Users
Users API Overview
The Users APIs offers a comprehensive set of endpoints for managing user profiles, validating personal and financial information, handling credit details, and managing identity‑related processes within a program/account context.
Profile Management User Endpoints
PUT /programs/{programCode}/users/{userIdentifier}
Updates the user profile for the specified user identifier. Only the fields provided in the request will be updated. Returns the updated user details or validation errors.
Unencrypted User Data Parameters
- profileData - Value contains the name and addresses of a user.
- firstName - Required. Must be 1-35 characters. Refer to the Valid Characters for Names, Cities, and Addresses table for details.
- middleName - Optional. Max 100 characters
- lastName - Required. Must be 2-35 characters. Refer to the Valid Characters for Names, Cities, and Addresses table for details.
- addresses - Contains the full address for the user, along with the type.
- A home address must be provided, and it must be the default address.
- If KYC is requested and the home address does not contain addressLine1 and either (city and state) or zipCode, then the following description will be returned:
Note: KYC requires a home address that contains addressLine1 and either (city and state) or zipCode.
-
Address types include:
- home
- work
- billing (case insensitive)
Currently, work and billing do not have any specific use cases for the debit account products. They will only be stored and retrieved.
-
addressLine1 - Required value containing the home address of the user.
-
addressLine2 - Home address continued
-
city - Required value containing the city where user lives.
-
State - Required value containing the state where user lives. Must be a two-character state code.
-
zipCode - Required value containing the user’s zipCode.
Note: Must be only 5 digits. No extended zip codes allowed. If an extended zip code is provided, the extended digits will be stripped off by the system. -
countryCode - Value containing the user’s countryCode. Default is USA
-
type - Value containing the type of address provided, which is required to be the “home” address.
-
isDefault - This field determines if a default value is used for email, phone, address.
- true = Use default.
- false = Do not use default. For an address, false indicates to use a business address.
-
identifyingData - Field containing restricted personal identifying data. If included in payload, dateOfBirth and ssn or ssnSuffix is required. Becomes immutable once KYC is completed.
-
ssnSuffix - The last 4 digits of the user’s ssn. Products will require full ssn or the ssnSuffix only. Both ssn & ssnSuffix are mutually exclusive.
-
Ssn - Must be exactly 9 digits, the full ssn of the user. Products will require full ssn or the ssnSuffix only. Both ssn & ssnSuffix are mutually exclusive. A non-US ssn will fail KYC2.
-
dateOfBirth - Must be between 1901 and current date and provided in the form YYYY-MM-DD
-
email - Field contains the email address of the user, along with its verification and data entered. Since only one user profile email address is allowed, the isDefault flag is ignored and the provided email address will always be the default.
-
emailAddress - String value with a max length of 255 characters.
Note: In the Partner Integration Environment (PIE), we allow enrollment requests which include an e-mail address containing a “+” character in the username portion. This is to facilitate easier QA by our BaaS partners. In production environments this is not allowed. If the username portion of an e-mail address being attempted for enrollment contains a “+” character, then that request will fail. In production, the partner’s front-end application should use a mechanism that looks for that character and returns guidance to the customer to change the requested e-mail address and remove any disallowed characters. -
phoneNumbers - The user’s phone number. One default phone number (valid with 10 digits) must be provided or the first phone number in the list of phone numbers will be set to the default. If more than one default phone number is provided, the following response will be returned:
HTTP Status: 400 Code: 1040 subCode: 0 Description: There can only be one default phone.
Note: International codes are not supported at this time.
- Number - Optional
- Type - Value that returns the type of phoneNumber provided by the user. Valid phone types are:
- mobile
- home
- work
Business Rules
- Address, email and phone are all optional.
- If an address, email, or phone property is excluded, then that object is not updated or created.
- If there is only one existing phone number, then it is updated in place with the provided phoneType and number, even if the phoneType was changed.
- When there is more than one phoneNumber record then phones of the same type are updated. If the type is new, then a new record is created. For example, if there is an existing mobile phone entry and the mobile phone is provided, then it is updated. If a home phone did not previously exist and a home phone is provided, then it is created.
- Deletions of addresses and phoneNumbers are not currently supported.
User Data Response Codes & Sub-Codes
Note: All resulting errors will return an http status 400 along with the following Response Details for address, city length and invalid characters.
Property | Constraint | Error Code | Error subCode | Specific Properties |
---|---|---|---|---|
addressLine1 | > = 2 characters and <= 40 characters | 400 | 505 | addressLine1 |
addressLine2 | <= 40 characters | 400 | 506 | addressLine2 |
City | <= 25 characters | 400 | 504 | city |
addressLine1 | Invalid Characters | 640 | 505 | addressLine1 |
addressLine2 | Invalid Characters | 640 | 506 | addressLine2 |
City | Invalid Characters | 640 | 504 | city |
Response Codes
Scenario | Code | subCode | Description |
---|---|---|---|
More than 1 active account is created with the same SSN per program. | 2 | 60 | Number of Active Accounts Exceeded. |
More than 3 lifetime accounts is created with the same SSN per program. | 2 | 61 | Number of Activated Accounts over Lifetime exceeded. |
More than 2 active accounts are created with the same phone number per program. | 2 | 63 | Number of Active Accounts Exceeded. |
More than 10 lifetime accounts are created with the same phone number. | 2 | 66 | Number of Activated Accounts over Lifetime exceeded |
Locked Account User Updates
- If an account is in a pending state, the user profile can be updated via the API.
- If an account is in a locked state, the user profile cannot be updated via the API.
- If a profile update is attempted for a locked account, the following response will be returned:
HTTP Status: 200
Code: 5
subCode: 362
Description: A user profile cannot be updated for a locked account
Active Consumer Account Limits
Social Security Number (SSN) Limits
- Up to 1 active account with the same SSN per program is allowed
- Up to 3 lifetime accounts with the same SSN per program are allowed
Phone Limits
- Up to 2 active accounts with the same phone number per program are allowed
- Up to 10 lifetime accounts with the same phone number per program are allowed
Note: Updates requested for phone numbers that exceed the current phone limits will be declined.
Refer to Active Small Business Account Limits for details about small business account limit thresholds.
PUT /programs/{programCode}/accounts/{accountIdentifier}/users/{userIdentifier}/name
Updates the legal name of a user due to a legal event such as marriage, divorce, or court order. Requires supporting documentation and may trigger card re-issuance and CRM case creation.
POST /programs/{programCode}/users/{userIdentifier}/uploadAttachment
Uploads an attachment to the specified user's consumer profile. The request must include the attachment data and metadata. Returns the result of the upload operation.
GET /programs/{programCode}/users/{userIdentifier}/consumerProfileExtension
Retrieves extension attributes for the specified user's consumer profile. Returns the requested attributes or all supported attributes if none are specified.
Identity & SSN User Verification Endpoints
POST /programs/{programCode}/accounts/{accountIdentifier}/users/{userIdentifier}/ValidateSsn
Validates the Social Security Number (SSN) for the specified user. Returns validation status and any errors encountered during the process.
Retrieves the SSN validation status for the specified user and account. Returns the validation status and any related information.
POST /programs/{programCode}/accounts/{accountIdentifier}/users/{userIdentifier}/ValidateIdentity
Validates the identity information for the specified user. Returns validation status and any errors encountered during the process.
GET /programs/{programCode}/accounts/{accountIdentifier}/users/{userIdentifier}/ValidateIdentity
Retrieves the identity validation status for the specified user and account. Returns the validation status and any related information.
GET /programs/{programCode}/accounts/{accountIdentifier}/users/kycGates/idv
Retrieves a list of users who require identity verification (IDV) for the specified account. Returns the list of users and their verification status.
Credit Information User Endpoints
GET /programs/{programCode}/accounts/{accountIdentifier}/creditLinesRange
Retrieves the eligible credit line range for the specified account based on provided income and expense information. Returns the calculated range or an error if the input is invalid.
PUT /programs/{programCode}/accounts/{accountIdentifier}/creditLinesSource
Updates the source information for a credit line on the specified account. Returns the result of the update operation.
POST /programs/{programCode}/accounts/{accountIdentifier}/users/{userIdentifier}/getCreditScores
Retrieves credit scores for the specified user and account. Optional date range filters can be provided. Returns the user's credit scores and related information.
Customer Name Change
The Customer Name Change API provides customers with a seamless experience when requesting a name change due to a legal event such as marriage, divorce, court order, etc.
Prior to this feature, name-change requests required customers to provide the following confidential documents to both the Partner and to Green Dot:
- Driver’s License or State ID
- Marriage/Divorce Certificate (if applicable)
- Certified court order for legal name change
With this feature, customers provide the information only once under a secure, controlled process.
By design, the API operates under two Customer ID Program (CIP) processes:
- BaaS Partner Managed CIP
- Green Dot Managed CIP
Following is a description of the BaaS Partner Managed CIP process.
Note: The Green Dot Managed CIP is still under development and will be available in a future release.
BaaS Partner Managed CIP Flow

How It Works
- The customer sends the Partner a name-change request due to a legal event (marriage, divorce, legal name change, etc.).
- The Partner requests the supporting legal documents (marriage certificate, divorce certificate, certified court order for name change).
- The customer provides the requested documents.
- The Partner validates the documents (CIP + OFAC) and approves the name-change request.
NOTE: Per the BSA (Bank Secrecy Act 31 CFR 1010.100), customer name-change records should be maintained for at least five years. - The Partner sends the Name Change API request to BaaS endpoint.
- BaaS Core performs the following:
- Updates the database with the new name.
- Sends a Publish Notification to the Partner confirming a successful name change.
- Issues new cards automatically.
- Calls CRM to create a case for documenting the name change.
Customer Name Change API Endpoints
Updates the legal name of a user due to a legal event such as marriage, divorce, or court order. Requires supporting documentation and may trigger card re-issuance and CRM case creation.
NOTE: The user's information must be encrypted. This endpoint is intended only to change the user's first, middle, and last names following a legal name change.
API Call Structure
PUT /accounts/{accountIdentifier}/users/{userIdentifier}/name)
Sample Partner User Name Change Request - Decrypted View
{
"ProfileData": {
"FirstName": "Happy",
"LastName": "Lucky",
"MiddleName": "Go"
}
}
Sample Partner User Name Change Request - Encrypted View
{
"encryptedUserData": {
"version": "string",
"ephemeralPublicKey": "string",
"publicKeyHash": "string",
"data": "string"
}
}
Partner Request Parameters
- firstName -- Required. The customer’s current name as shown on documents provided for the name-change request.
- middleName - Optional. The customer’s middle name as shown on documents provided for the name-change request.
- lastName - Required. The customer’s last name as shown on documents provided for the name-change request.
Response Body
{
"responseHeader": {
"responseId": "cfd06987-47cd-4924-b3e6-367cb8cdb6e6",
"statusCode": 0,
"subStatusCode": 0,
"message": "Success"
}
}
Updated 9 days ago