Ximple API integration & OpenFinance credit data

OpenData · OpenFinance · OpenBanking · App protocol analysis

Connect Ximple credit lines, repayments and catalog-sales data to your own stack

Ximple: Crece tu negocio is a Mexican fintech that gives catalog sellers and small neighborhood merchants working-capital loans to finance merchandise — and lets them, in turn, offer credit to their own customers. That model produces a rich, structured data trail: credit-line limits, drawdowns, repayment schedules, partner-brand purchase orders and customer-financing records. We turn that trail into clean, documented APIs you can call.

Loan & credit-line API — Pull the approved limit, available balance, drawn amount and status for each merchant credit line; use it for portfolio dashboards and underwriting refresh.

Repayment schedule export — Installment dates, due amounts, paid/late flags and payoff dates across the 91–120 day terms Ximple uses; feed it into collections and cash-flow forecasting.

Disbursement & webhook events — Near real-time notifications when a loan is funded to a cash-out location or to the Ximple Mastercard card, so your ledger and ERP stay in sync.

Catalog-sales & KYC context — INE-based identity status, partner-brand order history and seller activity used by Ximple's bureau-free underwriting; export it for risk analytics and compliance archives.

What this page covers

This is a technical positioning page for teams that need programmatic access to data held inside Ximple: Crece tu negocio. It maps the app's features onto OpenData, OpenFinance and OpenBanking patterns, lists the data we can surface, walks through realistic integration scenarios, and shows the kind of request/response shapes and authentication flow we deliver. Everything here is framed around authorized access — customer-consented account data, documented public endpoints, or partner-brand credentials you already hold — not unauthorized scraping.

Ximple was founded in early 2024 by Daniel Sujo, Rodrigo Aparicio, Juan Pablo Salem and Joao Ramos, and runs a 100% digital onboarding flow that needs only an INE (Mexican national ID) and no physical collateral. In February 2025 the company launched a credit card built with DOCK and Mastercard so catalog sellers can extend credit to their own buyers — a change that adds card-level transaction data on top of the original loan ledger, and one of the main reasons an integration today is worth more than it would have been a year earlier.

Feature modules we build

1. Merchant credit-line service

Read the approved limit, used amount, available balance, APR/fee schedule and line status (active, frozen, closed) for each "Aliado" merchant. Typical use: a daily portfolio sync into a BI warehouse, or an underwriting trigger that re-scores a seller when utilization crosses a threshold.

2. Repayment & installment API

Expose the full amortization plan — installment number, due date, principal, interest/fee, paid date, days past due — for the short 91–120 day terms Ximple grants. Typical use: feeding a collections queue, or producing a cash-flow forecast for a lending partner.

3. Disbursement & cash-out events

Capture each funding event: amount, channel (cash-out location ID or Mastercard card load), timestamp and reference. Typical use: automatic reconciliation against bank statements and ERP receivables, removing manual matching.

4. Customer-financing (sub-loan) records

When a seller uses Ximple to finance a purchase for their own client, that creates a downstream credit record. Expose the customer reference, financed amount, term and status. Typical use: measuring "credit-as-a-product" margin for the merchant and roll-up reporting for Ximple's debt facility.

5. Identity & onboarding status

Surface KYC milestones — INE captured, identity verified, contract signed, line activated — without exposing raw documents. Typical use: an onboarding funnel dashboard, or a compliance archive that proves consent and verification timing.

6. Catalog-brand purchase history

Pull the partner-brand orders that back Ximple's bureau-free model: brand, order value, frequency, returns. Typical use: alternative-data feature engineering for a risk model, or a merchandising report for the brand partner.

Data available for integration (OpenData perspective)

The table below summarizes the structured data Ximple holds that is realistically exposable through an authorized API layer, where in the app it originates, how granular it is, and what teams typically do with it. Field names are illustrative — the exact schema is confirmed during scoping.

Data type	Source screen / feature	Granularity	Typical use
Merchant profile & KYC status	Sign-up / onboarding flow (INE capture)	Per merchant; verification milestones with timestamps	Onboarding analytics, compliance archive, consent proof
Credit line	"Mi crédito" / loan dashboard	Per line: limit, drawn, available, APR/fees, status	Portfolio monitoring, utilization-based re-scoring
Loan / drawdown ledger	Loan detail & history	Per loan: principal, term (91–120 days), origination date, state	Risk control, cohort analysis, debt-facility reporting
Repayment schedule	Payments / installments view	Per installment: due date, amount, paid date, days past due	Collections queue, cash-flow forecasting, delinquency KPIs
Disbursement events	Cash-out network / Ximple Mastercard card	Per event: amount, channel, location/card ref, timestamp	Bank-statement reconciliation, ERP receivables sync
Customer-financing sub-loans	"Ofrece crédito a tus clientes" flow	Per sub-loan: financed amount, term, customer ref, status	Merchant margin reporting, downstream risk roll-up
Partner-brand purchase history	Catalog / merchandise order records	Per order: brand, value, date, returns	Alternative-data features, merchandising insight
Referral & ally network	"Refiere y gana" / Aliados program	Per referral: referrer, referee, reward status	Growth analytics, channel attribution

Typical integration scenarios

Scenario A — Lending-partner portfolio reporting

Business context: a debt provider behind Ximple's working-capital lines needs a daily, auditable view of outstanding principal, delinquency buckets and new originations. Data/API involved: GET /loans, GET /loans/{id}/schedule, plus a nightly batch export. OpenFinance mapping: this is the classic "account information" use case — read-only, consent-scoped access to credit-account state, the same shape PSD2/AISP and Mexico's Ley Fintech transactional-data provisions describe.

Scenario B — ERP / accounting reconciliation for the merchant

Business context: a multi-store "Aliado" wants Ximple disbursements and repayments to appear automatically in their accounting system instead of being keyed by hand. Data/API involved: disbursement webhook → ledger entry; GET /repayments?since=… for reconciliation. OpenFinance mapping: event-driven account aggregation — push notifications plus a pull-based catch-up endpoint, mirroring open-banking transaction feeds.

Scenario C — Alternative-data underwriting refresh

Business context: a risk team wants to re-score a seller using their recent partner-brand orders and on-time payment streak rather than a bureau pull. Data/API involved: GET /merchants/{id}/orders + GET /merchants/{id}/payment-behavior, scored offline. OpenFinance mapping: consented sharing of "aggregated" and "transactional" data — exactly the three-tier (open / aggregated / transactional) model Mexico's Fintech Law defines for API data sharing.

Scenario D — Customer-credit margin dashboard

Business context: Ximple (or an analyst partner) wants to quantify how much profit sellers earn by financing their own customers. Data/API involved: GET /sub-loans joined to merchant revenue, aggregated by cohort. OpenFinance mapping: a derived-data product built on top of raw credit records — the "data as a service" layer that sits above core OpenBanking feeds.

Scenario E — Compliance & consent evidence pack

Business context: an audit needs to show that every merchant consented, was INE-verified, and that data access was logged. Data/API involved: identity-status endpoint + an access log export. OpenFinance mapping: the consent-and-audit plane that CNBV's open-finance technical and consent guidelines expect around any transactional-data API.

Technical implementation

Below are representative request/response shapes from a delivered Ximple integration layer. Authentication is OAuth 2.0 bearer tokens issued after an authorized consent step; tokens are short-lived and refreshed. All responses are JSON; list endpoints are cursor-paginated; webhooks are HMAC-signed.

1. Authorize & obtain a token

POST /api/v1/auth/token
Content-Type: application/json

{
  "grant_type": "authorization_code",
  "code": "<CONSENT_CODE>",
  "client_id": "<CLIENT_ID>",
  "client_secret": "<CLIENT_SECRET>"
}

200 OK
{
  "access_token": "eyJhbGciOi...",
  "token_type": "Bearer",
  "expires_in": 1800,
  "refresh_token": "rt_9f2c...",
  "scope": "loans:read repayments:read disbursements:read"
}

2. Fetch a merchant's credit line & schedule

GET /api/v1/merchants/MX-48211/credit-line
Authorization: Bearer <ACCESS_TOKEN>

200 OK
{
  "merchant_id": "MX-48211",
  "currency": "MXN",
  "limit": 150000,
  "drawn": 92400,
  "available": 57600,
  "apr": 0.0,            // illustrative
  "status": "active",
  "loans": [
    {
      "loan_id": "LN-7731",
      "principal": 92400,
      "term_days": 105,
      "origination_date": "2026-04-02",
      "state": "current",
      "schedule": [
        {"n":1,"due_date":"2026-05-02","amount":31200,"paid_date":"2026-05-01","dpd":0},
        {"n":2,"due_date":"2026-06-01","amount":31200,"paid_date":null,"dpd":0},
        {"n":3,"due_date":"2026-07-01","amount":31200,"paid_date":null,"dpd":0}
      ]
    }
  ]
}

3. Disbursement webhook (signed)

POST https://your-app.example/webhooks/ximple
X-Ximple-Signature: sha256=3b8a...
Content-Type: application/json

{
  "event": "loan.disbursed",
  "event_id": "evt_01HZX...",
  "occurred_at": "2026-05-09T17:24:05Z",
  "data": {
    "loan_id": "LN-7731",
    "merchant_id": "MX-48211",
    "amount": 92400,
    "currency": "MXN",
    "channel": "card_load",        // or "cash_out_location"
    "reference": "CARD-****4417"
  }
}

# Respond 2xx within 5s or the event is retried with backoff.
# Verify: HMAC-SHA256(raw_body, webhook_secret) == X-Ximple-Signature

4. Python: paginate repayments & handle errors

import requests, time

BASE = "https://api.example/v1"
S = requests.Session()
S.headers["Authorization"] = f"Bearer {token}"

def repayments(since):
    cursor, out = None, []
    while True:
        r = S.get(f"{BASE}/repayments",
                  params={"since": since, "cursor": cursor})
        if r.status_code == 429:           # rate limited
            time.sleep(int(r.headers.get("Retry-After", "2")))
            continue
        r.raise_for_status()               # 4xx/5xx -> exception
        body = r.json()
        out += body["items"]
        cursor = body.get("next_cursor")
        if not cursor:
            return out

What we deliver

Deliverables checklist

API specification (OpenAPI / Swagger) for the Ximple integration layer
Protocol & auth-flow report (OAuth / token refresh / session chain, request signing)
Runnable source for login, credit-line, repayment and webhook flows (Python and Node.js)
Automated tests, a Postman/Insomnia collection, and developer documentation
Compliance guidance: consent capture, CONDUSEF transparency notes, data-retention and minimization rules

Two engagement models

Source-code delivery from $300 — you receive runnable API source and full documentation; pay after delivery once you confirm it works.
Pay-per-call hosted API — call our managed endpoints and pay only for the calls you make, no upfront fee; good for teams that prefer usage-based pricing.
Optional add-ons: a scheduled data-export job (Excel / JSON / Parquet), a thin dashboard, or a maintenance retainer when Ximple changes its app.

Compliance & privacy

Ximple operates inside Mexico's financial-technology framework. The Ley para Regular las Instituciones de Tecnología Financiera (Ley Fintech, 2018), supervised by the CNBV and Banxico, sets the open-finance model used here: data is classified as open, aggregated or transactional, and transactional data may only be shared through APIs with the user's explicit consent. In July 2024 the CNBV also tightened fraud-prevention rules for banking institutions, which raises the bar for how connected services handle authentication and monitoring.

Our integrations are built to that standard: we only use authorized access (customer-consented accounts, documented public endpoints, or partner-brand credentials the client legitimately holds), never unauthorized scraping or credential sharing. Personal data is handled under Mexico's Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP); consumer-facing transparency follows CONDUSEF expectations. Every delivery ships with consent logging, an access audit trail, scoped tokens, encryption-in-transit, and a data-minimization review so you collect only the fields a use case actually needs. NDAs and data-processing agreements are signed on request.

Data flow / architecture

A typical Ximple pipeline has four stages: (1) Client app / authorized session — the Ximple app or an authorized account session is the data origin (credit lines, repayments, disbursements, KYC status). (2) Ingestion / API layer — our adapter normalizes requests, manages OAuth tokens and request signing, polls list endpoints and receives signed webhooks. (3) Storage — events and snapshots land in your warehouse or our managed store, partitioned by merchant and date, with PII fields tokenized. (4) Output — a REST API, scheduled export (Excel/JSON/Parquet), or BI feed serves dashboards, collections systems, ERP reconciliation and risk models. Each hop is logged so the consent-and-audit plane the CNBV guidelines expect is satisfied end to end.

Market positioning & user profile

Ximple is a B2B2C fintech: its direct users ("Aliados") are micro-entrepreneurs in Mexico — predominantly women running catalog-sales businesses for major direct-selling brands, plus small neighborhood retailers ("tienditas") the company is expanding toward. They use an Android and iOS app to apply for merchandise credit and, increasingly, to extend credit to their own customers via the DOCK/Mastercard card launched in 2025. The indirect beneficiaries are those customers and the brand partners whose merchandise gets financed. Geographically the focus is Mexico today, with a stated ambition to scale across Latin America; the company has raised roughly US$2.7M in pre-seed equity (led by Alaya Capital, with Norte Ventures and Impact Ventures PSM) alongside a ~US$30M debt facility, and reports on the order of 15,000 active credit lines. For an integrator, that means the data set is growing fast, short-tenor (high event frequency), and built on alternative data rather than bureau files — a profile that rewards automated pipelines over manual exports.

Screenshots

Tap any screenshot to enlarge. These are the public Google Play store images for Ximple: Crece tu negocio and illustrate the screens that the data above originates from (onboarding, credit dashboard, repayments, customer financing).

Similar apps & the integration landscape

Teams that work with Ximple data usually touch other Mexican and Latin-American fintech apps too. The list below is here to map the ecosystem — not to rank or critique anyone — and to make clear that the same OpenData/OpenFinance plumbing (consented account access, transaction exports, reconciliation feeds) carries over from one platform to the next.

Kueski / Kueski Pay — consumer microloans and buy-now-pay-later in Mexico; holds loan balances and BNPL transaction records that teams often want exported alongside Ximple repayment data.
Konfío — SME lending and a business credit card; its loan and card-transaction data is a frequent companion to merchant-credit datasets like Ximple's.
Clara — corporate spend management with locally issued cards and bill pay across Mexico, Brazil and Colombia; unified expense and card-transaction exports overlap with Ximple disbursement reconciliation.
Stori — digital credit card for under-served Mexican users; repayment-history and statement data is the kind of feed an analytics layer pulls next to Ximple's.
Xepelin — invoice financing, factoring and flexible credit for businesses; receivables and credit-line data complement a merchant working-capital view.
Albo — neobank accounts and cards for individuals and businesses; account balances and card transactions are commonly merged with lending data for cash-flow analysis.
Mercado Crédito (Mercado Pago) — embedded credit for sellers and buyers on the Mercado Libre ecosystem; loan and repayment records sit close to Ximple's customer-financing model.
Covalto (formerly Credijusto) — SME loans and banking services in Mexico; structured loan and statement data is another natural source in a consolidated portfolio export.
Aviva — credit and financial services aimed at small merchants and families in semi-urban Mexico; merchant credit-line data parallels Ximple's "Aliado" lines.
R2 — embedded working-capital lending for SMEs through platforms; its drawdown and repayment events line up with the disbursement feeds described above.

If your roadmap involves unified transaction exports across two or more of these platforms, the adapter pattern shown in the technical section — OAuth consent, normalized schemas, signed webhooks, a shared warehouse — is the same one we reuse per app.

About our studio

Who we are

We are an independent technical studio focused on App interface integration and authorized API work for fintech and adjacent sectors. The team has hands-on backgrounds in mobile apps, payments, lending platforms, protocol analysis and cloud infrastructure, and we ship end-to-end: protocol analysis → API design → build → validation → compliance review → documentation. We work with overseas clients and are comfortable with the authorization models and privacy rules of multiple regions, including Mexico's Ley Fintech and LFPDPPP.

Lending, digital banking, wallets, BNPL and cross-border clearing integrations
Enterprise API gateways, request-signing schemes and security reviews
Custom Python / Node.js / Go SDKs, test harnesses and scheduled data jobs
Source-code delivery from $300 — runnable API source and documentation; pay after delivery upon satisfaction
Pay-per-call hosted API — usage-based pricing, no upfront cost

Contact

Send us the target app (Ximple: Crece tu negocio, co.ximple) and the data you need — loan balances, repayment schedules, disbursement events, catalog-sales history, or a combination — and we'll come back with scope, timeline and price.

Contact page

Workflow & FAQ

Engagement workflow

Scope confirmation — which scenarios and data (credit lines, repayments, disbursements, sub-loans, KYC status) and which engagement model.
Protocol analysis and API design — 2–5 business days depending on complexity.
Build and internal validation — 3–8 business days, including auth, pagination and webhook handling.
Documentation, sample code and test cases — 1–2 business days.
First delivery typically lands in 5–15 business days; third-party approvals or partner-brand access can extend it.

FAQ

What do you need from me to start a Ximple integration?

The target app name (Ximple: Crece tu negocio, package co.ximple), the concrete data you need — for example loan balances, repayment schedules, disbursement events or catalog-sales history — and any authorized account, partner-brand credentials or sandbox access you can provide.

How long does delivery take?

A first API drop with documentation usually takes 5 to 12 business days. Real-time webhook pipelines, multi-account portfolios or compliance-heavy reporting can extend the timeline; we confirm a schedule after scoping.

How do you handle compliance and privacy for a Mexican fintech app?

We work only with authorized access or documented public endpoints, align with Mexico's Ley Fintech open-finance consent model, CONDUSEF transparency expectations and the Federal Law on Protection of Personal Data, and ship logging, consent records and data-minimization guidance. NDAs are signed when required.

Can you deliver runnable source code instead of a hosted API?

Yes. The source-code package (from $300) includes runnable Python or Node.js clients for login, statement and webhook flows, an OpenAPI spec, tests and documentation; you pay after delivery once you confirm it works. A pay-per-call hosted endpoint is also available with no upfront fee.

📱 Original app overview — Ximple: Crece tu negocio (appendix)

Ximple: Crece tu negocio (package co.ximple; also on the App Store) is a Mexican fintech app that offers loans to small businesses so they can finance their merchandise purchases and grow sales — and lets those businesses, in turn, offer loans to their own customers and earn a profit. The process is 100% digital and managed entirely from the phone: a user signs up, applies for a loan without leaving home, and increases income by financing merchandise and extending credit to clients. Onboarding needs only an INE (Mexican national ID) and no physical collateral, and merchandise credit lines (up to around MXN 150,000) can be approved in under ten minutes; loan terms run roughly 91 to 120 days with flexible repayment. The company encourages users to "become an Ally" ("Aliado") and is built around catalog sellers — many of them women entrepreneurs working with major direct-sales brands — while expanding toward small neighborhood retailers.

Founded in early 2024 by Daniel Sujo, Rodrigo Aparicio, Juan Pablo Salem and Joao Ramos; focus on financial inclusion.
Two core products: merchandise loans for catalog-sales businesses, and customer loans that let sellers finance their clients' purchases.
Bureau-free underwriting using real partner-brand purchase and payment data; roughly 15,000 active credit lines reported.
Funding: ~US$2.7M pre-seed equity (Alaya Capital lead, with Norte Ventures and Impact Ventures PSM) plus a ~US$30M debt facility.
February 2025: launched a credit card built with DOCK and Mastercard so sellers can extend credit to customers; cash-out network scaling from ~15,000 toward 75,000+ locations.
More information: www.ximple.co and the Google Play listing.

This appendix summarizes the publicly described app for context only. OpenFinance Lab is an independent studio and is not affiliated with or endorsed by Ximple; all product and company names are the property of their respective owners.