Sicredi API integration services (Open Finance Brazil)

Pix Cobranca & QR codes

Complete coverage of immediate charges (POST /cob), due-date charges (PUT /cobv), retrieval, refunds, and webhook delivery for paid charges. We map the response into your invoice or order schema and validate the EMV BR Code so QR images render the same in WhatsApp, the merchant POS, and printed boletos.

Account & balance sync

Read-only balance and limits sync against the member current account, savings (poupanca), and approved credit lines. Useful for treasury dashboards that need a single live number across Sicredi and other Brazilian holdings, with TTL-aware caching to respect the Sicredi rate-limit envelope.

Transaction & statement API

Date-range, page-cursor, and type filters that mirror the in-app statement screen. Each transaction carries the credit or debit nature, the operation type (Pix key, QR code, TED, boleto), the counterparty CPF or CNPJ, and the entry source so reconciliation rules in your ERP do not require manual tagging.

Member onboarding & KYC link

Linkage between your back-office record and a Sicredi member or PJ account using the existing token and security device, including refresh-token cycling and graceful re-consent prompts when LGPD or BCB consent expires after twelve months.

Webhooks & reconciliation

HMAC-validated webhook endpoints for paid Pix charges, returned transfers, and consent revocation. Each event is normalized into a single internal envelope so downstream handlers do not branch on Sicredi-specific JSON shapes.

Cooperative-aware multi-tenant

Sicredi runs as a federation of singular cooperatives; we keep the cooperative number and PA (posto de atendimento) on every record so reports stay correct when the same legal entity holds accounts in multiple cooperatives, which incumbent banks do not have to model.

1. Agribusiness ERP reconciliation

Many Sicredi members are rural producers or cooperatives with strong agribusiness exposure. The integration ingests Pix and TED transactions for the harvest account, classifies inflows by payer CNPJ against the contract registry, and pushes a daily reconciliation file to a farm-management ERP. The Open Finance transactions endpoint provides the canonical history while the Pix webhook handles intraday updates.

2. SMB checkout with Pix Cobranca

An online retailer issues a Pix Cobranca charge per order, embeds the dynamic QR in the checkout page and email, and waits for the webhook. The integration acknowledges the webhook within the BCB-recommended window, marks the order paid, and writes an audit row. The fallback path uses the GET /cob/{txid} endpoint when the webhook is delayed.

3. Personal-finance aggregator

A consumer PFM app onboards a Sicredi member through the Open Finance consent journey, pulls accounts, transactions, credit cards, and investments, and unifies them with data from Nubank or Banco do Brasil. Consent renewal and revocation are handled with member-visible UI in line with the BCB consent UX guidance.

4. Payment initiation for a marketplace

Sicredi is one of the pioneering payment initiators in Brazil. A marketplace or wallet uses the payment-initiation flow to push a Pix from a member account to a seller, with the consent and authorization codes returning a paymentId tracked through clearing. The integration logs every step for the BCB audit trail.

5. Credit underwriting from shared data

A lender requests a 12-month consent under Phase 2 / Phase 3 of Open Finance Brasil, scores the member on inflow stability and existing credit operations, and returns a pre-approved limit. Sicredi reported R$3.5M+ in additional credit-card limit and R$7.3M+ in new credit linked to such Open Finance journeys, so the demand is real and measurable.

OAuth 2.0 token exchange (mTLS)

POST /auth/openapi/token HTTP/1.1
Host: api-pix.sicredi.com.br
Content-Type: application/x-www-form-urlencoded
Authorization: Basic <base64(client_id:client_secret)>

grant_type=client_credentials&scope=cob.write%20cob.read%20webhook.write

# 200 OK
{
  "access_token": "eyJhbGciOi...",
  "token_type": "Bearer",
  "expires_in": 3600
}

Create a Pix Cobranca charge

PUT /api/v2/cob/{txid} HTTP/1.1
Host: api-pix.sicredi.com.br
Authorization: Bearer <ACCESS_TOKEN>
Content-Type: application/json

{
  "calendario": { "expiracao": 3600 },
  "devedor":  { "cpf": "12345678909", "nome": "Joao Silva" },
  "valor":    { "original": "120.50" },
  "chave":    "contato@example.com.br",
  "solicitacaoPagador": "Order #A-1029"
}

# 201 Created
# returns { "txid", "pixCopiaECola", "location", "status": "ATIVA" }

Statement export (paginated)

POST /api/v1/sicredi/statement
Content-Type: application/json
Authorization: Bearer <ACCESS_TOKEN>

{
  "cooperativa": "0167",
  "conta": "12345-6",
  "from_date": "2026-04-01",
  "to_date":   "2026-04-30",
  "types": ["PIX", "TED", "BOLETO"],
  "page": 1, "page_size": 200
}

# 200 OK { items: [ { id, datetime, nature, type,
#                     counterparty, amount, balance_after } ], next_cursor }

Webhook receiver (Node.js sketch)

app.post('/webhooks/sicredi/pix', (req, res) => {
  const sig = req.header('X-Sicredi-Signature');
  if (!verifyHmac(req.rawBody, sig, SECRET)) return res.sendStatus(401);

  for (const evt of req.body.pix) {
    queue.push({
      kind: 'pix.received',
      txid:  evt.txid,
      e2eid: evt.endToEndId,
      amount: evt.valor,
      payer:  evt.pagador
    });
  }
  res.sendStatus(200);
});

Regulatory framing

Brazilian Open Finance is regulated by the Banco Central do Brasil (BCB) through Joint Resolution 1/2020 and BCB Circular 4,015/2020, with consumer-facing privacy protected by the LGPD (Lei Geral de Proteção de Dados, Law 13.709/2018) — Brazil's analogue of the European GDPR. We design every Sicredi integration around explicit, time-bounded member consent with revocation honored end-to-end.

Transport & signing

All Sicredi production traffic uses mTLS with client certificates issued under the ICP-Brasil chain or the Open Finance Brasil PKI, and consent and payment payloads are JWS-signed (PS256). We keep the certificate-rotation runbook in the deliverable and wire it to your secret manager so renewals never page the on-call engineer at 3am.

Data minimization & retention

We pull only the scopes the use case needs (for example, transactions without investments), keep raw payloads in encrypted cold storage with a configurable TTL, and surface a member-visible audit log so a Sicredi member can see, at any time, which third-party shared what data and on which date — matching LGPD Article 9 and BCB consent UX guidance.

Nubank

Latin America's largest digital bank with more than 100 million customers. Holds rich card-spend and Pix history; commonly paired with Sicredi for unified personal finance views.

Banco Inter

Full-stack digital bank covering current accounts, investments, and a marketplace. Often integrated alongside Sicredi when buyers need both cooperative and digital-bank inflows in one ERP feed.

C6 Bank

Mobile-only bank with multi-currency global accounts, free toll tags, and investment products. Useful when building a cross-border treasury view that also touches Sicredi's domestic accounts.

Banco do Brasil

State-controlled retail and agribusiness bank; one of the largest Open Finance participants. Frequently appears next to Sicredi in agribusiness and rural-credit integrations.

Bradesco

Top-tier private bank with a deep PJ and cards portfolio. Combined Sicredi + Bradesco feeds are common in mid-market accounting and treasury automations.

Itau Unibanco

Largest private bank in Brazil. Joint Sicredi + Itau pipelines surface a fuller picture of household and SMB cash movement for credit underwriting.

Santander Brasil

Major retail and SMB lender. Buyers pulling Sicredi data for an Open Finance PFM app usually request Santander in the same delivery.

PicPay

Super-app for payments, savings, and payroll loans, integrated with several banks. Useful when Sicredi members also use PicPay as a daily wallet that needs unified history.

Neon

Underbanked-focused digital bank with payroll-linked credit. Frequently part of the same lending-stack ETL when Sicredi data feeds the same scoring engine.

Banco Safra

Private banking, FX, and investment products for higher-income clients. Pairs well with Sicredi in wealth-aggregator dashboards that span retail and private banking.

About OpenFinance Lab

We are an independent technical studio focused on App interface integration and authorized API integration for fintech and open-data scenarios. Our team blends engineers from Brazilian and global banks, payment gateways, and protocol-analysis backgrounds, and we ship end-to-end APIs under security and compliance constraints.

• Open Finance Brasil, PSD2 / FCA, MAS Singapore and CFPB-area integrations
• Pix, UPI, SEPA, Faster Payments and ACH coverage
• Custom Python / Node.js / Go SDKs and CI test harnesses
• Full pipeline: protocol analysis → build → validation → compliance review
• Source-code delivery from $300 — runnable API code and documentation; pay after delivery upon satisfaction
• Pay-per-call hosted endpoints — no upfront fee; ideal for usage-based pricing

Contact

Send us your Sicredi scope (Pix Cobranca only? full Open Finance receiver? payment initiation?) and any sandbox credentials you already hold, and we will respond with a fixed-price quote and timeline.

Open the contact page

Engagement workflow

1. Scope confirmation: which Sicredi surfaces (Pix Cobranca, statements, accounts, payment initiation, investments).
2. Protocol analysis & API design (2–5 business days).
3. Build, mTLS / JWS wiring, and internal validation against the Sicredi sandbox (3–10 business days).
4. Documentation, sample requests, and Postman collection (1–2 business days).
5. Typical first delivery: 5–15 business days; full Open Finance receiver and payment initiation: 3–6 weeks because of certificate provisioning.

FAQ

What do you need from me to start a Sicredi integration?

How long does a Sicredi API delivery take?

How do you handle compliance with LGPD and BCB rules?

Can you integrate Pix Automatico and Pix Parcelado for Sicredi?