The Cobalt Intelligence Implementation Guide: From Sandbox to Production in <1 Week

Most third-party integrations in fintech are 6-week slogs involving extensive compliance reviews, complex OAuth flows, and opaque documentation.

We built the Cobalt Intelligence SOS API to be the exact opposite.

When 1West’s engineering team integrated our solution, their CTO Shane noted it took "less than a week in terms of just the core build"—roughly 20-30 developer hours total.

This guide outlines exactly how to replicate that speed. It covers the technical prerequisites, sandbox testing strategies, and the cutover checklist to ensure your underwriting automation goes live without breaking your existing workflow.

1. Pre-Integration Checklist

Before you assign a sprint to your engineering team, ensure you have the necessary access and architectural decisions in place.

The Tech Stack:

The API is standard REST returning JSON. It is language-agnostic. Whether your Loan Origination System (LOS) is built on Node, Python, .NET, or Java, the integration pattern is identical.

Security & Auth:

We use standard API key authentication via headers. You do not need to build complex OAuth handshake flows.

• Credentials: You get a single API key that works for both testing and production.
• IP Whitelisting: Not required for standard implementation, simplifying deployment.

Resource Requirements:

• Developer Time: Plan for 20-40 hours for a full integration including error handling and UI updates.
• Stakeholders: One backend engineer and one product/risk owner to define the "knockout" logic (e.g., Auto-Decline if Status = 'Dissolved').

✅ Pre-Integration Checklist

• [ ] API Credentials Obtained: Generated immediately upon signup
• [ ] Rate Limits Confirmed: Verify your tier supports your expected burst volume (e.g., 50 req/sec) to avoid 429 errors.
• [ ] Failover Strategy Defined: Decide if you will fallback to cached data (liveData=false) or manual review if a state site goes down.
• [ ] Field Mapping Completed: Map Cobalt fields (e.g., filingDate) to your internal CRM fields.

2. Sandbox Environment

Do not test with live borrower data immediately. State websites can be temperamental, and you need to ensure your system handles timeouts and "no record found" responses gracefully before spending credits.

Accessing the Sandbox:

Your API key works in Sandbox mode immediately. You can trigger "dummy" responses to validate your parsing logic without hitting real state sites or consuming billable credits.

Testing Strategy:

1. Happy Path: Send a request for a known active business (e.g., "Apple Inc" in CA) to validate JSON parsing.
2. The "Incomplete" Signal: Test how your system handles the 202 Accepted status. This happens when a state takes >20 seconds. You must implement polling via retryId or, preferably, a webhook listener via callbackUrl.
3. Error Handling: Simulate a 429 Too Many Requests to ensure your exponential backoff logic works.

Sandbox vs. Production

3. Integration Timelines & Milestones

If you are a high-volume lender (500+ apps/month), you can run a parallel pilot. Do not turn off your manual process on Day 1. Run the API in the background ("shadow mode") to compare results against your human underwriters.

Realistic Timeline: 5–10 Days

• Days 1-2: Discovery & Auth
  
  • Get API Key.
  • Test connection in Postman.
  • Configure callbackUrl endpoint to receive webhooks.
• Days 3-5: Core Build
  
  • Build the request trigger (e.g., "On Application Submit").
  • Map JSON responses to your database.
  • Implement "Waterfall Logic" (If exact match fails → try fuzzy match.
• Days 6-8: Internal QA & Shadow Mode
  
  • Run 50 historical applications through the API.
  • Compare normalizedStatus against what your underwriters found manually.
• Day 10: Production Pilot
  
  • Enable auto-decisioning for high-confidence matches (Score > 0.90).

Common Delays:

• Legal/Compliance: Start this early. We can provide standard terms or an MSA.
• State Latency Handling: Developers often assume all APIs return instantly. State sites do not. Ensure your UI doesn't hang while waiting for Delaware.

4. Production Cutover Checklist

When you are ready to remove the "human safety net," follow this protocol to minimize risk.

Deployment Strategy:

We recommend a Phased Rollout. Start by automating only the "Easy" states (FL, NY, TX) where data is fast and reliable18. Once stable, enable slower states (DE, NV).

Monitoring:

Set up alerts for 500 errors. Remember, if a state site crashes, we return a 500 error so you aren't billed19. Your system needs to route these specific applications to a manual queue, not auto-decline them.

✅ Go-Live Checklist

• [ ] Load Testing: Verify your webhook listener can handle concurrent posts during peak hours.
• [ ] Error Handling: Confirm your system correctly interprets addressMatch: false vs confidenceLevel scores.
• [ ] Billing Setup: Ensure your credit card is on file to avoid service interruption after trial credits expire.
• [ ] Rollback Plan: If the API error rate spikes (e.g., a major state outage), have a "kill switch" to revert applications to the manual processing queue.

[Download the full API documentation here to get started]

‍