Remessa Online API integration services (câmbio / OpenFinance)

Deliverables checklist

• API specification in OpenAPI / Swagger for the integrated endpoints (auth, quote, customer, inbound, outbound, statement, webhook)
• Protocol & auth-flow report — token issuance, Basic base64(client_id:client_secret) handshake, 60-minute bearer lifetime, refresh strategy, and mobile-app session chain where relevant
• Runnable source code (Python / Node.js, Go on request) for login, FX quote retrieval, transfer creation and statement export
• Webhook receiver sample with signature verification, idempotency keys and retry handling
• Automated tests, Postman/Insomnia collection and human-readable API documentation
• Compliance guidance — LGPD data map, consent logging, retention windows, Banco Central / Open Finance Brasil alignment notes

Engagement models

• Source-code delivery from $300 — you receive runnable API source and full documentation; you pay after delivery once you have verified it works against your scenario.
• Pay-per-call hosted API — call our managed endpoints and pay only per request, no upfront cost; suited to teams that prefer usage-based pricing or want to validate before owning the code.
• Both models cover Android and iOS behaviour and ship with a short test plan so your QA can re-run the checks.

Account login & customer registration API

Mirrors the app authorization and the Corporate Customer Registration flow: bind a PF or PJ customer, submit identity and document data, poll registration status, and refresh bearer tokens before the 60-minute window expires. Concrete use: onboard a partner's existing client base into Remessa Online without manual re-keying, then keep KYC fields in sync.

Câmbio (FX) quote API

Requests a spot quote for a currency pair and amount, returns the rate, IOF/spread breakdown where exposed, the quote id and its validity window; an optional WebSocket stream pushes live rate ticks. Concrete use: show a live "you send / they receive" widget and lock the rate before creating a transaction so the booked rate matches what the user saw.

Outbound transfer API

Creates an international payment after a quote is accepted: beneficiary details, purpose code, source of funds, destination country among the 100+ supported. Concrete use: pay overseas suppliers, tuition or contractors directly from an ERP "approve payment" button and store the returned transaction id for reconciliation.

Inbound transfer & receivables API

Registers expected inbound operations (AdSense, salary, marketplace settlement, family transfer), then exposes the matched credit with sender, currency, amount in foreign currency and BRL, and the applied rate. Concrete use: auto-match incoming USD/EUR/GBP against open invoices and feed revenue recognition.

Transaction history & statement export

Returns paged transaction lists filtered by date range, direction, status and currency, with export to JSON, Excel or PDF. Concrete use: nightly pull of the exchange-transaction history into a data warehouse for treasury reporting and spread analytics.

Webhooks & Global Account context

Registers callback URLs to receive transaction status changes, quote-expiry events and document-request notifications; surfaces Global Account (Conta Global) balance and EUR/USD debit-card transaction context introduced in 2024. Concrete use: drive a real-time operations dashboard and alert finance the moment a transfer settles or a document is requested.

1 · AdSense & creator payout reconciliation (PF)

Context: a Brazilian creator or small studio receives monthly Google AdSense payments through Remessa Online and needs them booked automatically. Data/API: inbound transaction API + statement export, filtered by sender and currency. OpenFinance mapping: the inbound credit (foreign amount, BRL amount, applied rate, date) is normalized into an Open Finance-style "transaction resource" and pushed to the user's accounting tool, so revenue is recognized the day the money lands rather than at month-end.

2 · ERP-driven supplier & tuition payments (PJ)

Context: a company pays overseas suppliers and university fees and wants payments initiated from its ERP approval queue. Data/API: câmbio quote API to lock a rate, then outbound transaction API with beneficiary, purpose code and source-of-funds. OpenFinance mapping: the flow mirrors a payment-initiation journey — quote, consent/confirm, execute, receive status webhook — with the returned transaction id stored against the ERP voucher for end-to-end traceability.

3 · Treasury dashboard & FX spread analytics

Context: a finance team wants a single view of all cross-border activity and to monitor the spread applied versus the market mid-rate. Data/API: nightly statement export + FX quote history. OpenFinance mapping: transactions and quotes are loaded into a warehouse as standardized records, joined with public reference rates, and surfaced in a BI dashboard — the same "aggregate then analyze" pattern Open Finance enables for multi-institution data.

4 · Marketplace / payroll inbound matching

Context: a marketplace operator or staffing firm receives bulk settlements and salaries from abroad and must split them across many internal accounts. Data/API: register expected inbound operations, then consume webhook events as each credit clears. OpenFinance mapping: each event is treated as an immutable ledger entry; an idempotent consumer fans it out to sub-ledgers, exactly the kind of event-driven reconciliation Open Banking webhooks are designed for.

5 · Compliance & audit evidence pack

Context: an auditor or internal control function needs a defensible record of every FX operation for a period. Data/API: statement export (PDF + JSON) plus per-transaction metadata (purpose, counterparty, documents, status timeline). OpenFinance mapping: the export is packaged as a signed, timestamped evidence bundle with a consent log, aligning with Banco Central reporting expectations and LGPD record-keeping.

1 · Authenticate (issue a bearer token)

POST /v1/api/auth
Authorization: Basic base64(client_id:client_secret)
Accept: application/json

# 200 OK
{
  "access_token": "eyJhbGciOi...",
  "token_type": "Bearer",
  "expires_in": 3600          // valid ~60 minutes, then re-issue
}

# 401 -> invalid client credentials; do not retry, alert ops

2 · Get a câmbio (FX) quote

POST /v1/api/quotes
Authorization: Bearer <ACCESS_TOKEN>
Content-Type: application/json

{
  "operation": "OUTBOUND",
  "source_currency": "BRL",
  "target_currency": "USD",
  "target_amount": 1500.00,
  "purpose_code": "EDUCATION"
}

# 200 OK
{
  "quote_id": "qt_9f2c...",
  "rate": 5.1234,
  "source_amount": 7715.10,
  "fees": { "iof": 30.86, "spread": 0.0 },
  "expires_at": "2026-05-12T14:32:00Z"
}

3 · Create an outbound transaction

POST /v1/api/transactions/outbound
Authorization: Bearer <ACCESS_TOKEN>
Idempotency-Key: 6f1d-...-a90
Content-Type: application/json

{
  "quote_id": "qt_9f2c...",
  "customer_id": "cus_5521...",
  "beneficiary": {
    "name": "Tuition Office Ltd",
    "country": "US",
    "iban_or_account": "0123456789",
    "swift_bic": "ABCDUS33"
  },
  "purpose_code": "EDUCATION",
  "source_of_funds": "OWN_FUNDS"
}

# 201 Created
{ "transaction_id": "tx_77ab...", "status": "PROCESSING" }

# 422 -> validation error (expired quote, missing doc) -> surface field errors

4 · Export transaction statement

GET /v1/api/transactions?from=2026-04-01&to=2026-04-30
        &direction=ALL&status=COMPLETED&page=1&page_size=100
Authorization: Bearer <ACCESS_TOKEN>

# 200 OK
{
  "page": 1, "page_size": 100, "total": 248,
  "items": [
    { "transaction_id": "tx_77ab...", "direction": "INBOUND",
      "counterparty": "Google AdSense", "currency": "USD",
      "foreign_amount": 842.10, "brl_amount": 4310.55,
      "rate": 5.1187, "status": "COMPLETED",
      "completed_at": "2026-04-18T09:11:00Z" }
  ],
  "export": { "xlsx": "/v1/api/transactions/export?...", "pdf": "/v1/api/transactions/export.pdf?..." }
}

5 · Receive a webhook (transaction status)

POST https://your-app.example.com/webhooks/remessa
X-Remessa-Signature: t=1715520000,v1=hex(hmac_sha256(secret, body))
Content-Type: application/json

{
  "event": "transaction.status_changed",
  "transaction_id": "tx_77ab...",
  "old_status": "PROCESSING",
  "new_status": "COMPLETED",
  "occurred_at": "2026-05-12T15:02:11Z"
}

# Respond 2xx fast; verify signature; dedupe on transaction_id+new_status; enqueue work

Auth method & error handling notes

• Token lifetime is short (~60 min) — cache it, refresh proactively, never log it.
• Always send an Idempotency-Key on transaction creation so retries are safe.
• Treat 422 as actionable (expired quote, missing KYC doc); treat 5xx/timeouts with capped exponential backoff and circuit-breaking.
• Verify webhook HMAC signatures and reject stale timestamps to prevent replay.
• Reconcile asynchronously: webhook is the trigger, the statement endpoint is the source of truth.

Regulatory perimeter

Remessa Online is accredited by the Banco Central do Brasil and its FX operations fall under Brazilian foreign-exchange regulation; data sharing aligns with the Open Finance Brasil framework that the Central Bank coordinates. Personal and transaction data is governed by Brazil's LGPD (Lei Geral de Proteção de Dados, Law 13.709/2018). We build only against documented public/authorized APIs or under explicit customer authorization, and we keep consent records, purpose limitation and retention windows in the delivered design.

What we will and will not do

• We perform protocol analysis and reverse engineering of app behaviour only for the account owner or with written authorization.
• We minimize collected fields, mask tax ids and credentials in logs, and document a data map for your DPO.
• We do not bypass authentication, scrape against terms you have not cleared, or store secrets in source control.
• We sign NDAs and can work inside your VPC / on your infrastructure when residency matters.

• Nomad — Brazilian fintech offering a USD checking account, debit card and US investments; holds account balances, card transactions and investment positions that users often want exported alongside Remessa Online FX history.
• Wise — multi-currency account and international transfers in 40+ currencies; rich transaction and balance data, frequently aggregated with other providers for spread comparison.
• C6 Bank (C6 Global) — Brazilian digital bank with an international account and global card; transaction, balance and card-spend data relevant to the same treasury dashboards.
• Banco Inter — Brazilian digital bank with a US-dollar global account and card; statement and FX-conversion records that pair naturally with cross-border reconciliation.
• Revolut — multi-currency app with exchange, cards and investments; transaction and FX-rate history commonly pulled into unified ledgers.

• Avenue — Brazilian platform focused on US investing and a dollar account; holdings and money-movement data that complements FX-transfer records.
• Western Union — global money-transfer network (online and branch); send/receive transaction records used in remittance reconciliation.
• Husky — Brazilian service for freelancers receiving from abroad; payout and invoice data overlapping with AdSense/salary inbound matching.
• Global66 — Latin American fintech for cross-border transfers and a multi-currency account; transaction history often consolidated with Remessa Online data.
• Remitly — international remittance app; transfer status and history records relevant to the same receivables and compliance workflows.

About us

We are an independent technical studio focused on fintech and OpenData / OpenFinance API integration. Our engineers come from banks, payment processors, FX desks, protocol-analysis teams and cloud platforms, so we understand Banco Central and Open Finance Brasil expectations, LGPD obligations, and multi-region privacy rules — and we ship end-to-end financial APIs inside those constraints.

• Cross-border payments, digital banking, FX, and receivables reconciliation
• Enterprise API gateways, webhook infrastructure and security reviews
• Custom Python / Node.js / Go SDKs, Postman collections and test harnesses
• Full pipeline: protocol analysis → build → validation → compliance handover
• Source-code delivery from $300 — runnable API source and full documentation; pay after delivery upon satisfaction
• Pay-per-call hosted API — pay only per call, no upfront cost; ideal for usage-based teams

Contact

To request a quote or submit your target app and requirements (data needed, PF vs PJ, volume, region), open our contact page. Tell us which flows matter — FX quotes, inbound receivables, outbound payments, statements, webhooks — and we will scope an authorized, compliant integration.

Contact page

Engagement workflow

1. Scope confirmation — which scenarios and endpoints (auth, quote, customer, inbound, outbound, statement, webhook), PF/PJ, volume and region.
2. Protocol analysis & API design — 2–5 business days depending on complexity and whether app-side flows are involved.
3. Build & internal validation — 3–8 business days, including idempotency, error handling and webhook signature checks.
4. Docs, samples & test cases — 1–2 business days (OpenAPI spec, Postman collection, runnable examples).
5. First delivery typically 5–15 business days; partner approvals or sandbox access may extend the timeline.

FAQ

What do you need from me to start a Remessa Online integration?

How long does delivery take?

How do you handle compliance and privacy for Brazilian FX data?

Can you cover both PF (individuals) and PJ (business) accounts?