Loans Marketplaces

This page covers prefilling Engine's lending marketplaces - Personal Loans, Student Loan Refinance (SLR), and Auto Loan Refinance (ALR) - using our Prefill API.

It builds on the shared concepts in the Prefill API overview (how the flow works, token lifecycle, frontend options, best practices). Please start there if you haven't already!

API Request

Before you start: you'll need a bearer token from your Engine team scoped to your Loans subaccount, and your lending experience configured and enabled by Engine.

Authentication

Every request must be authenticated with the bearer token provided by your Engine team.

Authorization: Bearer <YOUR_ACCESS_TOKEN>

Your token is scoped to a specific subaccount by product category (Loans, Credit Cards, etc.). Use the token your Engine team directs you to use for each product — the markup you get back is determined by the marketplace tied to that token plus the productTypes you send.

Request Body

Send a POST to the prefill endpoint with a JSON body. The body carries the consumer's data plus a productTypes array that tells Engine which experience to return.

productTypes is required. Without it, Engine can't determine which embed snippet and partner page URL to return, and the request will fail.

Request Component

Value

Endpoint

POST https://api.engine.tech/originator/prefills

Auth

Authorization: Bearer <YOUR_ACCESS_TOKEN>

Content Type

application/json

Accepted Fields

Group your data into the objects below. Send only what you have — omitted fields are collected from the consumer in the Engine experience.

All lending experiences use productTypes:"loan" and accept the same core fields:

Object

Parameter

Notes

personalInformation

productTypes

Required array.

Accepted Enums: loan, credit_card. Tells Engine which hosted experience (embed snippet + partner page URL) to return.

personalInformation

productSubType

Optional: selects a specific lending experience when productType is loan.

Accepted Enums: auto_refinance, student_loan_refi.

personalInformation

firstName

String

personalInformation

lastName

String

personalInformation

email

String

personalInformation

primaryPhone

String, 10-digit "0123456789"

personalInformation

address1

String

personalInformation

address2

Optional Address Field

personalInformation

city

String

personalInformation

state

String, standard two-letter code "NY"

personalInformation

zipcode

String

personalInformation

dateOfBirth

String, "YYYY-MM-DD"

personalInformation

ssn

String, "111-22-333"

loanInformation

purpose

Accepted Enums

loanInformation

loanAmount

Integer

mortgageInformation

propertyStatus

Accepted Enums

creditInformation

providedCreditRating

Accepted Enums

financialInformation

employmentStatus

Accepted Enums

financialInformation

employmentPayFrequency

Accepted Enums

financialInformation

annualIncome

Integer

Auto Loan Refinance

When Auto Loan Refinance is selected using productSubType , additional fields are accepted by the Prefill API:

Object

Field

Notes

vehicleInformation

monthlyPayment

Integer

vehicleInformation

estimatedMileage

Integer

vehicleInformation

vehicleUuid

String

Student Loan Refinance

When Student Loan Refinance is selected using productSubType , additional fields are accepted by the Prefill API:

Object

Field

Notes

personalInformation

citizenshipStatus

Accepted Enums

financialInformation

monthlyHousingPayment

Integer

financialInformation

availableAssets

Integer

educationInformation

educationLevel

Accepted Enums

educationInformation

graduationDate

String, "YYYY-MM-DD"

educationInformation

universityAttended

String

educationInformation

graduateDegreeType

Accepted Enums

Sample Request Payloads

{
  "productTypes": ["loan"],
  "personalInformation": {
    "firstName": "John",
    "lastName": "Doe",
    "email": "[email protected]",
    "city": "New York",
    "state": "NY",
    "primaryPhone": "2125556789",
    "address1": "45 West 21st Street",
    "address2": "5th Floor",
    "zipcode": "10010",
    "dateOfBirth": "1993-10-09",
    "ssn": "111-22-3333"
  },
  "loanInformation": {
    "purpose": "debt_consolidation",
    "loanAmount": 10000
  },
  "mortgageInformation": {
    "propertyStatus": "own_with_mortgage"
  },
  "creditInformation": {
    "providedCreditRating": "excellent"
  },
  "financialInformation": {
    "employmentStatus": "employed",
    "employmentPayFrequency": "weekly",
    "annualIncome": 120000
  },
  "educationInformation": {
    "educationLevel": "masters"
  }
}

{
  "productTypes": ["loan"],
  "productSubType": "student_loan_refi",
  "personalInformation": {
    "firstName": "John",
    "lastName": "Doe",
    "email": "[email protected]",
    "city": "New York",
    "state": "NY",
    "primaryPhone": "2125556789",
    "address1": "45 West 21st Street",
    "address2": "5th Floor",
    "zipcode": "10010",
    "dateOfBirth": "1993-10-09",
    "ssn": "111-22-3333",
    "citizenshipStatus":"citizen"
  },
  "loanInformation": {
    "purpose": "debt_consolidation",
    "loanAmount": 10000
  },
  "mortgageInformation": {
    "propertyStatus": "own_with_mortgage"
  },
  "creditInformation": {
    "providedCreditRating": "excellent"
  },
  "financialInformation": {
    "employmentStatus": "employed",
    "employmentPayFrequency": "weekly",
    "annualIncome": 120000,
    "monthlyHousingPayment": 2500,
    "availableAssets": 50000
  },
  "educationInformation": {
    "educationLevel": "masters",
    "graduationDate":"2015-08-24",
    "universityAttended":"Johns Hopkins University",
    "graduateDegreeType":"master_of_science"
  }
}

{
  "productTypes": ["loan"],
  "productSubType": "auto_refinance",
  "personalInformation": {
    "firstName": "John",
    "lastName": "Doe",
    "email": "[email protected]",
    "city": "New York",
    "state": "NY",
    "primaryPhone": "2125556789",
    "address1": "45 West 21st Street",
    "address2": "5th Floor",
    "zipcode": "10010",
    "dateOfBirth": "1993-10-09",
    "ssn": "111-22-3333"
  },
  "loanInformation": {
    "purpose": "debt_consolidation",
    "loanAmount": 10000
  },
  "mortgageInformation": {
    "propertyStatus": "own_with_mortgage"
  },
  "creditInformation": {
    "providedCreditRating": "excellent"
  },
  "financialInformation": {
    "employmentStatus": "employed",
    "employmentPayFrequency": "weekly",
    "annualIncome": 120000
  },
  "educationInformation": {
    "educationLevel": "masters"
  },
  "vehicleInformation":{
  "monthlyPayment": 400,
  "estimatedMileage": 15020,
  "vehicleUuid": "e0993456-73e5-4005-99de-b40f8aacc8f0"
  }
}

API Response

A successful request returns 200 OK with the token and the markup you need to render the experience.

Field

Description

productTypes

Echoes the product types from your request.

prefillToken

The short-lived token that unlocks the prefilled data.

expiresInSeconds

Token time-to-live, in seconds (currently 180 seconds).

maxUses

How many times the token can be redeemed (currently 3 uses before expiration).

partnerPageUrl

Hosted Engine landing page, with the prefillToken already appended.

embedSnippet

HTML/JS markup to embed the experience on your own site.

Prefill Token Lifecycle

To keep consumer data secure, tokens have strict time and usage limits.

Time to live: tokens are valid for expiresInSeconds (currently ~3 minutes / 180s). Generate the token immediately before the consumer interacts with the flow.
Usage: tokens can be redeemed up to maxUses times (currently 3) to support retries. Do not cache or reuse a token across sessions.

If the token's TTL or use limit is exceeded, the consumer simply isn't prefilled — they'll fill out the required fields themselves to complete the product search. Nothing breaks.

Sample Response

The exact shape of partnerPageUrl and embedSnippet depends on the product marketplace.

A successful Loans request returns the token plus the lending markup:

{
  "productTypes": ["loan"],
  "prefillToken": "e9c6b1a2-4f8d-4d2c-b9e6-91f2a6d8b0a4",
  "expiresInSeconds": 180,
  "maxUses": 3,
  "partnerPageUrl": "https://www.moneylion.com/network/<your-marketplace>/loans/search/loan-purpose?prefillToken=e9c6b1a2-4f8d-4d2c-b9e6-91f2a6d8b0a4",
  "embedSnippet": "<script async src=\"https://www.moneylion.com/network/<your-marketplace>/loans/web-component/loans-search/index.js\" data-embed-type=\"auto-mount\" data-prefill-token=\"e9c6b1a2-4f8d-4d2c-b9e6-91f2a6d8b0a4\"></script>"
}

Frontend Integration Options

Engine must configure and enable your experiences before they can render, regardless of which path you choose. The only dynamic value in the returned markup is the prefillToken — everything else is scoped to your marketplace and the productTypes you sent. You can extract and use any of:

the full partnerPageUrl,
the full embedSnippet, or
just the prefillToken value (to drop into markup you already maintain)

Partner Page (Linkout)

Best for partners who want to hand the consumer off to a hosted MoneyLion landing page, or who want a lighter-lift integration.

Extract partnerPageUrl from the response.
Redirect the consumer there with a standard HTTP 302 or a client-side location change.

Embedded Experience

Best for partners who want to keep the consumer on their own property.

Extract embedSnippet from the response.
Unescape the snippet.
Inject the snippet into your page where the component should appear.
The script initializes automatically using the prefillToken to load the consumer's data.

The embed markup is not the same for every product — lending uses an auto-mounting script tag, while credit cards use a script plus a custom element. Use the snippet returned for your product, and see the product pages for the exact shape.

Lending uses a single auto-mounting script tag. The script reads data-prefill-token and mounts the experience automatically where you place it.

<script
  async
  src="https://www.moneylion.com/network/<your-marketplace>/loans/web-component/loans-search/index.js"
  data-embed-type="auto-mount"
  data-prefill-token="e9c6b1a2-4f8d-4d2c-b9e6-91f2a6d8b0a4"
></script>

This is different from the credit card embed, which uses a separate custom element. Always use the embedSnippet returned in your response.

The Consumer Experience

If you omit a field that shares a screen with others (e.g. part of an address), consumers will be prompted for that whole screen rather than a single field.

After the experience redeems the prefillToken, it patches the lead with the PII you sent and collects only what's missing:

If everything is missing, the consumer fills out all required fields.
If some data is missing, the consumer is prompted only for the missing required fields.
If nothing is missing, the consumer skips straight to a review screen for consent.

Review Screen

For compliance and security, the consumer is always shown a review screen before submission. It is fully editable, so they can correct anything that was prefilled.

Masking: sensitive fields like SSN are masked (e.g. ***-**-6789).
Confirmation: the consumer must explicitly confirm the prefilled information.

Fallback Behavior

If a token is invalid, expired, or fails to redeem, the consumer is not shown an error. The flow gracefully falls back to the standard manual application — they enter their information as if no prefill request had occurred.

Reporting

Please note: actual prefillToken values are temporary and cannot be reported on. They are not stored permanently within Engine's platform.

You can include Client Tags exactly as you would for a standard embedded experience; see Engine's Client Tags & Reporting documentation:

Partner Page Linkout: Client Tags & Prefilling Customer Data
Embedded Marketplace: Client Tags & Prefilling Customer Data

Best Practices

These practices keep consumer PII secure and prevent the most common integration mistakes. They apply to every Prefill API call, regardless of product.

Request Timing

Generate the token immediately before the consumer enters the flow — it's valid for ~3 minutes and up to 3 uses.

Never Place PII in the Browser

You must never pass PII in query parameters or embed codes on the client side.

Don't append query-string parameters such as &firstName=Jane to URLs.
Don't print user data into the HTML source.
Always use the server-side API to exchange data for a prefillToken.

Omit Missing Data from Requests

Any field you omit won't be prefilled. If you omit a field that shares a screen with other fields, none of the fields on that screen are prefilled — they're all collected from the consumer instead.

For example, if you omit zipcode, the consumer is prompted for the full address in-flow, rather than being asked only for a ZIP code. This is a deliberate product decision to avoid confusing, partially-filled screens.

FAQ & Troubleshooting

What happens if the token expires before the consumer loads the page?

The consumer lands on the standard application and enters their information manually. The experience doesn't break — it reverts to a non-prefilled state.

Can I update the data after generating a token?

No. If the consumer's data changes, call the endpoint again to generate a new token.

Why did I get a 400 Bad Request?

Make sure your JSON payload is well-formed and that productTypes is present and set to a valid value (loan or credit_card). If it still fails, confirm with your Engine team that you're using the correct bearer token for the product.

Getting Help

For credentials, enabling experiences, or integration support, contact your Engine account team.

PreviousSecond Party Prefill API NextCredit Cards Marketplace

Last updated 3 hours ago

Was this helpful?