VinChex API

v2.1
Base URL: https://vinchex.com/api
Request Access

Quick Navigation

Overview

The VinChex API provides endpoints for managing VINs and billing reports. The API uses OAuth 2.0 client credentials flow for authentication and returns JSON responses.

Important Notes

  • • All API requests must use HTTPS
  • • Authentication is required for all protected endpoints
  • • All timestamps are in UTC format
  • • Rate limiting is enforced (see documentation below)

Authentication

The API uses OAuth 2.0 client credentials grant type for authentication. You need to obtain an access token before making requests to protected endpoints.

Get Access Token

POST /oauth/token

Obtain an access token using client credentials.

Parameters

Parameter Type Required Description
grant_type string Yes Must be "client_credentials"
client_id string Yes Your client ID
client_secret string Yes Your client secret

Example Request

curl -X POST "https://vinchex.com/api/oauth/token" \
  -H "Content-Type: application/json" \
  -d '{
    "grant_type": "client_credentials",
    "client_id": "your_client_id",
    "client_secret": "your_client_secret"
  }'

Example Response

{
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...",
  "token_type": "Bearer",
  "expires_in": 86400,
  "expires_at": 1691766000,
  "company_id": 123,
  "company_name": "Example Company"
}

Response Fields

  • access_token: The Bearer token to use for authentication
  • token_type: Always "Bearer"
  • expires_in: Number of seconds until token expires
  • expires_at: Unix timestamp when token expires
  • company_id: ID of the authenticated company
  • company_name: Name of the authenticated company

Revoke Access Token

POST /oauth/revoke

Revoke an access token.

Example Request

curl -X POST "https://vinchex.com/api/oauth/revoke" \
  -H "Content-Type: application/json" \
  -d '{
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9..."
  }'

Authorization Header

All protected endpoints require a valid Bearer token in the Authorization header:

Authorization: Bearer your_access_token

Data Types

VinState

The VinState data type represents the processing status of a VIN in the system. It is an integer-backed enum with the following values:

Value Label Description
0 Inactive VIN has been deactivated or removed from processing
1 Pending VIN is queued for lienholder lookup processing
2 In Progress VIN lienholder lookup is currently being processed
3 Completed VIN lienholder lookup completed successfully

Usage in API

  • Input: Use integer values (0, 1, 2, 3) in query parameters and request bodies
  • Output: API responses return the human-readable label ("Inactive", "Pending", "In Progress", "Completed")

VIN Priority

The Priority data type represents the validation priority level of a VIN in the system. It is an integer-backed enum with the following values:

Value Label Description
0 Low Low Risk
1 Medium Medium Risk
2 High High Risk

Usage in API

  • Input: Use integer values (0, 1, 2) when setting priority levels
  • Output: API responses return the integer value for priority level
  • Processing: Higher priority VINs may be processed ahead of lower priority ones
  • Default: If not specified, VINs default to LOW (0) priority

VIN Management

List VINs

GET /vins

Get a paginated list of VINs with optional filtering.

Note: At least one of vin or state parameter is required.

Query Parameters

Parameter Type Required Description
vinstringRequired when state is not presentVIN to search for
stateintegerRequired when vin is not presentFilter by VinState (only 1=Pending, 3=Completed accepted)
per_pageintegerNoResults per page (1-1000, default: 100)

Example Request

curl -X GET "https://vinchex.com/api/vins?vin=1HGBH41&state=1&per_page=20" \
  -H "Authorization: Bearer your_access_token"

Example Response

{
  "success": true,
  "message": "VINs retrieved successfully",
  "data": [
    {
      "id": 1234,
      "vin": "1HGBH41JXMN109186",
      "state": 1,
      "registered_state": "CA",
      "priority": 2,
      "title_date": null,
      "lienholder": null,
      "restricted_state": false,
      "data_found": false
    },
    {
      "id": 1235,
      "vin": "1HGBH41KXMN109187",
      "state": 1,
      "registered_state": "TX",
      "priority": 0,
      "title_date": "2020-01-01",
      "lienholder": "Chase Auto Finance",
      "restricted_state": true,
      "data_found": true
    }
  ],
  "pagination": {
    "current_page": 1,
    "per_page": 20,
    "total": 98,
    "last_page": 5,
    "from": 1,
    "to": 20
  }
}

Response Fields

  • id: Unique identifier for the VIN record
  • vin: The Vehicle Identification Number
  • state: Processing state (see VinState)
  • registered_state: Two-letter US state abbreviation where vehicle is registered (e.g., "CA", "TX") or null
  • priority: Priority level (see VinPriority)
  • title_date: Date from the latest lienholder history record or null
  • lienholder: Name of the lienholder from latest history or null
  • restricted_state: Boolean indicating if the VIN is in a restricted state (true when vehicle registration state restricts data access)
  • data_found: Boolean indicating whether lienholder data was successfully retrieved for this VIN (true when at least one lienholder history record exists)

Add VINs

POST /vins/add

Add multiple VINs to the system. VINs are queued for asynchronous processing. Creates new VINs or updates existing ones to VinState PENDING.

Request Parameters

Field Type Required Description
vins array Yes Array of VIN objects
vins[].vin string Yes VIN string (10-17 chars, alphanumeric excluding I, O, Q)
vins[].lienholder string Yes Lienholder name (max 255 chars, case-insensitive lookup)
vins[].origination_date date No Date when the VIN originated (format: YYYY-MM-DD)

Example Request

curl -X POST "https://vinchex.com/api/vins/add" \
  -H "Authorization: Bearer your_access_token" \
  -H "Content-Type: application/json" \
  -d '{
    "vins": [
      {
        "vin": "1HGBH41JXMN109186",
        "lienholder": "Chase Auto Finance",
        "origination_date": "2025-09-15"
      },
      {
        "vin": "2T1BURHE0JC123456",
        "lienholder": "Wells Fargo Auto",
        "origination_date": "2025-09-20"
      }
    ]
  }'

Example Response (202 Accepted)

{
  "success": true,
  "message": "VINs have been queued for processing",
  "processing_type": "queued",
  "total_vins": 2,
  "size": "0.5 KB"
}

Processing Notes

  • • All VINs are queued for background processing
  • • Returns HTTP 202 (Accepted) status immediately
  • • Maximum payload size: 2MB
  • New in v2.1: origination_date is now required for all VIN submissions
  • • Duplicate VINs in the same request will cause validation error
  • • Use options.ignore_duplicates: true to skip duplicates

Deactivate VINs

PATCH /vins/remove

Deactivate VINs by setting their state to VinState INACTIVE

Example Request

curl -X PATCH "https://vinchex.com/api/vins/remove" \
  -H "Authorization: Bearer your_access_token" \
  -H "Content-Type: application/json" \
  -d '{
    "vins": [
      "1HGBH41JXMN109186",
      "2T1BURHE0JC123456"
    ]
  }'

Example Response

{
  "success": true,
  "message": "VINs deactivated successfully",
  "data": {
    "deactivated_count": 2,
    "deactivated_vins": [
      {
        "id": 1236,
        "vin": "1HGBH41JXMN109186",
        "state": 0,
        "state_label": "Inactive",
        "deactivated_at": "2024-01-15T14:30:00Z"
      },
      {
        "id": 1237,
        "vin": "2T1BURHE0JC123456",
        "state": 0,
        "state_label": "Inactive",
        "deactivated_at": "2024-01-15T14:30:00Z"
      }
    ],
    "not_found": [],
    "already_inactive": []
  }
}

Error Responses

The API returns consistent error responses with appropriate HTTP status codes:

Validation Error (422)

{
  "success": false,
  "message": "Validation failed",
  "errors": {
    "vin": ["The vin field is required."]
  }
}

Authentication Error (401)

{
  "success": false,
  "message": "Company not found in authentication context"
}

Not Found Error (404)

{
  "success": false,
  "message": "Resource not found"
}

Server Error (500)

{
  "success": false,
  "message": "An error occurred while processing the request",
  "error": "Detailed error message"
}

Best Practices

Security

  • • Always use HTTPS for API requests
  • • Store access tokens securely
  • • Refresh tokens before expiration

Error Handling

  • • Check the `success` field in responses
  • • Implement retry logic for transient errors
  • • Use exponential backoff for retries

Performance

  • • Use pagination for large datasets
  • • Validate data before sending requests
  • • Implement request caching when appropriate

API Usage

  • • Use appropriate HTTP methods
  • • Respect rate limiting
  • • Send proper Content-Type headers

Support & Contact

For API support, questions, or feature requests, please contact our development team.

Documentation

Additional technical documentation and guides are available in the project repository.

Rate Limiting

Rate limiting is enforced to ensure fair usage. Monitor your usage and implement appropriate throttling.