REST API · V1

Automate the complete QC evidence lifecycle

The Lender and Enterprise plans expose tenant-scoped ingestion, review, sampling, reporting, and reverification operations. Human judgment remains explicit at finding disposition and review completion.

Authentication and scopes

Create a key in Settings and select only the scopes that integration needs. Keys are SHA-256 hashed at rest, shown once, individually revocable, limited to 120 requests per minute and 5,000 requests per day by default.

Authorization: Bearer exactclose_<48 hex characters>

Scopes: loans:read/write, documents:read/write, reviews:read/write, reports:read/write, samples:read/write, and reverifications:read/write.

Loans

GET    /api/v1/loans?limit=50&cursor=0
POST   /api/v1/loans
GET    /api/v1/loans/{id}
PATCH  /api/v1/loans/{id}
DELETE /api/v1/loans/{id}
{
  "loan_number": "104882",
  "channel": "retail",
  "loan_type": "conventional",
  "purpose": "purchase",
  "occupancy": "primary",
  "disbursement_date": "2026-06-11"
}

Documents and review

GET  /api/v1/loans/{id}/documents
POST /api/v1/loans/{id}/documents        multipart: file, document_type
GET  /api/v1/loans/{id}/documents/{documentId}/download
POST /api/v1/loans/{id}/review
PATCH /api/v1/loans/{id}/findings/{findingId}

{ "status": "remediated", "note": "Corrected disclosure retained in file." }

Uploads return 202. The encrypted worker extracts permitted facts, retains provenance, and recomputes deterministic QC.

Monthly samples

GET   /api/v1/samples
POST  /api/v1/samples
GET   /api/v1/samples/{id}
PATCH /api/v1/samples/{id}   { "status": "complete" }

{ "cycle_month": "2026-06", "method": "random10" }

Reports

GET  /api/v1/reports
POST /api/v1/reports                       { "loan_id": 42 }
POST /api/v1/reports                       { "sample_id": 7 }
GET  /api/v1/reports/{id}
GET  /api/v1/reports/{id}/download

Reverification

GET   /api/v1/reverifications?loan_id=42
POST  /api/v1/reverifications              { "loan_id": 42 }
GET   /api/v1/reverifications/{id}
PATCH /api/v1/reverifications/{id}
POST  /api/v1/reverifications/{id}/letter  { "subject": "...", "recipient": "..." }
GET   /api/v1/reverifications/{id}/letter

Pagination and errors

Collection endpoints use ascending integer cursors and return next_cursor. Errors use a stable envelope:

{ "error": { "code": "validation_error", "message": "..." } }

Common statuses: 400 invalid request, 401 invalid/revoked key, 403 plan or scope required, 404 tenant-scoped record not found, 409 lifecycle conflict, 422 validation failure, and 429 rate limit.

API responses can contain NPI. Use TLS, short-lived operational access, least-privilege keys, and NPI-safe downstream logs. ExactClose never returns records outside the API key’s organization.