Confirm your organization qualifies as a Permitted Entity (PE) under Section 215 of the Economic Growth, Regulatory Relief, and Consumer Protection Act (generally financial institutions and their service providers); enroll via SSA's eCBSV enrollment portal.
Implement OAuth 2.0 / OpenID Connect authentication against SSA's authorization server to obtain a bearer token; SSA provides the token endpoint and scopes in the eCBSV technical documentation.
Collect the individual's explicit written or electronic consent before each verification — consent must be documented and retained for a minimum of 5 years per program requirements.
POST a verification request to the eCBSV Verification API endpoint with the individual's SSN, first name, last name, and date of birth in the JSON request body.
Parse the response: the API returns a verification result of 'yes' or 'no' for the SSN/name/DOB combination, plus a death indicator if SSA records indicate the SSN holder is deceased.
Log each transaction with a timestamp and the consent record reference; eCBSV is a fee-based service — reconcile transaction counts monthly against SSA billing.
Known gotchas
eCBSV returns only a binary yes/no match — it does not disclose which field(s) caused a mismatch, so you cannot determine whether the name, SSN, or DOB was the failing element.
Consent is required per-verification and must be obtained contemporaneously — stored historical consent from a prior transaction is generally not sufficient for a new eCBSV query.
Enrollment is open indefinitely but involves a review process; non-financial-institution entities typically do not qualify. Confirm your organization's PE status with legal counsel before enrolling.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp