Serasa CPF & Score API integration

OpenData · OpenFinance Brasil · CPF & Score · Protocol analysis

Connect Serasa: Consulta CPF e Score data to your risk, credit and finance stack — safely

Serasa is the largest credit bureau in Brazil and the consumer app sits on top of an enormous reservoir of structured financial signals: CPF status reports, the iconic 0–1000 Score, debt and protest records, Dark Web exposure alerts and a digital wallet for bills and Pix. We turn that surface into a clean, authorized API your product can consume.

CPF & CNPJ report extraction — Pull cadastral data, negative debts, protests, lawsuits and bounced checks for an individual or company under the user's consent.

Serasa Score 0–1000 + real-time updates — Read the score, its band, the contributing factors and the new real-time score that refreshes within 20 seconds after a debt is paid via Pix.

Premium monitoring webhooks — Surface alerts when CPF/CNPJ is queried, a new debt is registered, or the user's data appears in a Dark Web leak feed.

Wallet & bill-payment flows — Read transactions from the Serasa digital wallet (water, electricity, phone, groceries, mobile top-ups) and reconcile them with your accounting backend.

Data available for integration

The table below maps the most useful objects we can expose through a Serasa integration. Each row lists the data type, the in-app source we read from, the granularity available, and a typical downstream use. Field names follow Serasa Experian's public Score & Attributes naming where applicable.

Data type	Source (screen / feature)	Granularity	Typical use
CPF status report	"Consulta CPF" screen	Per-document snapshot + per-event records	Onboarding, KYC, lending decisioning
Serasa Score (0–1000)	"Score Serasa" screen	Score value, band, last refresh timestamp	Pricing, credit limit assignment
Score factors & trend	"Por que esse é meu score"	Driver list + last 6 months history	Customer-facing score-improvement coaching
Negative debts & protests	"Dívidas" / "Pendências"	Per-creditor lines with amount and date	Collections, settlement campaigns
CPF inquiry alerts	Serasa Premium notifications	Realtime push, per inquirer	Fraud monitoring, customer alerting
Dark Web leak alerts	Premium "Vazamentos"	Per-leak record with exposed fields	Identity protection product features
Wallet & bill payments	Serasa digital wallet	Per-transaction (amount, merchant, status)	Personal finance dashboards, reconciliation
Credit offers feed	"Ofertas" / cartões	Offer list with rates and limits	Marketplace and comparison products

Typical integration scenarios

1. Lending platform credit decisioning

A digital lender wires Serasa CPF + Score into its origination engine. On loan application, the system requests the user's consent, pulls the latest Score, debt lines and a 6-month score trend, and feeds those features to its risk model. The same pipeline writes back to a feature store for ongoing portfolio monitoring.

2. Real-time score uplift after Pix repayment

A debt-negotiation product needs to prove the score moves after a deal closes. After the user pays a settlement via Pix, our integration polls the Score endpoint within 20–60 seconds and shows the updated 0–1000 value back in the customer journey, mirroring Serasa's real-time score architecture launched in 2024.

3. Fraud & identity-protection app

A SaaS that watches CPFs for misuse subscribes to inquiry alerts and Dark Web leak events through webhook callbacks. When Serasa emits a new event, our connector normalises the payload and forwards it to the customer's notification service (email, SMS, push) with a deduplication key on inquirer + timestamp.

4. Personal finance dashboard

A PFM app shows Serasa wallet transactions alongside the user's bank statements pulled through Open Finance Brasil. Our integration normalises both feeds into a single transaction schema (id, posted_at, amount, type, category) so the dashboard can categorise spend and surface insights.

5. Marketplace credit offers

An affiliate marketplace ingests the Serasa "Ofertas" feed and combines it with the user's score band to recommend only realistic credit-card and loan offers. Conversion telemetry is pushed back so the marketplace can rank offers by accepted-rate per score band.

Technical implementation

Auth: OAuth 2.0 + FAPI-style consent

POST /oauth2/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code
&code=AUTH_CODE_FROM_CONSENT
&redirect_uri=https://your.app/cb
&client_id=CLIENT_ID
&code_verifier=PKCE_VERIFIER

Response:
{
  "access_token": "eyJhbGciOi...",
  "token_type": "Bearer",
  "expires_in": 900,
  "refresh_token": "REFRESH...",
  "consent_id": "urn:bcb:consent:01H..."
}

Read Serasa Score

GET /api/v1/serasa/score?cpf=12345678901
Authorization: Bearer <ACCESS_TOKEN>
X-Consent-Id: urn:bcb:consent:01H...

Response 200:
{
  "cpf": "123.***.***-01",
  "score": 742,
  "band": "BOM",
  "scale_max": 1000,
  "factors": [
    {"code":"PAY_HISTORY","weight":0.42},
    {"code":"NEG_RECORDS","weight":0.31},
    {"code":"AGE_OF_DATA","weight":0.18}
  ],
  "updated_at": "2026-05-09T14:21:08-03:00",
  "realtime": true
}

Webhook: CPF inquiry alert

POST https://your.app/serasa/webhooks/inquiry
X-Signature: sha256=...
Content-Type: application/json

{
  "event": "cpf.inquiry",
  "event_id": "evt_01H9...",
  "cpf_masked": "123.***.***-01",
  "inquirer": {
    "name": "BANCO XYZ S/A",
    "cnpj": "00.000.000/0001-00"
  },
  "product": "credit_card",
  "occurred_at": "2026-05-09T16:02:45-03:00"
}

// Verify HMAC, dedupe on event_id, fan-out to user notifier.

List wallet transactions

POST /api/v1/serasa/wallet/transactions
Authorization: Bearer <ACCESS_TOKEN>
Content-Type: application/json

{
  "from_date": "2026-04-01",
  "to_date":   "2026-04-30",
  "types":     ["BILL_PAYMENT","MOBILE_TOPUP","PIX_OUT"],
  "page": 1, "page_size": 50
}

Response:
{ "page": 1, "total": 37, "items": [
    {"id":"tx_001","posted_at":"2026-04-03","amount": 89.90,
     "merchant":"ENEL SP","type":"BILL_PAYMENT","status":"OK"}
] }

Compliance & privacy

Brazilian regulatory frame

Every flow we build references three pillars: the Banco Central do Brasil Open Finance regulation, Brazil's LGPD (Lei Geral de Proteção de Dados, Law 13.709/2018), and the Cadastro Positivo regime that governs Serasa, SPC, Boa Vista and Quod. Consent is explicit, time-bound and revocable; logs are persisted so an audit can trace every byte of CPF data.

Security profile

We follow the Open Finance Brasil FAPI security profile: TLS 1.2+, mTLS for server-to-server, signed JWTs and PKCE for mobile clients. CPF values are tokenized at rest, masked in logs (e.g. 123.***.***-01) and the access-token lifetime defaults to 15 minutes with refresh rotation.

Data minimisation

Each consent scope only requests the fields you actually need — for a credit-card marketplace that may be score band + offers feed; for collections it may be debt lines + repayment status. The consent UI shows the exact list before the user approves.

Data flow / architecture

Client app → OpenFinance Lab API gateway (mTLS, FAPI) → Serasa endpoints (developer.serasaexperian.com.br / Open Finance Brasil) → Encrypted storage (PII tokenized) → Your backend (REST/webhook). A consent ledger sits beside the gateway so every read can be traced back to a Banco Central consent ID.

Market positioning & user profile

Serasa: Consulta CPF e Score is the consumer face of Serasa Experian, Brazil's dominant credit bureau. The app is overwhelmingly Brazilian and mobile-first, with strong Android penetration across all income bands. Its user base spans cautious individuals checking their CPF before signing a contract, debt-renegotiation customers, and small-business owners watching their CNPJ. On the B2B side, Serasa Experian sells the same underlying data to virtually every Brazilian bank, retailer, fintech and credit-union — which is why a Serasa integration plugs into the same risk language that Nubank, Itaú, Banco Inter, C6 Bank and the Caixa network already speak.

Screenshots

Click any thumbnail to view a larger version.

Similar apps & the broader integration landscape

Teams that integrate Serasa rarely stop there — credit, payments and account data usually need to be stitched across several apps. The list below names companions and adjacent products we frequently wire up in the same projects, framed purely as part of the Brazilian financial ecosystem.

SPC Brasil (SPC Consumidor)

The credit bureau run by CNDL with its own 0–1000 Score. Teams that pull Serasa often also need SPC for a second opinion on negative records, since lenders cross-check both bureaus.

Boa Vista (Acordo Certo)

Operator of SCPC and a major debt-negotiation marketplace. Useful when a project needs to surface settlement offers next to a customer's Serasa Score and debt list.

Quod

Bureau co-founded by the largest Brazilian banks, now shipping FICO-powered small-business scores. Sits naturally beside Serasa for SME credit decisioning.

Nubank

Largest digital bank in Latin America with 100M+ customers. Open Finance Brasil exports from Nubank pair well with Serasa Score to build full-picture credit dashboards.

PicPay

P2P wallet with 66M registered users; processed R$227.9B in H1 2025. Often wired up alongside Serasa for spend insights and identity verification flows.

Mercado Pago

MercadoLibre's financial arm with 78M monthly active users and $18.8B in assets. Combined with Serasa for marketplace lending and seller onboarding.

Banco Inter

Digital super-app covering banking, investments and shopping. A common counterpart in personal-finance integrations that want both bank statements and credit-score context.

C6 Bank

Full-service digital bank with global accounts and a strong investment side. Open Finance Brasil exports from C6 plus Serasa give a complete consumer credit picture.

Caixa Tem

State-owned banking app heavily used for social-program payouts. Important when projects target underbanked Brazilians whose primary financial footprint sits there alongside Serasa.

Neon

Digital bank focused on workers and small business. Frequently paired with Serasa for payroll-anchored credit underwriting.

What we deliver

Deliverables checklist

OpenAPI / Swagger specification for every Serasa endpoint in scope
Protocol and auth-flow report (OAuth 2.0 / FAPI / consent ledger)
Runnable source code in Python and Node.js (login, CPF report, Score, wallet, webhooks)
Postman collection plus a smoke-test suite with mocked responses
LGPD compliance notes: consent UX, retention windows, deletion endpoints
Optional managed endpoints on our infrastructure with per-call billing

Engagement workflow

Scope: which Serasa surfaces (CPF, Score, debts, alerts, wallet) and which downstream systems consume them.
Protocol analysis and API design — 2–5 business days.
Build and internal validation — 3–8 business days with daily updates.
Docs, samples and test cases — 1–2 business days.
First delivery in 5–15 business days; bureau approvals can extend timelines.

About OpenFinance Lab

We are an independent studio specialised in mobile app protocol analysis and authorized API integration, with hands-on experience across fintech, banking, e-commerce and travel. For Brazilian work we lean on engineers who have shipped against Serasa Experian, Open Finance Brasil, Pix and the four major credit bureaus. We deliver under either a source-code model (from $300, pay on acceptance) or pay-per-call hosted endpoints with no upfront cost.

Authorized data only — no scraping, no credential reuse
Production-grade error handling, idempotency keys, retry policies
Source code delivered with full unit + integration tests
Optional NDA, source escrow and on-call support packages

Contact

Send us the target app, the data surfaces you need and any constraints (region, compliance, latency). We respond within one business day with a scope estimate and timeline.

Open the contact page

FAQ

What Serasa data can I access through an integration?

Through authorized flows we can expose CPF/CNPJ status reports, the Serasa Score (0–1000) and its trend, debt and protest records, bounced check history, Dark Web leak alerts, premium inquiry alerts, and wallet movements such as bill payments and mobile top-ups.

Is connecting Serasa data legal under Brazilian law?

We work strictly within the user's authorization and use documented endpoints from the Serasa Experian Developer Portal where available, plus consented Open Finance Brasil flows. All data handling is aligned with LGPD (Lei Geral de Proteção de Dados) and Banco Central do Brasil resolutions.

How long does delivery take?

A first drop covering CPF report and Score endpoints typically takes 5–12 business days, including OpenAPI spec, runnable Python/Node.js source, sample data and a smoke-test suite. Premium alerting and wallet flows usually add another 3–7 business days.

Which engagement model should I choose?

Source code delivery from $300 fits teams that want to host the integration themselves and pay only after acceptance. Pay-per-call API billing fits teams that prefer a managed endpoint with usage-based pricing and no upfront cost.

📱 Original app overview (appendix)

Hi, you're on Serasa! And that's much better than you can imagine. The official app from Serasa Experian lets users check their CPF for free and offers a suite of services around credit access in Brazil.

Free CPF check — Inspect debts, protests, lawsuits and bounced checks registered against a CPF directly from the app.
Free Serasa Score — A 0–1000 score that signals the likelihood of paying bills on time; consulted by many companies before closing a deal with the user.
Data protection & financial control (Serasa Premium) — Block and unblock the Serasa Score for third-party inquiries, receive alerts about CPF/CNPJ inquiries, learn when data is leaked on the Dark Web, and be notified about new debts, protests, negative listings or bounced checks.
Digital wallet — Pay bills (water, electricity, phone, groceries) and top up mobile credit without queueing or switching apps.
Credit card and loan offers — Personalised offers based on the user's score and profile.

Support: visit serasa.me/ajuda and a Serasa specialist will get in touch.

© Serasa Experian — São Paulo, São Carlos, Blumenau and Brasília offices. CNPJ 62.173.620/0001-80 and related branches. Trademarks belong to their respective owners; this page is an independent integration positioning document and not affiliated with Serasa Experian.