": [
- {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "name": "string",
- "label": "string",
- "description": "string",
- "value": "string",
- "type": "string"
}
]
}
]
}
A candidate is the person whose information we'll use when you order a report. As far as providing their information to Yardstik, you have a couple of options.
If you plan to create an invitation or have the candidate enter their information in an embedded Yardstik view, you only need to provide the strictly required attributes when you create the candidate
Based on the package, the candidate will be presented with a form to enter the rest of the information needed to run their report. If you have additional candidate information, feel free to provide it. We’ll autofill it into the candidate’s form, saving them time.
If you have all of the candidate's information on-hand, you can provide it to Yardstik directly. The information required for each package will differ somewhat, so we recommend that you reference the intake_fields
array on the list all packages response for the package you plan to use. Provide the required intake fields when you create the candidate. Some of the most commonly required candidate-level intake fields are
Some packages additionally require screening-level fields (a separate intake_fields
array within the screenings
object on the same response), which you can send when you create the report. If any of the required intake fields are missing when you create a report with account_candidate_consented: true
, we’ll invite the candidate to enter the missing information themselves.
Array of objects The addresses of the candidate. | |
object (CustomFieldsCreateOrUpdate) Custom fields must be passed in an object in key-value format Example:
| |
date_of_birth | string or null <date-time> The date of birth of the candidate. |
driver_license_number | string or null The drivers license number of the candidate. |
driver_license_state | string or null The state the candidates drivers license is issued by as ISO 3166-2 two letter code. |
email required | string The email address of the candidate. |
external_id | string or null This field you can use to store any identifier that you could track back on your application. |
first_name required | string The first name of the candidate. |
gender | string or null The gender of the candidate. |
last_name required | string The last name of the candidate. |
object Relevant links for a candidate | |
middle_name | string or null The middle name of the candidate. |
no_middle_name | boolean or null True if candidate has no middle name, otherwise False or null.. |
phone | string or null The primary SMS capable phone number of the candidate. |
previous_driver_license_number | string or null The previous drivers license number of the candidate. |
previous_driver_license_state | string or null The state the candidates previous drivers license is issued by as ISO 3166-2 two letter code. |
ssn | string The social security number of the candidate. |
Candidate already exists.
Candidate was created successfully.
Unauthorized
Not Found
Unprocessable Entity
{ }
{- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "object": "candidate",
- "first_name": "string",
- "middle_name": "string",
- "no_middle_name": true,
- "last_name": "string",
- "email": "joe.clean@example.com",
- "phone": "+14155552671",
- "ssn_masked": "string",
- "date_of_birth": "2019-08-24T14:15:22Z",
- "gender": "string",
- "driver_license_number": "string",
- "driver_license_state": "string",
- "previous_driver_license_number": "string",
- "previous_driver_license_state": "string",
- "evergreen": "string",
- "external_id": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "meta": {
- "entity": "string",
- "create_report": "string"
}, - "addresses": {
- "object": "list",
- "data": [
- {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "object": "address",
- "line1": "string",
- "line2": "string",
- "city": "string",
- "state": "string",
- "zip_code": "string",
- "country": "string"
}
]
}, - "custom_fields": [
- {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "name": "string",
- "label": "string",
- "description": "string",
- "value": "string",
- "type": "string"
}
]
}
Retrieve a candidate with the given ID.
Candidate details.
Unauthorized
Not Found
{- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "object": "candidate",
- "first_name": "string",
- "middle_name": "string",
- "no_middle_name": true,
- "last_name": "string",
- "email": "joe.clean@example.com",
- "phone": "+14155552671",
- "ssn_masked": "string",
- "date_of_birth": "2019-08-24T14:15:22Z",
- "gender": "string",
- "driver_license_number": "string",
- "driver_license_state": "string",
- "previous_driver_license_number": "string",
- "previous_driver_license_state": "string",
- "evergreen": "string",
- "external_id": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "meta": {
- "entity": "string",
- "create_report": "string"
}, - "addresses": {
- "object": "list",
- "data": [
- {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "object": "address",
- "line1": "string",
- "line2": "string",
- "city": "string",
- "state": "string",
- "zip_code": "string",
- "country": "string"
}
]
}, - "custom_fields": [
- {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "name": "string",
- "label": "string",
- "description": "string",
- "value": "string",
- "type": "string"
}
]
}
Update a candidate with the given ID.
Array of objects The addresses of the candidate. | |
object (CustomFieldsCreateOrUpdate) Custom fields must be passed in an object in key-value format Example:
| |
date_of_birth | string or null <date-time> The date of birth of the candidate. |
driver_license_number | string or null The drivers license number of the candidate. |
driver_license_state | string or null The state the candidates drivers license is issued by as ISO 3166-2 two letter code. |
email required | string The email address of the candidate. |
external_id | string or null This field you can use to store any identifier that you could track back on your application. |
first_name required | string The first name of the candidate. |
gender | string or null The gender of the candidate. |
last_name required | string The last name of the candidate. |
object Relevant links for a candidate | |
middle_name | string or null The middle name of the candidate. |
no_middle_name | boolean or null True if candidate has no middle name, otherwise False or null.. |
phone | string or null The primary SMS capable phone number of the candidate. |
previous_driver_license_number | string or null The previous drivers license number of the candidate. |
previous_driver_license_state | string or null The state the candidates previous drivers license is issued by as ISO 3166-2 two letter code. |
ssn | string The social security number of the candidate. |
Candidate details.
Unauthorized
Not Found
Unprocessable Entity
{ }
{- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "object": "candidate",
- "first_name": "string",
- "middle_name": "string",
- "no_middle_name": true,
- "last_name": "string",
- "email": "joe.clean@example.com",
- "phone": "+14155552671",
- "ssn_masked": "string",
- "date_of_birth": "2019-08-24T14:15:22Z",
- "gender": "string",
- "driver_license_number": "string",
- "driver_license_state": "string",
- "previous_driver_license_number": "string",
- "previous_driver_license_state": "string",
- "evergreen": "string",
- "external_id": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "meta": {
- "entity": "string",
- "create_report": "string"
}, - "addresses": {
- "object": "list",
- "data": [
- {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "object": "address",
- "line1": "string",
- "line2": "string",
- "city": "string",
- "state": "string",
- "zip_code": "string",
- "country": "string"
}
]
}, - "custom_fields": [
- {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "name": "string",
- "label": "string",
- "description": "string",
- "value": "string",
- "type": "string"
}
]
}
Permanently delete a candidate's address by the given address id.
Deleted address details.
Unauthorized
Not Found
Unprocessable Entity
{- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "object": "address",
- "line1": "string",
- "line2": "string",
- "city": "string",
- "state": "string",
- "zip_code": "string",
- "country": "string"
}
Retrieve a paginated list of documents for a candidate. See Pagination.
List of documents
Unauthorized
Not Found
{- "object": "list",
- "meta": {
- "page": 2,
- "per_page": 25,
- "total_count": 137,
- "total_pages": 6
}, - "data": [
- {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "filename": "string",
- "content_type": "string",
- "document_type": {
- "name": "string",
- "label": "string"
}, - "url": "string",
- "file_size": 0,
- "created_at": "string",
- "updated_at": "string"
}
]
}
When sending a request to create a document, you can send the file in two different ways.
1. You can send the file
as a binary file using the multipart/form-data
content type.
2. You can send the parameter file_base64
as a base64 encoded string using the application/json
content type.
The file size limit is 10MB.
Create document details.
Unauthorized
Not Found
Unprocessable Entity
{- "document_type": "string",
- "file": "string",
- "file_base64": "string"
}
{- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "filename": "string",
- "content_type": "string",
- "document_type": {
- "name": "string",
- "label": "string"
}, - "url": "string",
- "file_size": 0,
- "created_at": "string",
- "updated_at": "string"
}
Retrieve a candidate document with the given ID.
Document details.
Unauthorized
Not Found
{- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "filename": "string",
- "content_type": "string",
- "document_type": {
- "name": "string",
- "label": "string"
}, - "url": "string",
- "file_size": 0,
- "created_at": "string",
- "updated_at": "string"
}
Proceed a candidate's report that is in a status of consider
. If successful, the report will update to a proceed
status. This is a positive result, indicating that the results found on the report do not disqualify the candidate.
OK
Unauthorized
Not Found
Unprocessable Entity
{- "report_id": "string"
}
{- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "object": "candidate",
- "first_name": "string",
- "middle_name": "string",
- "no_middle_name": true,
- "last_name": "string",
- "email": "joe.clean@example.com",
- "phone": "+14155552671",
- "ssn_masked": "string",
- "date_of_birth": "2019-08-24T14:15:22Z",
- "gender": "string",
- "driver_license_number": "string",
- "driver_license_state": "string",
- "previous_driver_license_number": "string",
- "previous_driver_license_state": "string",
- "evergreen": "string",
- "external_id": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "meta": {
- "entity": "string",
- "create_report": "string"
}, - "addresses": {
- "object": "list",
- "data": [
- {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "object": "address",
- "line1": "string",
- "line2": "string",
- "city": "string",
- "state": "string",
- "zip_code": "string",
- "country": "string"
}
]
}, - "custom_fields": [
- {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "name": "string",
- "label": "string",
- "description": "string",
- "value": "string",
- "type": "string"
}
]
}
Consents are documents that must be signed by the candidate before a report can be generated. Use this resource to retrieve the necessary consents for a given account package and candidate location.
Retrieve the necessary consents for a given account package and candidate location
account_package_id required | any Account package ID. Use |
candidate_location[city] | any City location of the candidate. |
candidate_location[country] | any Country code of the candidate location. If not provided, default value is US. |
candidate_location[state] required | any State location of the candidate. Two-letter state abbreviation. |
Consent details.
Unauthorized
Not Found
[- {
- "id": "string",
- "name": "string",
- "title": "string",
- "url": "string",
- "updated_at": "string",
- "text": "string"
}
]
When an invitation is created, Yardstik will invite the candidate to complete their report (by email and/or SMS depending on your settings). The invitation will include a link to the candidate's unique intake form. When the candidate accesses their form, the information they're required to enter will be defined by the package you chose when you created the invitation. For a broader explanation, see Order Your First Report.
Invitations have their own statuses that can be tracked using the GET
operation.
Note: By default, invitations expire 7 days after they're created, but you can change that timeframe in your Notifications Settings. The changes you make will be applied to new invitations; they won't impact any existing ones.
Retrieve a paginated list of invitations. See Pagination.
List of invitations.
Unauthorized
Not Found
{- "object": "list",
- "meta": {
- "page": 2,
- "per_page": 25,
- "total_count": 137,
- "total_pages": 6
}, - "data": [
- {
- "id": "string",
- "status": "string",
- "external_id": "string",
- "platform_service_id": "string",
- "expires_at": "2019-08-24T14:15:22Z",
- "canceled_at": "2019-08-24T14:15:22Z",
- "confirmation_code": "string",
- "account_id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "account_name": "string",
- "created_at": "string",
- "updated_at": "string",
- "logo": "string",
- "report_urls": [
- "string"
], - "styles": {
- "theme_base": "string",
- "primary_color": "string",
- "bg_image": "string"
}, - "candidate": {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "object": "candidate",
- "first_name": "string",
- "middle_name": "string",
- "no_middle_name": true,
- "last_name": "string",
- "email": "joe.clean@example.com",
- "phone": "+14155552671",
- "ssn_masked": "string",
- "date_of_birth": "2019-08-24T14:15:22Z",
- "gender": "string",
- "driver_license_number": "string",
- "driver_license_state": "string",
- "previous_driver_license_number": "string",
- "previous_driver_license_state": "string",
- "evergreen": "string",
- "external_id": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "meta": {
- "entity": "string",
- "create_report": "string"
}
}, - "account": {
- "account_name": "string",
- "support_email_address": "string",
- "support_phone": "string"
}, - "meta": {
- "entity": "string",
- "apply_url": "string"
}, - "report": {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "status": "string"
}
}
]
}
Creates a new invitation and emails the candidate asking them to complete a report.
account_package_id | string <uuid> Account package ID you want to use for this invitation. Use |
candidate_id | string <uuid> ID of the candidate to invite. |
expires_at | string <date-time> The date when the invitation should expire. If not provided, the expiration date will be calculated based on your account's notification settings. |
Invitation was created successfully.
Unauthorized
Not Found
Unprocessable Entity
{ }
{- "id": "string",
- "status": "string",
- "external_id": "string",
- "platform_service_id": "string",
- "expires_at": "2019-08-24T14:15:22Z",
- "canceled_at": "2019-08-24T14:15:22Z",
- "confirmation_code": "string",
- "account_id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "account_name": "string",
- "created_at": "string",
- "updated_at": "string",
- "logo": "string",
- "report_urls": [
- "string"
], - "styles": {
- "theme_base": "string",
- "primary_color": "string",
- "bg_image": "string"
}, - "candidate": {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "object": "candidate",
- "first_name": "string",
- "middle_name": "string",
- "no_middle_name": true,
- "last_name": "string",
- "email": "joe.clean@example.com",
- "phone": "+14155552671",
- "ssn_masked": "string",
- "date_of_birth": "2019-08-24T14:15:22Z",
- "gender": "string",
- "driver_license_number": "string",
- "driver_license_state": "string",
- "previous_driver_license_number": "string",
- "previous_driver_license_state": "string",
- "evergreen": "string",
- "external_id": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "meta": {
- "entity": "string",
- "create_report": "string"
}
}, - "account": {
- "account_name": "string",
- "support_email_address": "string",
- "support_phone": "string"
}, - "meta": {
- "entity": "string",
- "apply_url": "string"
}, - "report": {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "status": "string"
}
}
Retrieve an invitation with the given ID.
Invitation details.
Unauthorized
Not Found
{- "id": "string",
- "status": "string",
- "external_id": "string",
- "platform_service_id": "string",
- "expires_at": "2019-08-24T14:15:22Z",
- "canceled_at": "2019-08-24T14:15:22Z",
- "confirmation_code": "string",
- "account_id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "account_name": "string",
- "created_at": "string",
- "updated_at": "string",
- "logo": "string",
- "report_urls": [
- "string"
], - "styles": {
- "theme_base": "string",
- "primary_color": "string",
- "bg_image": "string"
}, - "candidate": {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "object": "candidate",
- "first_name": "string",
- "middle_name": "string",
- "no_middle_name": true,
- "last_name": "string",
- "email": "joe.clean@example.com",
- "phone": "+14155552671",
- "ssn_masked": "string",
- "date_of_birth": "2019-08-24T14:15:22Z",
- "gender": "string",
- "driver_license_number": "string",
- "driver_license_state": "string",
- "previous_driver_license_number": "string",
- "previous_driver_license_state": "string",
- "evergreen": "string",
- "external_id": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "meta": {
- "entity": "string",
- "create_report": "string"
}
}, - "account": {
- "account_name": "string",
- "support_email_address": "string",
- "support_phone": "string"
}, - "meta": {
- "entity": "string",
- "apply_url": "string"
}, - "report": {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "status": "string"
}
}
Permanently delete an invitation with the given ID.
No Content.
Unauthorized
Not Found
Unprocessable Entity
{- "errors": [
- "Not Authenticated"
]
}
Cancel an invitation with the given ID..
Invitation successfully canceled.
Unauthorized
Not Found
Unprocessable Entity
{- "id": "string",
- "status": "string",
- "external_id": "string",
- "platform_service_id": "string",
- "expires_at": "2019-08-24T14:15:22Z",
- "canceled_at": "2019-08-24T14:15:22Z",
- "confirmation_code": "string",
- "account_id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "account_name": "string",
- "created_at": "string",
- "updated_at": "string",
- "logo": "string",
- "report_urls": [
- "string"
], - "styles": {
- "theme_base": "string",
- "primary_color": "string",
- "bg_image": "string"
}, - "candidate": {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "object": "candidate",
- "first_name": "string",
- "middle_name": "string",
- "no_middle_name": true,
- "last_name": "string",
- "email": "joe.clean@example.com",
- "phone": "+14155552671",
- "ssn_masked": "string",
- "date_of_birth": "2019-08-24T14:15:22Z",
- "gender": "string",
- "driver_license_number": "string",
- "driver_license_state": "string",
- "previous_driver_license_number": "string",
- "previous_driver_license_state": "string",
- "evergreen": "string",
- "external_id": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "meta": {
- "entity": "string",
- "create_report": "string"
}
}, - "account": {
- "account_name": "string",
- "support_email_address": "string",
- "support_phone": "string"
}, - "meta": {
- "entity": "string",
- "apply_url": "string"
}, - "report": {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "status": "string"
}
}
Refresh an invitation with the given invitation_id
.
Minimum expires_at
date must be 24 hours in the future. There is no maximum.
Can only refresh when the invitation is in expired
or canceled
status.
Invitation successfully refreshed.
Unauthorized
Not Found
Unprocessable Entity
{ }
{- "id": "string",
- "status": "string",
- "external_id": "string",
- "platform_service_id": "string",
- "expires_at": "2019-08-24T14:15:22Z",
- "canceled_at": "2019-08-24T14:15:22Z",
- "confirmation_code": "string",
- "account_id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "account_name": "string",
- "created_at": "string",
- "updated_at": "string",
- "logo": "string",
- "report_urls": [
- "string"
], - "styles": {
- "theme_base": "string",
- "primary_color": "string",
- "bg_image": "string"
}, - "candidate": {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "object": "candidate",
- "first_name": "string",
- "middle_name": "string",
- "no_middle_name": true,
- "last_name": "string",
- "email": "joe.clean@example.com",
- "phone": "+14155552671",
- "ssn_masked": "string",
- "date_of_birth": "2019-08-24T14:15:22Z",
- "gender": "string",
- "driver_license_number": "string",
- "driver_license_state": "string",
- "previous_driver_license_number": "string",
- "previous_driver_license_state": "string",
- "evergreen": "string",
- "external_id": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "meta": {
- "entity": "string",
- "create_report": "string"
}
}, - "account": {
- "account_name": "string",
- "support_email_address": "string",
- "support_phone": "string"
}, - "meta": {
- "entity": "string",
- "apply_url": "string"
}, - "report": {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "status": "string"
}
}
Reports contain the results of all background screens, searches, and verifications defined in the account package that was selected while creating the report. See the Order Your First Report section.
Retrieve a paginated list of reports. See Pagination.
List of reports.
Unauthorized
Unauthorized
{- "object": "list",
- "meta": {
- "page": 2,
- "per_page": 25,
- "total_count": 137,
- "total_pages": 6
}, - "data": [
- {
- "id": "string",
- "status": "string",
- "adjudication": "string",
- "submitted_at": "string",
- "completed_at": "string",
- "created_at": "string",
- "updated_at": "string",
- "candidate": {
- "id": "string",
- "full_name": "string",
- "meta": {
- "entity": "string",
- "create_report": "string"
}
}, - "adverse_action_id": "string",
- "meta": {
- "entity": "string",
- "apply": "string",
- "report_url": "string",
- "profile_url": "string"
}
}
]
}
Create a new report. The report will be generated based on the candidate ID provided. See Create Candidate for required attributes. The account packages available will be configured during onboarding by Yardstik. Each account package will be configured with a set of screenings and configurations that determine the report flow and candidate experience. To see available packages use List Account Packages.
account_candidate_consented | boolean If false (or not sent), indicates that you're relying on Yardstik to capture candidate consent. Once the report is created, retrieve the If true, indicates that you've already obtained candidate consent. As long as you provide all necessary info, the report will process without candidate interaction. However, if you miss anything, we'll automatically create an |
account_package_id required | string <UUID> The account package ID for the package you want use to create a report. Use |
candidate_id required | string <UUID> Unique identifier for the candidate. |
reference_id | string A reference ID that can be used for your application. |
Created
Unauthorized
Unprocessable Entity
{- "candidate_id": "string",
- "account_package_id": "string"
}
{- "id": "string",
- "reference_id": "string",
- "candidate_id": "string",
- "status": "string",
- "response_status": "string",
- "adjudication": "string",
- "submitted_at": "string",
- "completed_at": "string",
- "created_at": "string",
- "updated_at": "string",
- "decision": "string",
- "usage_amount": 0,
- "process_sequentially": true,
- "permissible_purpose": "string",
- "created_by": "string",
- "candidate": {
- "id": "string",
- "full_name": "string",
- "email": "user@example.com",
- "phone_masked": "string",
- "date_of_birth_masked": "string",
- "ssn_masked": "string",
- "driver_license_number_masked": "string",
- "full_address": {
- "address": "string",
- "zip_code": "string",
- "city": "string",
- "state": "string"
}, - "additional_date": { }
}, - "account_id": "string",
- "account_name": "string",
- "report_url": "string",
- "adverse_action_id": "string",
- "report_screenings": [
- {
- "id": "string",
- "type": "string",
- "label": "string",
- "name": "string",
- "status": "string",
- "records": [
- {
- "category": { },
- "messages": [
- "string"
], - "violations": [
- {
- "description": "string",
- "disposition": "string",
- "disposition_date": "string"
}
]
}
]
}
], - "elapsed_timing": "string",
- "package_name": "string",
- "comments": [
- "string"
], - "meta": {
- "entity": "string",
- "apply": "string",
- "report_url": "string",
- "profile_url": "string"
}, - "adverse_action_settings": {
- "mandatory_selection_of_violations": true
}
}
Get a report with the given ID.
OK
Unauthorized
Not Found
{- "id": "string",
- "reference_id": "string",
- "candidate_id": "string",
- "status": "string",
- "response_status": "string",
- "adjudication": "string",
- "submitted_at": "string",
- "completed_at": "string",
- "created_at": "string",
- "updated_at": "string",
- "decision": "string",
- "usage_amount": 0,
- "process_sequentially": true,
- "permissible_purpose": "string",
- "created_by": "string",
- "candidate": {
- "id": "string",
- "full_name": "string",
- "email": "user@example.com",
- "phone_masked": "string",
- "date_of_birth_masked": "string",
- "ssn_masked": "string",
- "driver_license_number_masked": "string",
- "full_address": {
- "address": "string",
- "zip_code": "string",
- "city": "string",
- "state": "string"
}, - "additional_date": { }
}, - "account_id": "string",
- "account_name": "string",
- "report_url": "string",
- "adverse_action_id": "string",
- "report_screenings": [
- {
- "id": "string",
- "type": "string",
- "label": "string",
- "name": "string",
- "status": "string",
- "records": [
- {
- "category": { },
- "messages": [
- "string"
], - "violations": [
- {
- "description": "string",
- "disposition": "string",
- "disposition_date": "string"
}
]
}
]
}
], - "elapsed_timing": "string",
- "package_name": "string",
- "comments": [
- "string"
], - "meta": {
- "entity": "string",
- "apply": "string",
- "report_url": "string",
- "profile_url": "string"
}, - "adverse_action_settings": {
- "mandatory_selection_of_violations": true
}
}
Retrieve a paginated list of documents for a report. See Pagination.
List of documents
Unauthorized
Not Found
{- "object": "list",
- "meta": {
- "page": 2,
- "per_page": 25,
- "total_count": 137,
- "total_pages": 6
}, - "data": [
- {
- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "filename": "string",
- "content_type": "string",
- "document_type": {
- "name": "string",
- "label": "string"
}, - "url": "string",
- "file_size": 0,
- "created_at": "string",
- "updated_at": "string"
}
]
}
When sending a request to create a document, you can send the file in two different ways.
1. You can send the file
as a binary file using the multipart/form-data
content type.
2. You can send the parameter file_base64
as a base64 encoded string using the application/json
content type.
The file size limit is 10MB.
Create document details.
Unauthorized
Not Found
Unprocessable Entity
{- "document_type": "string",
- "file": "string",
- "file_base64": "string"
}
{- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "filename": "string",
- "content_type": "string",
- "document_type": {
- "name": "string",
- "label": "string"
}, - "url": "string",
- "file_size": 0,
- "created_at": "string",
- "updated_at": "string"
}
Retrieve a report document with the given ID.
Document details.
Unauthorized
Not Found
{- "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "filename": "string",
- "content_type": "string",
- "document_type": {
- "name": "string",
- "label": "string"
}, - "url": "string",
- "file_size": 0,
- "created_at": "string",
- "updated_at": "string"
}
Actions taken on a report due to findings that may disqualify the candidate. See the Adverse Action section.
Create an adverse action on a report with the given ID.
During the creation of the adverse action, in the violations
parameter the only required information is the description
The violations
parameter is required in most scenarios.
For more details about this parameter and the adverse action process as a whole, check out the Adverse Action section.
OK
Unauthorized
Not Found
Unprocessable Entity
{ }
{- "id": "string",
- "status": "string",
- "title": "string",
- "text": "string",
- "expires_at": "string",
- "created_at": "string",
- "updated_at": "string",
- "violations": [
- {
- "description": "string",
- "sentence": "string",
- "file_date": "string",
- "offense_date": "string",
- "dispositon_date": "string",
- "dob_on_record": "string",
- "jurisdiction": "string",
- "name_on_record": "string"
}
], - "comments": [
- {
- "id": "string",
- "title": "string",
- "text": "string",
- "created_at": "string",
- "update_at": "string"
}
], - "applicant_first_name": "string",
- "account_name": "string",
- "logo": "string",
- "styles": { }
}
Cancel an adverse action on a report with the given ID. See the Adverse Action section.
OK
Unauthorized
Not Found
Unprocessable Entity
{- "id": "string",
- "status": "string",
- "title": "string",
- "text": "string",
- "expires_at": "string",
- "created_at": "string",
- "updated_at": "string",
- "violations": [
- {
- "description": "string",
- "sentence": "string",
- "file_date": "string",
- "offense_date": "string",
- "dispositon_date": "string",
- "dob_on_record": "string",
- "jurisdiction": "string",
- "name_on_record": "string"
}
], - "comments": [
- {
- "id": "string",
- "title": "string",
- "text": "string",
- "created_at": "string",
- "update_at": "string"
}
], - "applicant_first_name": "string",
- "account_name": "string",
- "logo": "string",
- "styles": { }
}
Use Webhooks to connect Yardstik with your application. You can configure them to notify you of various events when they occur in your account. See the Using Webhooks section.
Retrieve a list of webhooks for the given account ID.
OK
Bad Request
Unauthorized
Forbidden
Not Found
[- {
- "id": "bc0bb48c-d1f9-4b02-a965-3ce39677532f",
- "enabled": true,
- "webhook_type": "candidate.created",
- "webhook_description": "A candidate has been created."
}
]
Create a webhook
Created
Unauthorized
Forbidden
Not Found
Unprocessable Entity
{- "webhook_type_id": "c6b6e55f-5b3a-479a-9ea8-d95d13856c7d",
}
{- "id": "e8b57b13-0038-4c69-99ee-1dae304afd80",
- "webhook_type": "candidate.created",
}
Show a specific webhook for a given ID.
OK
Unauthorized
Forbidden
Not Found
[- {
- "id": "bc0bb48c-d1f9-4b02-a965-3ce39677532f",
- "enabled": true,
- "webhook_type": "candidate.created",
- "webhook_description": "A candidate has been created."
}
]
Update a webhook for a given ID.
Created
Unauthorized
Forbidden
Not Found
Unprocessable Entity
{- "id": "e8b57b13-0038-4c69-99ee-1dae304afd80",
- "webhook_type": "candidate.created",
}
List all webhook types enabled for your account. For a list of available types, see Listen for Webhook Events
OK
Unauthorized
Forbidden
Not Found
[- {
- "id": "c6b6e55f-5b3a-479a-9ea8-d95d13856c7d",
- "system_name": "candidate.created",
- "description": "A new candidate has been created."
}
]
A JWT is required to access the Yardstik Embeddable Views.