Read-only credit profiles for your applicants
OAuth 2.0 + PKCE grants you access to signed, user-consented credit profiles for GigRevo freelancers. Sandbox today, production whenever you're ready.
OAuth 2.0 + PKCE
Standard authorization code flow with S256 PKCE. Use any off-the-shelf OAuth client.
Signed JWS profiles
Every profile is signed with RS256 or Ed25519. Verify against /jwks.json before trusting fields.
Sandbox fixtures
Six diverse test freelancers — rookie to top-rated — isolated from real user data.
Redirect the user to /authorize
Send the freelancer's browser to the consent screen with your client_id and a PKCE challenge.
https://www.gigrevo.com/api/v1/bank/authorize ?response_type=code &client_id=YOUR_CLIENT_ID &redirect_uri=https%3A%2F%2Fbank.example.com%2Fcallback &scope=profile.read &state=RANDOM_STATE &code_challenge=S256_OF_VERIFIER &code_challenge_method=S256
Exchange code for access token
POST the authorization code plus the code_verifier to /token using HTTP Basic auth.
curl -X POST https://www.gigrevo.com/api/v1/bank/token \ -u "$CLIENT_ID:$CLIENT_SECRET" \ -d "grant_type=authorization_code" \ -d "code=$AUTHORIZATION_CODE" \ -d "redirect_uri=$REDIRECT_URI" \ -d "code_verifier=$CODE_VERIFIER"
Fetch the signed profile
Include the access_token as a Bearer. Response is a payload plus a JWS signature.
curl https://www.gigrevo.com/api/v1/bank/profile \ -H "Authorization: Bearer $ACCESS_TOKEN"
Verify the signature
Fetch our JWKS, match by kid, verify with the jose library (or equivalent). Reject payloads with _sandbox:true in production.
import { createRemoteJWKSet, jwtVerify } from "jose"
const JWKS = createRemoteJWKSet(
new URL("https://www.gigrevo.com/api/v1/bank/jwks.json"),
)
async function fetchProfile(accessToken) {
const res = await fetch("https://www.gigrevo.com/api/v1/bank/profile", {
headers: { Authorization: `Bearer ${accessToken}` },
})
// `signature` is a full JWS compact serialization — the payload is
// embedded inside it. The top-level `payload` field is a convenience
// copy; always trust the JWS-embedded version after verification.
const { signature } = await res.json()
const { payload } = await jwtVerify(signature, JWKS, {
algorithms: ["RS256", "EdDSA"],
})
if (payload._sandbox) throw new Error("Sandbox payload in production")
return payload
}Sandbox notes
Sandbox banks can only authorize sandbox fixture users. Every sandbox response includes _sandbox:true in the payload so you can assert it's absent in production. Admins seed six personas: rookie, rising, top-rated, high-volume, disputed, and verified-KYC.
Request access
Tell us about your integration. A GigRevo partnerships contact will email you with sandbox credentials within two business days.
FAQ
Do you provide KYC / identity verification?
Not in v1. The profile returns a kyc_tier hint (0–2) based on our internal onboarding but we don't run IDV on freelancers. You're expected to run your own KYC if required.
How much does access cost?
Sandbox is free. Production pricing depends on volume and use case — reach out via the form above and we'll scope it with you.
What are the rate limits?
Default 60 requests per minute per bank, configurable per partner. Sandbox banks share the same cap.
How do you rotate signing keys?
Publish multiple keys in /jwks.json ahead of the rotation. Each payload specifies a kid — cache by kid and refresh when you see an unknown one.