How It Works
The verification lifecycle: create consent, start a verification, receive a webhook, and fetch the data.
Every verification follows the same four-step flow. Use an 18-char CURP for individuals or a 12-char RFC for businesses — the same flow applies to both.
1. Create consent
Required once per identifier per year. Same payload shape for individuals and businesses; only the identifier changes.
Individual (CURP):
POST /consents
{
"identifier": "CUAI911021MOCRQS09",
"ip_address": "192.168.2.74",
"privacy_notice_url": "https://yourdomain.com/privacy"
}Business (RFC):
POST /consents
{
"identifier": "MNT850612KR4",
"ip_address": "192.168.2.74",
"privacy_notice_url": "https://yourdomain.com/privacy"
}For the full payload reference, see Consents.
2. Start a verification
Send the identifier together with the customer's phone and email. The rfc is optional — for individuals you can include it to increase the probability of recovering invoice data.
Individual (CURP):
POST /verifications
{
"identifier": "CUAI911021MOCRQS09",
"rfc": "CUAI911021ABC",
"phone": "+525512345678",
"email": "[email protected]"
}Business (RFC):
POST /verifications
{
"identifier": "MNT850612KR4",
"phone": "+525512345678",
"email": "[email protected]"
}The API resolves the matching consent automatically. Initial response returns status: "in_progress" and the consent_id used.
3. Receive a webhook
When processing finishes, BDI sends a verification.completed webhook to your registered endpoint.
Individual webhook:
{
"event": "verification.completed",
"verification_id": "01982e40-d53a-7560-8c69-ddb96bd9ca8c",
"identifier": "CUAI911021MOCRQS09",
"status": "completed",
"data_available": true,
"can_retry": false,
"entities": ["profile", "invoices", "employment"],
"last_updated_at": "2025-07-24T10:01:30Z",
"timestamp": "2025-07-24T10:01:30Z",
"external_id": null
}Business webhook:
{
"event": "verification.completed",
"verification_id": "5fc3a4d1-7e2b-4d8a-9c0e-1f5b8d2a3e74",
"identifier": "MNT850612KR4",
"status": "completed",
"data_available": true,
"can_retry": false,
"entities": ["business_profile", "invoices"],
"last_updated_at": "2025-07-24T10:02:15Z",
"timestamp": "2025-07-24T10:02:15Z",
"external_id": null
}For delivery, retries, and signature verification, see Webhooks.
4. Fetch the data
Once the webhook arrives with data_available: true, iterate over entities and fetch from each corresponding endpoint.
Individual (CURP):
GET /profile/CUAI911021MOCRQS09GET /invoices/CUAI911021MOCRQS09GET /employments/CUAI911021MOCRQS09
Business (RFC):
GET /business-profile/MNT850612KR4GET /invoices/MNT850612KR4
For the full Verification object and the entities reference, see Verifications.
Batch verifications
Need to verify many identifiers at once? Send them all in a single request to the bulk endpoint instead of calling /verifications one by one. See Bulks for the full payload and limits.
Test your integration
Use the Sandbox to validate your integration end to end with fictitious but valid-looking identifiers.
Get API access
Contact us to request a demo account and receive your API key.
Updated about 1 month ago
