Register on the Equifax API Developer Portal (developer.equifax.com) and obtain a client_id and client_secret for the Credit Reports product scope
POST to the Equifax OAuth /oauth/token endpoint with grant_type=client_credentials, your client_id, client_secret, and the appropriate scope to receive an access_token
Add the access_token as a Bearer token in the Authorization header, then POST the consumer inquiry (name, address, SSN, date of birth) to the Credit Reports API endpoint
Inspect the JSON response for the credit summary, tradelines, inquiries, and score returned; map fields to your decisioning model
Ensure requests originate from a whitelisted IP address — production endpoints reject requests from non-whitelisted sources regardless of valid token
Implement token refresh logic: request a new token before expiry rather than caching indefinitely
Known gotchas
Production APIs enforce IP allowlisting on top of OAuth; provisioning a new server IP requires advance coordination with Equifax
The scope value must exactly match what is provisioned on your account; a mismatch returns an authorization error even with valid credentials
Equifax may return a 'file not found' response (no hit) for thin-file consumers — always handle this case explicitly rather than treating it as an error
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp