This section covers how user information is sent via requests to Engine by MoneyLion's API.
Post Request Endpoint
POST to https://api.engine.tech/leads/rateTablesPartners building a Native API integration posting user information to this endpoint will need to make a separate request to retrieve offers.
Post Request Authorization
Engine will provide testing and production API access tokens. All requests to the Engine API must be authenticated using a bearer token specified in the Authorization header.
The header value is prefixed with the string “Bearer “, so a properly-authenticated request will look similar to the one here:
The required format of the body (JSON) in the request to Engine by MoneyLion's API is as follows:
{"productTypes":["loan"],"personalInformation":{"firstName":"John","lastName":"Doe","email":"[email protected]","city":"New York","state":"NY","primaryPhone":"2125556789","address1":"175 5th Ave","address2":"Apartment 5","zipcode":"10010","dateOfBirth":"1993-10-09","ssn":"111-22-3333"},"loanInformation":{"purpose":"debt_consolidation","loanAmount":10000},"mortgageInformation":{"propertyStatus":"own_with_mortgage"},"creditInformation":{"providedCreditRating":"good"},"financialInformation":{"employmentStatus":"employed","employmentPayFrequency":"biweekly","annualIncome":80000},"legalInformation":{"consentsToFcra":true,"consentsToTcpa":true, "fcraLanguage": "By checking this box/clicking 'agree' I hereby consent to the 'E-Sign Agreement', the 'Credit Authorization Agreement', the Terms of Service and Privacy Policy, and I am providing written consent under the Fair Credit Reporting Act (FCRA) for [Engine by MoneyLion and/or Insert Company Name], its partners and financial institutions to obtain consumer report information from my credit profile. I request that my information be provided to their partners, lenders, and financial services partners to provide me with financial recommendations, which may also include debt relief, credit repair, credit monitoring or other related services", "tcpaLanguage": "I agree to be contacted by [Engine by MoneyLion and/or Insert Company Name] its partners and their affiliated companies and financial institutions via email, postal mail service and/or at the telephone number(s) I have provided above to explore various financial products and services I inquired about, including contact through automatic dialing systems, artificial or pre-recorded voice messaging, or text message. Consent is not required as a condition to utilize the service, and you may choose to be contacted by an individual customer care representative(s) by calling XXXXX or emailing XXXX"},"sessionInformation":{"ipAddress":"x.x.x.x","userAgent":"Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Mobile Safari/537.36"}}
Product Types
Field
Type
Required?
Sample Value
Enum/Comment
productTypes*
Array of strings
Y
"loan", "other"
Enum:
"loan"
"loan", "other"
"other"
*In the productTypes array, you may pass ["loan"] for the lead to receive First Look / Personal Loan offers only), ["other"] for the lead to receive Second Look Marketplace offers only, or ["loan", "other"] for the lead to receive 1st Look offers when eligible, or else Second Look offers (if not eligible for any 1st Look offers).
"By checking this box/clicking 'agree' I hereby consent to ..."
Must include the exact FCRA language shown to users.
consentsToSms
Boolean
No
true
Highly recommended
consentsToTcpa
Boolean
No
true
Highly recommended*
tcpaLanguage
String
Conditional
"By checking this box/clicking 'agree' I hereby consent to ..."
Required if consentsToTcpa is true. Must include the exact TCPA language shown to users.
*Although the FCC has postponed the effective date of the TCPA One-to-One Consent Rule—meaning the consentsToTcpa field is no longer strictly required (i.e. does not need to be true—Engine still strongly encourages our channel partners to obtain user consent to maintain the highest standards of compliance and performance.
Session Information
Field
Type
Required? (Yes/No)
Sample Value
Enum/Comment
ipAddress
String
Yes
8.8.8.8
Used for fraud detection by Engine and Financial Institution partners
userAgent
String
Yes
MyApp/2.1 (iOS 16.3; iPhone13,2)
Used for fraud detection/prevention by Financial Institution partners
sessionInformation.userAgent should reflect the userAgent of the client (i.e. consumer's device), which is different from the User-Agent required in request headers (which should reflect the channel partner's server).
Regex Validations
The following fields have the regex checks and will return errors if your lead submission does not adhere to this logic:
personalInformation.primaryPhone
The primary must be a string of 10 digits, with or without a leading 1, and with or without special characters e.g. ()-.
The area code cannot be the same 3 digits repeated, e.g. 222 or 333.
personalInformation.zipcode
The zip code must be a string of either:
5 digits
5 digits, a hyphen -, and 4 more digits
personalInformation.ssn
The SSN cannot have all digits in each group be identical (e.g., 111-11-1111 or 222-22-2222).
The following specific SSNs are not allowed because they are commonly used in examples or considered invalid:
123-45-6789
219-09-9999
078-05-1120
The first group of three digits cannot be:
666
000
Any number starting with 9 (e.g., 900–999).
The middle group of two digits cannot be:
00
The last group of four digits cannot be:
0000
Response
This section covers how partners building a Native API integration retrieve offers from Engine by MoneyLion's API.
Partners building a Native API integration will receive a response from Engine’s API almost instantaneously. This response does not contain complete offer information and contains two key fields to retrieve offer information:
“uuid”: Engine’s Rate Table UUID which will be used to retrieve offer information
“leadUuid”: Engine’s Lead UUID which partners building a Native API integration should store for internal records
Here is an example of the API response. Note that pendingResponses contains information about the Financial Services partners to whom Engine is sending user information.
Partners building a Native API integration must make a secondary request to Even’s API to retrieve offer information. Below are instructions for this secondary request:
Capture the uuid returned in the initial API response
Execute a GET request to Engine’s Offers Endpoint:
GET https://api.engine.tech/originator/rateTables/:uuid
Poll the GET rateTables endpoint once every second until “pendingResponses” is empty (either up to 15s or 30s, depending on whether 2nd Look Marketplace offers are also enabled. (Please see Response Timing section below for more info.)
Below is a mock of the API response for Even’s Offers endpoint. Note that pendingResponses is empty as Even has already received offers back for the user from all Financial Services partners.
Response Timing
Below are p25, 50, 75, and 95 response times across our network of Financial Institution API Partners (current as of 2/28/25). You can use this to estimate the average time it will take for Engine's rate table response to fully resolve (i.e. no more pendingResponses) - please see notes below the table.
Response Times by Marketplace - Table
1st Look Response Time
Percentile
Response Time (seconds)
p25
1
p50
2
p75
4
p95
8
2nd Look Marketplace Response Time
Percentile
Response Time (seconds)
p25
<1
p50
1
p75
4
p95
11
Engine will respond immediately (average response times are <1 second), but you will need to keep GETting the resulting rate table until the pendingResponses array is empty. The table above shows the time it will take until you no longer need to poll /rateTables/:uuid.
If you are set up for only 1st Look or 2nd Look through your integration (i.e. if you are only including one value in the productTypes array, either ["loan"] or ["other"], you can use the times above as an indication of the time for a rate table to fully resolve.
If you are set up with the 1st Look / 2nd Look waterfall (i.e. productTypes = ["loan", "other"], where Engine waits for all 1st Look Partners to respond before submitting to 2nd Look partners, you should add the 1st Look response times to the 2nd Look response times to interpret the time it takes for the rate table to fully resolve with offers.
Caveat - Full API Gateway May Take Longer
This only displays the time it takes for Financial Institutions to respond to Engine's API requests. The full end-to-end experience may take longer than the times in the table above, considering the full flow of info from one end to the other:
What is typically negligible: the additional time from the time your request hits Engine before we initiate those requests, and the time for Engine to respond to you after our Financial Institution partners respond to us.
What may not be negligible: the additional time it takes for the user/client to make the request to the Engine API via your own API, and the additional time it takes for the user/client to process the response they receive by your API.
Response Parsing
loanOffers array
Offers will be returned in the loanOffersarray, and only that array should be used to display loan offers (aka 1st Look offers).
Rate tables with loanOffers present may also contain offers in the specialOffers array, for example:
specialOffers returned in rate tables that also contain loanOffers are static 2nd Look (i.e. non-loan) offers that are unlikely to be a match for the applicant requesting a loan, and should be ignored.
You should write your display logic such that:
If loanOffers is present and non-empty, display all loan offers.
If loanOffers is empty, display specialOffers.
Leads posted with productTypes: ["loan", "other"]will always get either loanOffers or specialOffers in the resulting rate table.
Response field mapping
Below is the mapping of the required fields for the offer display page to the fields present in the “loanOffers” section of the API response:
Key
Value
Financial Services Partner Logo
originator.images.url
Offer Amount
maxAmount
Offer Term Length
termLength
Offer Term Unit
termUnit
Offer Term Description
termDescription
Offer APR Amount (%)
maxApr
Offer APR Description
aprDescription
Offer Monthly Payment Amount
maxMonthlyPayment
Offer Monthly Payment Description
monthlyPaymentDescription
• If “preApproved” is “true”
• If “preQualified” is “true”
• If both “preApproved” & “preQualified” are “true”
• Pre-Approved
• Pre-Qualified
• Pre-Approved
Offer Disclaimer
originator.disclaimer
For the additional fields required for Secured Loans or Line of Credit products:
Key
Value
Product Type Label
productSubType
Product Type Disclaimer
productSubTypeDisclaimer
Error codes
Response types are mapped to HTTP status codes. In particular:
200 OK: when data is successfully returned for a GET request
201 Created: when new data is submitted via a POST
400 Bad Request: the submitted data is malformed
401 Unauthorized: when the Authorization header is missing, if the value is invalid, or if the corresponding access token lacks the required scopes to complete the request
404 Not Found: the URL is invalid, or the resource ID reference in the URL does not exist
422 Unprocessable Entity: the submitted data is properly formatted, but invalid according to business logic (some legacy endpoints use 409 Conflict in this case)
5xx: server error
Minor version changes to the API are guaranteed to be backwards compatible. Major version changes may break the API, but legacy versions are supported indefinitely.
