Protección (com.ProteccionApp): wiring pension & cesantías reads into a daily data feed
A Colombian AFP affiliate has three balances inside one app — Pensión Obligatoria, Pensión Voluntaria (+Protección), and cesantías — and a PDF locker (Certifácil) sitting next to them. This page describes how we turn that into a freshness-window-driven feed under the user's own consent, while the Finanzas Abiertas perimeter for AFPs is still being operationalised.
App snapshot
| App | Protección — Administradora de Fondos de Pensiones y Cesantías Protección S.A. (Grupo SURA) |
|---|---|
| Package / store id | com.ProteccionApp (Android); iOS App Store id 1015636587 |
| Publisher | Pensiones y Cesantías Protección, Medellín, Antioquia (per Google Play listing) |
| Version observed | 4.3.1, last updated 22 May 2024, per the apps.apple.com Colombia listing |
| Country / regime | Colombia. SFC-supervised AFP under Finanzas Abiertas perimeter (Decreto 0368 de 2026) |
| Product perimeter | Pensión Obligatoria, Pensión Voluntaria / +Protección, Cesantías, Certifácil PDFs, pension-request tracking |
| Data feed shape | JSON snapshot per (affiliate, product) plus binary blob for certificate PDFs |
| Ingestion cadence | Default daily 02:00 COT pull; on-demand /refresh for user-triggered views; certificate fetch on request |
| Sync window | Configurable 15 min / 1 h / 24 h; missed pulls retried with jittered back-off for 6 h |
| SDK targets | Python 3.11, Node 20, optional Go 1.22 client |
| Engagement (snapshot row) | Source-code delivery from US$300, paid on acceptance; or pay-per-call hosted endpoint, no upfront. 1–2 week build cycle. |
Reachable surfaces (and what stays out)
Protección's consumer surface is the official Android/iOS app plus the Portal Afiliados web channel. Under explicit affiliate consent, both expose the same read perimeter. The scope below is what we treat as in-bounds for an ingestion build; anything beyond is left alone.
- Pensión Obligatoria — balance, fund choice (conservador / moderado / mayor riesgo / programado), latest contribution date, employer-tagged movement lines.
- Pensión Voluntaria / +Protección — voluntary plan balance, alternative-by-alternative composition, contributions and withdrawals timeline.
- Cesantías — balance, employer-by-employer breakdown, withdrawal status from the online retirement/withdrawal portal (per the app's store description).
- Certifácil PDFs — afiliación a Pensión Obligatoria, afiliación a Cesantías, aportes y retenciones de cesantías, certificado como pensionado, generated on demand and emailed or downloaded (per the proteccion.com Certifácil page).
- Pension-request status — tracking for old-age and disability pension applications, mirrored from the Seguimiento a mi solicitud de pensión view in the affiliate portal.
Out of bounds for this build: any write that moves money or changes the affiliate's fund, scraping aggregate fund-performance numbers Protección publishes for the market, and anything that would touch another affiliate's record.
What ships in the build
The output is concrete software, not a memo. Order of priority:
- Runnable Python (3.11) and Node (20) source — a small library that authenticates against the affiliate channel under the user's consent, pulls the snapshot for the requested products, returns a normalised JSON payload, and writes the raw response next to it for replay.
- Sync & freshness design — a scheduler module with the freshness windows from the snapshot row, plus a single
/refreshendpoint that fires an on-demand pull and updates your store under the same consent token. - Reconciliation logic — snapshot diffing per (affiliate, product, captured_at), typed alerts for balance jumps outside tolerance, missing-product detection, and a freshness SLO check that raises before a downstream consumer reads stale data.
- Automated test harness — recorded-fixture tests covering each product surface, a contract test that fails when the upstream JSON shape drifts, and a smoke test wired for CI.
- Secondary, on request: an OpenAPI description of the shipped contract, a one-page authentication-flow note, and a short compliance memo aligned to the Finanzas Abiertas trajectory under Decreto 0368/2026.
Sample call against the shipped contract
The hosted variant exposes one endpoint per product family, plus a certificate retrieval call. Calls are scoped by the consent token issued when the affiliate authorises the link.
# Python 3.11
from openfinance_lab import ProteccionClient
cli = ProteccionClient(consent_token=CONSENT)
# 1) Pension + cesantías snapshot for one affiliate, single round trip
snap = cli.snapshot(products=["pension_obligatoria",
"pension_voluntaria",
"cesantias"],
freshness="1h") # accept up to 1h-old cached snapshot
print(snap["pension_obligatoria"]["balance_cop"],
snap["pension_obligatoria"]["fund"], # e.g. "moderado"
snap["captured_at"]) # ISO-8601, COT
# 2) Force a fresh read (on-demand refresh path)
fresh = cli.refresh(products=["cesantias"])
# 3) Pull a Certifácil PDF by type (afiliacion | aportes_retenciones | pensionado)
pdf = cli.certificate(kind="aportes_retenciones", year=2025)
open("cert.pdf", "wb").write(pdf.bytes)
# Response shape (truncated)
# {
# "affiliate_id": "CO-CC-...redacted...",
# "captured_at": "2026-05-31T02:14:07-05:00",
# "pension_obligatoria": {"balance_cop": 184320500, "fund": "moderado",
# "last_contribution": "2026-05-15"},
# "cesantias": {"balance_cop": 6420100,
# "employers": [{"nit": "...", "balance_cop": 6420100}]},
# "pension_voluntaria": {"balance_cop": 21500000,
# "alternatives": [{"name": "+Protección Moderado",
# "balance_cop": 21500000}]}
# }
Where teams plug this in
- Retirement-planning dashboards — pull all three Protección balances daily, blend with the user's other AFP or Colpensiones data, and show a single net retirement position.
- Cesantías-backed lending — on application, fire
/refreshfor cesantías, ingest the latest aportes-y-retenciones PDF as proof, and run affordability against captured_at < 15 minutes. - Employer HR portals — for the employer-tagged movement lines on cesantías, drive a periodic reconciliation against the employer's own contribution records to catch posting gaps before payroll closes.
- Tax season prep — schedule a one-shot January pull of the certificado de aportes y retenciones for every consenting user, store the PDFs, and surface them in-product.
Freshness, reconciliation & failure modes
The ingestion layer is built around three knobs the consumer controls:
- Freshness window — per call, the consumer declares the oldest
captured_atit will accept. If the cache is older, the client transparently re-reads; if it is fresh enough, the call returns the cached snapshot. - Reconciliation pass — a nightly job diffs the latest two snapshots per (affiliate, product). Configurable tolerance bands separate normal contribution-driven movement from suspicious jumps; product-missing-from-payload is its own typed alert, not a silent zero.
- Staleness SLO — every product family has a max-age. A snapshot older than the SLO raises before any downstream read can consume it, so consumers never see stale data without a flag.
Failure modes we model explicitly: affiliate consent revoked mid-cycle, Protección affiliate channel down or rate-limiting, certificate generation queue delay (Certifácil is asynchronous in practice), and product appearing/disappearing in the payload when an affiliate changes plan. Each surfaces as a typed error a consumer can match on, not a 500.
Interface evidence
Screens captured from the public Play Store listing for com.ProteccionApp, used to anchor field names and product surfaces during the build.
Regulatory framing (Colombia)
Protección S.A. is one of four private AFPs operating in Colombia alongside the public Colpensiones, and is supervised by the Superintendencia Financiera de Colombia with policy set by the Unidad de Regulación Financiera. Open Finance was first established as a voluntary regime under Decreto 1297 de 2022 and then replaced by Decreto 0368 de 2026, which makes data-sharing mandatory across SFC-supervised entities — pension fund managers included.
That puts Protección inside the perimeter of supervised entities for Finanzas Abiertas, with one practical caveat: the SFC's technical standards (APIs, data schemas, consent UX) and the AFP go-live date are still being operationalised, on a different track from core deposit banking. Until those rails are live for AFPs, the route we build against is user-consented access to the affiliate channel, with the same contract designed to migrate onto the regulated route once it is published.
Sources & engineering notes
The Protección particulars on this page were checked against the app's public store listings, Protección's own affiliate-portal documentation, and the current Colombian Open Finance regime. Citations link out for verification.
- Protección — Google Play listing (com.ProteccionApp) — package id, developer identity, feature set.
- Protección — App Store Colombia (id 1015636587) — app version 4.3.1, updated 22 May 2024, Spanish feature description.
- Protección — Certifácil (affiliate portal) — supported certificate types: afiliación, aportes y retenciones, pensionado.
- Colombia's Open Finance just became mandatory — Decreto 0368/2026 — voluntary 1297/2022 superseded; AFPs within SFC-supervised perimeter.
Common questions
How fresh is the Protección data you return?
Pension and cesantías balances are pulled on the cadence the consumer needs — most teams pick daily after 02:00 COT, with on-demand refresh when a user opens their dashboard. Certifácil PDFs are fetched only when the user (or app) asks for one, so we do not stale-cache a tax document.
Batch or realtime — which do you build?
Both. The default is a scheduled pull on a freshness window you pick (15-minute, hourly, daily). For event-style flows we expose a /refresh endpoint that runs an on-demand fetch under the user's consent and writes through to your store. Push from Protección itself is not part of the picture.
Which Protección balances and documents can a consenting user share?
Anything the user can already read in the app or affiliate portal: Pensión Obligatoria balance and fund, Pensión Voluntaria / +Protección plan holdings, cesantías balance and movements, pension-request status, and Certifácil PDFs (afiliación, aportes y retenciones, pensionado).
How is the data reconciled — what stops silent drift?
Each pull writes a snapshot keyed by (affiliate-id, product, captured_at). A nightly job diffs the latest two snapshots per product; balance jumps outside a configurable tolerance, missing products, or a stale capture older than the freshness SLO raise a typed alert on your side.
Does this rely on Decreto 0368 / Finanzas Abiertas being live for AFPs?
No. Decreto 0368 de 2026 brings AFPs into the SFC Open Finance perimeter, but the technical standards and AFP go-live are still being defined. We work today through user-consented access to the affiliate channel, and migrate the same contract to a regulated route once the AFP rails ship.
What SDK targets do you ship against?
Python 3.11 and Node 20 are the defaults; we also publish a thin Go client when teams ask. The contract is the same JSON shape on all of them, so a Python ingestor and a Node consumer see identical fields.
Pricing and how to start
Builds for Protección run on one of these footings, picked when we scope: source-code delivery from US$300, paid after the code is delivered and you are satisfied with the tests passing on your side; or a pay-per-call hosted endpoint on our infrastructure, no upfront fee, billed against the calls your system actually makes. Either way the cycle is 1 to 2 weeks from kick-off to a working ingestion against a sample affiliate account. To start a scope conversation, write in via /contact.html with the products you need (pensión obligatoria / voluntaria / cesantías / Certifácil), your preferred freshness window, and whether you want source or hosted.
ProtecciónAFP ColombiaFinanzas AbiertasSFC perimeter Disclaimer: Protección is the registered consumer app of Administradora de Fondos de Pensiones y Cesantías Protección S.A.; this page describes user-consented ingestion patterns built by OpenFinance Lab and is not affiliated with Grupo SURA.
Reviewed 2026-05-31 · OpenFinance Lab ingestion engineering notes