Reach new audiences and convert more users by easily and safely connecting to their financial data, understanding their behavior and enabling instant payments with open finance. Through our API, you can access:
Belvo is an open banking API for Latin America that allows companies to access banking and fiscal information in a secure as well as agile way.
Through our API, you can access:
You can also use our API to make payments in:
If you woud like the response documentation in Excel or CSV form, please download them from our public GitHub Reposiitory: Belvo Open Finance Data Dictionaries.
Our EXCEL and CSV files are additionally localized into Spanish and Portuguese (Brazil).
Available for:
Use our Sandbox environment to build your integration. We offer dummy data that mimics that of real-world use cases, which means you can test out all the endpoints, use the widget, and implement webhooks - just as you would with real-world data!
All you need to get started with the Sandbox environment is to get your API keys. We really recommend that you start creating your integration in this environment.
Available for:
After you have tested your integration in the Sandbox environment and are ready to go live, you'll need to request access to our Production environment. After you request access, our Sales Team will get in contact with you to schedule a meeting just to ensure your needs are met, and then you'll just need to go through a certification process with one of our engineers to make sure that your integration is running optimally. To prepare for the certification meeting, just follow our Integration checklist.
Once your integration is certified, all you'll need to do is:
sandbox.belvo.com to api.belvo.com.We use the following HTTP status code in the response depending on the success or failure:
| Status Code | Description |
|---|---|
200 | ✅ Success - The content is available in the response body. |
201 | ✅ Success - The content was created successfully on Belvo. |
204 | ✅ Success - No content to return. |
400 | ❌ Bad Request Error - Request returned an error, detail in the content. |
401 | ❌ Unauthorized - The Belvo credentials provided are not valid. |
404 | ❌ Not Found - The resource you try to access cannot be found. |
405 | ❌ Method Not Allowed - The HTTP method you are using is not accepted for this resource. |
408 | ❌ Request Timeout - The request timed out and was terminated by the server. |
428 | ❌ MFA Token Required - MFA token was required by the institution to connect. |
500 | ❌ Internal Server Error - The detail of the error is available in the response body. |
Belvo API errors are returned in JSON format. For example, an error might look like this:
[
{
"request_id": "a6e1c493d7a29d91aed4338e6fcf077d",
"message": "This field is required.",
"code": "required",
"field": "link"
}
]Typically, an error response will have the following parameters:
request_id: a unique ID for the request, you should share it with the Belvo support team for investigations.message: human-readable description of the error.code: a unique code for the error. Check the table below to see how to handle each error code.field (optional): The specific field in the request body that has an issue.When you need help with a specific error, include the request identifier (request_id) in your message to the Belvo support team. This will speed up investigations and get you back up and running in no time at all.
For a full list of errors and how to troubleshoot them, please see our dedicated Error Handling article.
Implement an automated exponential backoff of up to five retries. We recommend using a base interval of three seconds with a factor of two. For example, the first retry should be after three seconds, the second retry after six seconds (2 * 3), the third retry after 12 seconds (2 * 6), the fourth retry after 24 seconds (2 * 12), and the fifth retry after 48 seconds (2 * 24).
You should not retry making requests if you receive a 40x response, as this is a client error.
The only exception is the “Too Many Sessions” error, as it means that your end-user is accessing the account from another browser at the same time. In this case, please implement the same retry policy as with 50x errors.
In our schema, you may see that a field has been marked as deprecated. This means that this field is no longer maintained by the Belvo team. You may still receive data for this field depending on the institution, however, you should not rely on this field.
In our API specification, you'll see that some response parameters will have a required annotation. According to the OpenAPI specification, when a response parameter is marked as required, this means that the response key must be returned. However, the value of that response parameter can be null.
📘 Info
In short, any response parameter marked as required will be returned by our API, but the value can be set to null.
An institution is an entity that Belvo can access information from. It can be a:
You can see a complete list of institutions by either consulting our Institutions article or making a List request to this endpoint.
The session you want to resume. You need to use the session value that is provided in the 428 Token Required response that you receive after you make your POST request.
The MFA token generated by the institution which is required to continue a session.
The link.id you want to resume. Must be the same link.id as the one you receive in the 428 Token Required response that contains the session ID.
curl -i -X PATCH \
-u <username>:<password> \
https://developers.belvo.com/_mock/apis/belvoopenapispec/api/links/ \
-H 'Content-Type: application/json' \
-d '{
"session": "6e7b283c6efa449c9c028a16b5c249fa",
"token": "1234ab",
"link": "683005d6-f45c-4adb-b289-f1a12f50f80c",
"save_data": true
}'Ok
Belvo's unique identifier for the current item.
The link type. For more information, see our Links article. We return one of the following enum values:
singlerecurrentnullThe ISO-8601 timestamp of Belvo's most recent successful access to the institution for the given link.
The ISO-8601 timestamp of when the data point was created in Belvo's database.
An additional identifier for the link, provided by you, to store in the Belvo database. Cannot include any Personal Identifiable Information (PII). Must be at least three characters long.
If we identify that the identifier contains PII, we will force a null value. For more information, see our Link creation article.
📘 Info
Only applicable for links created after 08-02-2022.
A unique 44-character string that can be used to identify a user at a given institution.
📚 Check out our Avoiding duplicated links DevPortal article for more information and tips on how to use it.
The current status of the link. For more information, see our Link article in the devportal. We return one of the following values:
validinvalidunconfirmedtoken_requiredThe unique ID for the user that created this item.
The update refresh rate for the recurrent link. For more information, check out our recurrent link documentation in our DevPortal. We return one of the following enum values:
6h12h24h7d (default)30d (once a month)null (for single links)Indicates whether or not to store credentials (and the duration for which to store the credentials).
store by default (and cannot be changed).365d by default.Choose either:
store to store credentials (until the link is deleted)nostore to not store credentials1d and 365d to indicate the number of days you want the credentials to be stored.For more information, check out the credentials_storage section of our Data retention controls article.
An array of resources that you will receive a historical update for.
Indicates how long any user-derived data should be stored in Belvo's database for the link (both single and recurrent). For example, if you send through 90d, Belvo will remove any data from its database relating to the user after 90 days. For more information, check out the stale_in section of our Data retention controls article.
📘 Info
Belvo will only remove data for links that have not been updated in the period you provide in
stale_in. Belvo will only remove data for links that have not been updated in the period you provide instale_in.
By default Belvo stores user data for 365 days, unless the link is deleted.
{ "id": "0d3ffb69-f83b-456e-ad8e-208d0998d71d", "institution": "erebor_mx_retail", "access_mode": "recurrent", "last_accessed_at": "2021-03-09T10:28:40.000Z", "created_at": "2022-02-09T08:45:50.406032Z", "external_id": "56ab5706-6e00-48a4-91c9-ca55968678d9", "institution_user_id": "sooE7XJWEKypZJR603ecaWYk-8Ap0oD8Nr1pBQ4eG9c=", "status": "valid", "created_by": "bcef7f35-67f2-4b19-b009-cb38795faf09", "refresh_rate": "7d", "credentials_storage": "27d", "fetch_resources": [ "ACCOUNTS", "TRANSACTIONS" ], "stale_in": "42d" }
curl -i -X GET \
-u <username>:<password> \
'https://developers.belvo.com/_mock/apis/belvoopenapispec/api/links/{id}/'Ok
Belvo's unique identifier for the current item.
The link type. For more information, see our Links article. We return one of the following enum values:
singlerecurrentnullThe ISO-8601 timestamp of Belvo's most recent successful access to the institution for the given link.
The ISO-8601 timestamp of when the data point was created in Belvo's database.
An additional identifier for the link, provided by you, to store in the Belvo database. Cannot include any Personal Identifiable Information (PII). Must be at least three characters long.
If we identify that the identifier contains PII, we will force a null value. For more information, see our Link creation article.
📘 Info
Only applicable for links created after 08-02-2022.
A unique 44-character string that can be used to identify a user at a given institution.
📚 Check out our Avoiding duplicated links DevPortal article for more information and tips on how to use it.
The current status of the link. For more information, see our Link article in the devportal. We return one of the following values:
validinvalidunconfirmedtoken_requiredThe unique ID for the user that created this item.
The update refresh rate for the recurrent link. For more information, check out our recurrent link documentation in our DevPortal. We return one of the following enum values:
6h12h24h7d (default)30d (once a month)null (for single links)Indicates whether or not to store credentials (and the duration for which to store the credentials).
store by default (and cannot be changed).365d by default.Choose either:
store to store credentials (until the link is deleted)nostore to not store credentials1d and 365d to indicate the number of days you want the credentials to be stored.For more information, check out the credentials_storage section of our Data retention controls article.
An array of resources that you will receive a historical update for.
Indicates how long any user-derived data should be stored in Belvo's database for the link (both single and recurrent). For example, if you send through 90d, Belvo will remove any data from its database relating to the user after 90 days. For more information, check out the stale_in section of our Data retention controls article.
📘 Info
Belvo will only remove data for links that have not been updated in the period you provide in
stale_in. Belvo will only remove data for links that have not been updated in the period you provide instale_in.
By default Belvo stores user data for 365 days, unless the link is deleted.
{ "id": "0d3ffb69-f83b-456e-ad8e-208d0998d71d", "institution": "erebor_mx_retail", "access_mode": "recurrent", "last_accessed_at": "2021-03-09T10:28:40.000Z", "created_at": "2022-02-09T08:45:50.406032Z", "external_id": "56ab5706-6e00-48a4-91c9-ca55968678d9", "institution_user_id": "sooE7XJWEKypZJR603ecaWYk-8Ap0oD8Nr1pBQ4eG9c=", "status": "valid", "created_by": "bcef7f35-67f2-4b19-b009-cb38795faf09", "refresh_rate": "7d", "credentials_storage": "27d", "fetch_resources": [ "ACCOUNTS", "TRANSACTIONS" ], "stale_in": "42d" }
Modify the data retrieval settings for a specific link. At present you can:
single to recurrent or from recurrent to single.stale_in period for the link.fetch_resources).access_modeWhen you change a link from single to recurrent, the next day a historical update of the core resources for the link is triggered (resulting in you receiving historical_update webhooks for the link). You are billed for these historical updates.
stale_inIf you only modify the stale_in period for a link, this will not trigger a historical update. In order to trigger a historical update for the link, you must change the access_mode.
fetch_resourcesIf you only modify the fetch_resources for a link, this will not trigger a historical update. In order to trigger a historical update for the link, you must change the access_mode.
The type of link to create.
single to do ad hoc one-time POST requests for accounts, owners, and transactions.recurrent to have Belvo access information on a recurrent basis so you always have fresh account, owner, balance, and transaction data.For more information, see our Links article.
Indicates how long any user-derived data should be stored in Belvo's database for the link (both single and recurrent). For example, if you send through 90d, Belvo will remove any data from its database relating to the user after 90 days. For more information, check out the stale_in section of our Data retention controls article.
📘 Info
Belvo will only remove data for links that have not been updated in the period you provide in
stale_in. Belvo will only remove data for links that have not been updated in the period you provide instale_in.
By default Belvo stores user data for 365 days, unless the link is deleted.
An array of resources that you would like to receive a historical update for.
For banking institutions, you can select the following resources:
ACCOUNTSOWNERSTRANSACTIONSBILLSINVESTMENTSINVESTMENT_TRANSACTIONSINCOMESRECURRING_EXPENSESRISK_INSIGHTSFor fiscal institutions, you can select the following resources:
FINANCIAL_STATEMENTSINVOICESTAX_COMPLIANCE_STATUSTAX_RETENTIONSTAX_RETURNSTAX_STATUSFor employment institutions, you can select the following resources:
EMPLOYMENT_RECORDS(For Mexico's IMSS and ISSTE only)EMPLOYMENT_METRICS (For Mexico's IMSS only)EMPLOYMENTS (For Brazil's INSS only)curl -i -X PATCH \
-u <username>:<password> \
https://developers.belvo.com/_mock/apis/belvoopenapispec/api/links/e4bb1afb-4a4f-4dd6-8be0-e615d233185b/ \
-H 'Content-Type: application/json' \
-d '{
"access_mode": "single",
"stale_in": "42d",
"fetch_resources": [
"ACCOUNTS",
"TRANSACTIONS"
]
}'Ok
Belvo's unique identifier for the current item.
The link type. For more information, see our Links article. We return one of the following enum values:
singlerecurrentnullThe ISO-8601 timestamp of Belvo's most recent successful access to the institution for the given link.
The ISO-8601 timestamp of when the data point was created in Belvo's database.
An additional identifier for the link, provided by you, to store in the Belvo database. Cannot include any Personal Identifiable Information (PII). Must be at least three characters long.
If we identify that the identifier contains PII, we will force a null value. For more information, see our Link creation article.
📘 Info
Only applicable for links created after 08-02-2022.
A unique 44-character string that can be used to identify a user at a given institution.
📚 Check out our Avoiding duplicated links DevPortal article for more information and tips on how to use it.
The current status of the link. For more information, see our Link article in the devportal. We return one of the following values:
validinvalidunconfirmedtoken_requiredThe unique ID for the user that created this item.
The update refresh rate for the recurrent link. For more information, check out our recurrent link documentation in our DevPortal. We return one of the following enum values:
6h12h24h7d (default)30d (once a month)null (for single links)Indicates whether or not to store credentials (and the duration for which to store the credentials).
store by default (and cannot be changed).365d by default.Choose either:
store to store credentials (until the link is deleted)nostore to not store credentials1d and 365d to indicate the number of days you want the credentials to be stored.For more information, check out the credentials_storage section of our Data retention controls article.
An array of resources that you will receive a historical update for.
Indicates how long any user-derived data should be stored in Belvo's database for the link (both single and recurrent). For example, if you send through 90d, Belvo will remove any data from its database relating to the user after 90 days. For more information, check out the stale_in section of our Data retention controls article.
📘 Info
Belvo will only remove data for links that have not been updated in the period you provide in
stale_in. Belvo will only remove data for links that have not been updated in the period you provide instale_in.
By default Belvo stores user data for 365 days, unless the link is deleted.
{ "id": "0d3ffb69-f83b-456e-ad8e-208d0998d71d", "institution": "erebor_mx_retail", "access_mode": "recurrent", "last_accessed_at": "2021-03-09T10:28:40.000Z", "created_at": "2022-02-09T08:45:50.406032Z", "external_id": "56ab5706-6e00-48a4-91c9-ca55968678d9", "institution_user_id": "sooE7XJWEKypZJR603ecaWYk-8Ap0oD8Nr1pBQ4eG9c=", "status": "valid", "created_by": "bcef7f35-67f2-4b19-b009-cb38795faf09", "refresh_rate": "7d", "credentials_storage": "27d", "fetch_resources": [ "ACCOUNTS", "TRANSACTIONS" ], "stale_in": "42d" }
An owner represents the person who has access to a Link and is the owner of all the accounts inside the Link.
You can use this endpoint in order to get useful information about your client, such as:
An account is the representation of a bank account inside a financial institution. A user can have one or more accounts in an institution.
For example, one user (or link) can have a checking account, several credit cards, and a loan account.
Querying for a user's account information is useful as you can get information regarding:
Our employments resource for Brazil lets you get a comprehensive view of your user's current employment history and salary information.
For each user, we return the:
At the moment, the employments resource is available for:
Our employment records resource for Mexico lets you get a comprehensive view of your user’s current social security contributions and employment history.
With Belvo's employment records resource for Mexico, you can access information about your user's current social security contributions and employment history. For the each user, we return the:
At the moment, the employment records resource is available for:
Belvo's Recurring Expenses API allows you to identify a user's regular payments for subscription services, such as Netflix or gym memberships, as well as utility payments, such as electricity or phone bills. We return information for up to 365 days.
📘 Info
The recurring expenses resource is only available for Checking, Savings and Credit Card accounts associated with banking links.
To receive inflow payments to your organization's bank account, you must register the bank accounts (individual and business) using Belvo's Payments API.
A payment intent is a single point of access to create payments using any payment method offered by Belvo.
A payment intent captures all payment information (such as the amount to be charged, the description of the payment, the provider, and so on) and guides your customers through the payment flow.
Note: For institutions that require the
username_typein theform_fieldsarray, you must send through this value in your PATCH request.