Connect Guideline 401(k) accounts, contributions, and portfolio data to your stack — under participant authorization
Guideline (now part of Gusto, branded "Gusto 401(k) powered by Guideline") manages billions of dollars in retirement assets for tens of thousands of small and mid-sized US employers. The participant mobile app holds high-value structured data — contribution rates, employer match, vested balances, portfolio holdings, performance history, rollover status — that finance teams, wealth advisors, and benefits-admin platforms increasingly want to read programmatically. We deliver that connection.
What we deliver
Deliverables checklist
- OpenAPI 3.1 spec for every endpoint we build
- Protocol report: TLS pinning notes, header chain, token lifetime, refresh logic
- Runnable source in Python (FastAPI) and Node.js (Express) for login, balance, statement, contribution, and rollover endpoints
- Postman collection + curl recipes for sandbox + production
- Webhook scaffolding for contribution-changed and balance-updated events
- ERISA / SECURE 2.0 data-handling brief and a sample DPIA template
Two engagement models
You choose between source-code delivery from $300 — we hand over a runnable repository plus docs, and you pay only after the first endpoint passes your acceptance test — or pay-per-call hosted API, where you call our managed endpoints under your participant authorizations and pay only for successful responses. Source delivery suits teams that want to own and audit the code; the metered model suits early-stage products that want to validate demand before owning infrastructure.
What we will not do
We will not bypass two-factor authentication, exfiltrate credentials, scrape data without written participant consent, target plan-sponsor admin sessions without sponsor authorization, or evade rate limits. Every integration is built around explicit, revocable consent, with logs available to the participant or the plan sponsor on request.
Data available for integration
The table below maps every meaningful Guideline mobile data object to the screen it lives on, the typical update frequency, and a representative downstream use. Field names are illustrative — exact response shapes are confirmed during the protocol analysis phase.
| Data type | Source screen / surface | Granularity | Typical use |
|---|---|---|---|
| Participant profile (name, DOB, address, employer) | Account > Personal info | Per participant, on change | HRIS sync, KYC pre-fill, advisor onboarding |
| Contribution rate (pre-tax, Roth, after-tax) and limits | Contributions > Settings | Per pay period | Payroll reconciliation, max-out alerts, SECURE 2.0 monitoring |
| Employer match & vesting schedule | Plan details | Plan-level, per participant cliff | Total-comp dashboards, retention modelling |
| Portfolio allocation & fund holdings | Portfolio > Holdings | Per fund, daily NAV | Net-worth aggregation, fee benchmarking, advisor review |
| Total balance & performance time-series | Home > Balance card | Daily snapshots, intraday on demand | Wealth dashboards, retirement-readiness scoring |
| Transaction history (contributions, dividends, rebalances) | Activity feed | Per transaction, sortable by date / type | Accounting export, audit, anomaly detection |
| Rollover status & documents | Consolidate > Rollover | Per rollover request | Onboarding flows for advisors and IRA platforms |
| Quarterly statement PDFs & tax documents | Documents | Per statement period | Compliance archiving, TurboTax-style imports |
| 2FA / biometric session metadata | Security settings | Per device, per session | Risk scoring, account-takeover detection |
Typical integration scenarios
1. Wealth aggregator → unified retirement view
A consumer wealth app already aggregates bank, brokerage, and crypto via Plaid and MX, but Plaid's coverage of small-business 401(k) recordkeepers is thin. We add a Guideline connector: participant authorizes via OAuth-style consent, our service exchanges tokens with the Guideline mobile auth flow, then exposes GET /v1/guideline/balance, GET /v1/guideline/holdings, and GET /v1/guideline/performance?range=1y. Maps cleanly to the OpenFinance "investment account" object.
2. Payroll-bench reconciliation
A payroll platform that competes with Gusto needs to reconcile per-participant contributions it pushed against what landed in Guideline. We expose GET /v1/guideline/contributions?from=&to= per participant and a webhook on contribution.posted. The platform diffs payroll output vs. Guideline ingestion and flags drift before the next pay run, satisfying ERISA Title I record-keeping expectations.
3. Employer benefits dashboard
An HR analytics product wants to show total-comp including 401(k) match and vested value alongside salary and equity. Plan-sponsor admin authorizes once; our connector pulls GET /v1/guideline/employer/{id}/participants, match-policy, and aggregated vesting positions. The dashboard re-renders nightly and flags participants approaching the IRS limit ($23,500 base in 2025).
4. Advisor-led rollover origination
A registered investment advisor onboarding a new client wants to ingest Guideline holdings before recommending a rollover. After participant consent the advisor reads the holdings table and statement PDFs through GET /v1/guideline/statements, generates a side-by-side fee comparison, and persists the rollover paperwork directly to the IRA custodian. This shortens onboarding from 2 weeks of PDF emailing to a single afternoon.
5. Retirement-readiness coaching
A B2B2C wellness app coaches employees toward retirement readiness. Each user authorizes Guideline; we stream contribution-rate changes and balance snapshots as events. The wellness app combines that with payroll deduction data and runs a weekly readiness score, nudging users who are below the employer-match threshold. Aligns with SECURE 2.0 §603 (Roth catch-up) reporting.
Technical implementation
All examples below are illustrative request and response shapes from a typical client wrapper. Real schemas are confirmed during protocol analysis and may include additional fields specific to the participant's plan.
1. Authorize a participant session
POST /v1/guideline/auth/login
Content-Type: application/json
{
"email": "alex@example.com",
"password": "***",
"device_fingerprint": "ios-3f9b...",
"two_factor_token": "412899"
}
200 OK
{
"access_token": "eyJhbGc...",
"refresh_token": "v1.r...",
"expires_in": 3600,
"participant_id": "pp_8df0c2",
"biometric_enrolled": true
}
2. Read balance & portfolio
GET /v1/guideline/balance
Authorization: Bearer <ACCESS_TOKEN>
200 OK
{
"participant_id": "pp_8df0c2",
"as_of": "2026-05-01T22:00:00Z",
"total_balance_usd": 84231.07,
"vested_balance_usd": 79002.18,
"ytd_contribution_usd": 9420.00,
"employer_match_ytd_usd": 4710.00,
"portfolio": {
"model": "moderate-growth",
"holdings": [
{"ticker":"VTSAX","weight":0.42,"value":35377.05},
{"ticker":"VTIAX","weight":0.18,"value":15161.59},
{"ticker":"VBTLX","weight":0.30,"value":25269.32},
{"ticker":"VTABX","weight":0.10,"value":8423.11}
]
}
}
3. Subscribe to contribution events
POST /v1/guideline/webhooks
Authorization: Bearer <ACCESS_TOKEN>
Content-Type: application/json
{
"url": "https://your.app/hooks/guideline",
"events": ["contribution.posted",
"balance.updated",
"rollover.completed"],
"signing_secret": "whsec_..."
}
# Sample delivery
{
"event": "contribution.posted",
"participant_id": "pp_8df0c2",
"pay_period_end": "2026-04-26",
"pre_tax_usd": 350.00,
"roth_usd": 0.00,
"employer_match_usd": 175.00,
"source": "gusto-payroll-sync"
}
Error handling & retries
Token expiry returns 401 token_expired; clients refresh via POST /v1/guideline/auth/refresh with idempotency keys. Rate-limited responses arrive as 429 with Retry-After headers. Statement PDF endpoints return 202 Accepted plus a polling URL when a quarterly document is still being assembled. Our SDKs back off with exponential jitter and surface human-readable error codes (two_factor_required, plan_not_found, match_policy_locked) instead of opaque numbers.
Compliance & privacy
Regulatory alignment
401(k) plans are governed by ERISA, administered by the US Department of Labor's Employee Benefits Security Administration (EBSA), and overlaid by the Internal Revenue Code Section 401(k). Recent rule changes from SECURE 2.0 (2022) introduced auto-enrolment for new plans, the Roth catch-up rule for high earners (§603), and the saver's match. Our integrations preserve the audit trail every plan administrator needs and never alter the recordkeeper's books of record.
Privacy & security posture
Participant data is treated as Personal Financial Information (PFI). We follow the Gramm-Leach-Bliley Act Safeguards Rule on data security, encrypt PII at rest with AES-256 and in transit with TLS 1.3, rotate signing secrets quarterly, and apply data-minimization — we only fetch the fields each downstream feature actually needs. Consent is logged with a versioned scope string and is fully revocable from a participant-facing settings panel we provide as a starter component.
Data flow & architecture
A typical Guideline integration runs through four stages, with consent revocation propagated end-to-end:
The connector talks to the Guideline mobile authorization surface under the participant's credentials, normalizes responses into an OpenFinance-style investment-account schema, persists only what your scope requires, and exposes the result through your stack — webhook, REST, or GraphQL. Every node logs a correlation ID so a single contribution event can be traced from the payroll provider through Guideline back to the participant's wellness dashboard.
Market positioning & user profile
Guideline serves primarily US small and mid-sized businesses (SMBs) that want a low-friction 401(k) without a traditional broker. Plan sponsors are typically 5 to 500 employees in tech, professional services, restaurants, and creative agencies; participants skew younger than the legacy recordkeeper average and engage heavily through mobile (the iOS and Android apps won the 2024 Fast Company Innovation by Design Award in the Mid-Size business category). The platform is bilingual (English + Spanish customer support), Android and iOS native, and as of November 2025 is sold under the unified "Gusto 401(k) powered by Guideline" brand. Integration buyers are typically benefits-admin platforms, vertical HR tech, RIAs adding workplace plans to their offering, and B2B2C wellness products.
Screenshots
Click any thumbnail to view a larger version. These reflect the public Google Play listing and illustrate which screens each integration data type comes from.
Similar apps & the integration landscape
Teams evaluating a Guideline integration almost always look across the wider 401(k) and workplace-investing landscape. The platforms below sit alongside Guideline; we list them as part of the ecosystem, not as comparisons. Many of our clients end up integrating two or three of these in parallel so a single dashboard or pipeline can reason about a portfolio of plan recordkeepers.
Human Interest
SMB-focused recordkeeper with deep payroll integrations. Holds participant contribution history and fund-level positions; teams that aggregate Guideline often want a parallel Human Interest connector for cross-employer reporting.
Betterment at Work
Robo-advisor extension into workplace 401(k). Exposes goal-based portfolio data and fee transparency; useful when a wealth aggregator is normalizing both Guideline and Betterment under one investment-account schema.
401GO
Mobile-first plan starting at low monthly cost, popular with very early-stage startups. Holds the same contribution and balance objects, plus an unusually rich onboarding event stream worth ingesting.
Vestwell
Open-architecture digital recordkeeper used by many state auto-IRA programs. Often appears alongside Guideline in advisor portfolios; integration data shape is similar but plan-sponsor admin permissions are richer.
ForUsAll
SMB recordkeeper with a strong compliance focus. Useful in scenarios where a benefits-admin product needs ERISA testing data alongside the lighter participant data Guideline exposes.
Ubiquity Retirement + Savings
Flat-fee SMB 401(k) provider serving very small employers. Holds the same participant balance and contribution data; pairs well with Guideline data when a payroll bench wants full ecosystem coverage.
Empower
One of the largest US recordkeepers by AUM. Many participants who have a Guideline plan at their current job also have legacy Empower balances from prior employers — rollover origination flows commonly need both.
Fidelity NetBenefits
Workplace investing super-app with extensive holdings, performance, and statement data. Often the second connector requested after Guideline for any aggregator targeting US employees.
Vanguard Retirement
Low-cost index-fund-led workplace plan provider. Aggregators that ingest Guideline often follow with a Vanguard connector to give participants a single unified retirement view.
ShareBuilder 401k
Cost-conscious SMB 401(k) used by many side-by-side with Guideline during plan-shopping. Same data contour — contribution rate, vesting, holdings — which makes a shared schema easy to design once.
About OpenFinance Lab
We are an independent technical studio focused on App interface integration and authorized API integration. The team has spent years across mobile fintech, retirement plan administration, payroll connectors, and protocol analysis, and we ship end-to-end financial APIs under tight security and compliance constraints. We work with US plan sponsors, RIAs, benefits-admin platforms, and international fintechs that need a clean way to read US workplace-retirement data.
- Mobile fintech, digital banking, retirement, and brokerage protocol experience
- Custom Python / Node.js / Go SDKs and test harnesses
- Full pipeline: protocol analysis → build → validation → compliance review
- Source-code delivery from $300 — pay after delivery upon satisfaction
- Pay-per-call hosted API — only pay for the calls you make, no upfront fee
Contact
For quotes or to submit your target app and requirements, open our contact page:
Typical response within one business day. NDAs available before scoping calls; sandbox demos can be shared after a short authorization questionnaire.
Engagement workflow
- Scope confirmation: which Guideline data objects, which participant cohort, plan-sponsor or participant-led consent.
- Protocol analysis & API design (2–5 business days).
- Build, normalize, and internal validation against a sandbox plan (3–8 business days).
- OpenAPI spec, sample SDK, and acceptance test pack delivered (1–2 business days).
- First production rollout: 5–15 business days; multi-employer admin flows may extend timelines.
FAQ
Does Guideline have a public REST API for participants?
What Guideline data can you make available through an integration?
How do you handle compliance for a 401(k) integration?
How long does a Guideline integration take to deliver?
📱 Original app overview (appendix)
Guideline has joined Gusto. The mobile app makes it refreshingly easy to set up a 401(k) account and track progress anytime, anywhere — and won the 2024 Fast Company Innovation by Design Award (Mid-Size Business category) for that experience. Customer service for the platform was recognized again in 2025 with a Bronze Stevie Award (Customer Service Team of the Year — Financial Services & Insurance) at The American Business Awards.
- Set up in minutes — open a 401(k) directly from the phone with no computer required.
- Access anytime — adjust contribution amounts and modify investment portfolios in a few taps.
- Invest with confidence — risk questionnaire selects a portfolio; the platform automatically rebalances to keep allocations on target.
- Check progress — view portfolio composition, performance, and total retirement savings to date.
- Consolidate savings — roll over outside accounts directly from the app to centralize savings under Guideline's portfolio management and low fees.
- Mobile-first security — two-factor authentication and biometric recognition protect every session.
- Award-winning customer support — live support available in English and Spanish, plus how-to guides and FAQs in the Help Center.
Disclosures: investing involves risk and investments may lose value; consult a qualified financial adviser or tax professional. See my.guideline.com/agreements/fees for current fees and services. Investment advisory services for Guideline's 401(k) product (when 3(38) fiduciary services are appointed) are offered by Gusto Investment Services, LLC, an SEC-registered investment adviser. Learn more at retirement.gusto.com.