Skip to main content
PATCH
/
v0
/
applications
/
{id}
curl --request PATCH \
  --url https://api.sandbox.lead.bank/v0/applications/{id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'Idempotency-Key: <idempotency-key>' \
  --data '
{
  "metadata": {
    "external_id": "APP-2024-001"
  }
}
'
{
  "id": "application_xyz123",
  "created_at": "2023-11-07T05:31:56Z",
  "updated_at": "2023-11-07T05:31:56Z",
  "entities": {
    "account_holder_type": "commercial",
    "account_holders": [
      "entity_xyz123"
    ],
    "authorized_signers": [
      "entity_xyz123"
    ]
  },
  "details": {
    "product_name": "Growth Business Credit Line",
    "credit": {
      "is_secured": true,
      "is_mla": true,
      "underwriting_grade": "99",
      "limit": 5000000,
      "max_limit": 10000000,
      "report": {
        "score": 575,
        "pulled_at": "2023-11-07T05:31:56Z"
      }
    },
    "adverse_action_notice": {
      "delivered_at": "2023-11-07T05:31:56Z",
      "reason": "<string>"
    }
  },
  "decision": {
    "decided_at": "2023-11-07T05:31:56Z",
    "reason": "<string>",
    "exception_approval_reason": "<string>"
  },
  "documents": [
    {
      "document_id": "document_2N5Hk8xYmQpL9rBvC3jD",
      "displayed_at": "2023-11-07T05:31:56Z",
      "consented_at": "2023-11-07T05:31:56Z",
      "version": "v1"
    }
  ],
  "metadata": {}
}
Update mutable properties on an existing application. The endpoint uses JSON Merge Patch semantics (RFC 7396): omitted fields stay unchanged, explicit values overwrite, and nested objects merge recursively.

Mutable Fields

The following top-level fields accept updates on this endpoint.
FieldNotes
statusCorrect a previously reported terminal state. Allowed values: approved, declined, canceled.
detailsPartial update of product_name, credit, and adverse_action_notice. Subfields merge recursively per JSON Merge Patch.
decisionPartial update of the decision sub-object.
documentsReplaces the entire array. To add or remove a single document, send the full intended array.
metadataReplaces the entire metadata object.
All updates are subject to the same field validations that apply on POST /v0/applications. See Applications API validations for the rule set.

Immutable Fields

The following fields cannot be modified after the application is created.
  • id — Server-generated on creation.
  • created_at, updated_at — Server-managed timestamps.
  • entities (account holders, authorized signers) — Use POST /v0/applications/{id}/entity_relationships/batch to add entities and DELETE /v0/applications/{id}/entity_relationships/{entity_id} to remove them.
A PATCH that targets an immutable field returns 422 parameters_invalid with the offending field name in invalid_parameters.

Idempotency

The Idempotency-Key header is required on every request.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Headers

Idempotency-Key
string
required

Unique key to ensure idempotent requests

Maximum string length: 255

Path Parameters

id
string
required

Application ID Unique identifier for the application. Prefixed with application_.

Pattern: ^application_\w+$
Example:

"application_xyz123"

Body

application/json

Request body for updating an existing application

status
enum<string>

Terminal state of the application. Possible values: approved, declined, canceled.

Available options:
approved,
declined,
canceled
details
object

Details for updating an application (all fields optional)

decision
object

Decision-related information for the application

documents
(Disclosure · object | Consent · object)[]

Documents associated with the application

Document reference for creating applications and accounts.

One of displayed_at or consented_at is required depending on document type:

  • displayed_at: Required for aan, loan_agreement, loc_agreement, truth_in_lending_document, ach_authorization, notice_of_incompleteness, credit_score_notice, offer_summary, personal_guarantee, consumer_credit_auth, partner_privacy_policy, lead_privacy_policy, terms_of_use, fcra_notice, tcpa_consent, patriot_act_notice, mla_notice, pre_approval_terms, eft_authorization, prohibited_industry_certification, decision_maker_document, bo_certification, missed_payments_policy, lead_funds_transfer_agreement
  • consented_at: Required for esign_agreement, credit_pull_consent, consent_to_link_account, consent_to_link_hsa, negative_option_consent
metadata
object

Arbitrary metadata associated with the application

Response

Application updated successfully.

An application object representing a credit application

id
string

Unique identifier for the application. Prefixed with application_.

Pattern: ^application_\w+$
Example:

"application_xyz123"

created_at
string<date-time>

Lead server-generated ISO 8601 timestamp when the application was created.

updated_at
string<date-time>

Lead server-generated ISO 8601 timestamp when the application was last updated.

status
enum<string>

Terminal state of the application. Possible values: approved, declined, canceled.

Available options:
approved,
declined,
canceled
entities
object
read-only

Entity relationships associated with the application (response only)

details
object
read-only

Application details (response, all properties optional)

decision
object
read-only

Decision-related information (response, all properties optional)

documents
object[]

Documents associated with the application

metadata
object

Arbitrary metadata associated with the application