Public API guides
Concept and endpoint guides for the unauthenticated /public/v1 ring.

The Credicorp public API, end to end
The /public/v1 ring is Credicorp's unauthenticated, read-mostly surface — product figures, quotes, the loyalty ladder,…
Read →
Public API vs partner API: which one do you need?
Pick the public ring when you only need published figures — products, quotes, loyalty tiers. Pick the partner ring when…
Read →
The partner API, at a glance
The /partner/v1 ring is the token-gated integration API — take applications, read decisions, provision payments and run…
Read →
OAuth 2.0 client credentials for partner/v1
Partner API calls authenticate with the OAuth 2.0 client-credentials grant. You exchange a client ID and secret for a…
Read →
Scopes and least privilege on partner/v1
Request only the scopes your integration actually uses. A credential scoped to applications:write cannot read decisions…
Read →
The access-token lifecycle
A partner access token is minted, cached, reused until just before expiry, then re-minted. There is no refresh token in…
Read →
Rate limiting across both rings
The public ring is metered at 60 requests per 60 seconds per IP. The partner ring uses a token bucket scoped to your…
Read →
Errors, status codes and safe retries
Errors come back as JSON with a stable machine code and a human message. 4xx means fix the request; 429/5xx are…
Read →
Idempotency and safe retries
Send an Idempotency-Key on every mutating partner call. The server records the first result against the key and replays…
Read →API reference
One page per public endpoint: method, path, parameters, responses and errors.

POST /partner/v1/applications
Open a new application on the partner ring. Idempotent with an Idempotency-Key, scoped to applications:write, and…
Read →
GET /partner/v1/applications/{id}
Read a single application's current state on the partner ring: its status, the submitted details and links to the…
Read →
GET /partner/v1/decisions/{id}
Read a credit decision on the partner ring: the outcome, any conditions and the offer terms. Decisioning is…
Read →
POST /partner/v1/decisions/{id}/refresh
Re-run the decisioning model for an application. Costly, so sub-limited to 1 req/s. Use only when new information…
Read →
POST /partner/v1/payments/links
Provision a payment link over open-banking PISP on the partner ring. Sub-limited to 10 req/s. Money-out remains a…
Read →
GET /partner/v1/payments/{id}
Read a payment's status on the partner ring: provisioned, pending, settled or failed. Pairs with the payment webhook…
Read →
POST /partner/v1/identity/checks
Run a KYC/AML identity check on the partner ring. Calls the identity provider, so sub-limited to 5 req/s. Returns a…
Read →
Pagination on the partner API
How partner list endpoints paginate: cursor-based paging with a limit and a next cursor, stable ordering, and how to…
Read →
GET /public/v1/healthz
The live health probe on the public ring. Returns a small JSON body indicating the hub is serving; used by monitors,…
Read →Integration recipes
Task-oriented how-tos for common public-API integrations.

Expose Credicorp tools to Claude via MCP
Point a Claude agent at the public MCP server and it can quote, qualify and guide from live Credicorp figures. Register…
Read →
Proxy the public API from your server
Proxy public reads through your backend when you want shared caching, a single egress IP, or to aggregate figures. Mind…
Read →
Log and observe your API calls
Instrument every call: capture the request ID, record RateLimit headers, redact secrets, and alert on error-rate and…
Read →
Migrate from scraping to the API
If you scrape Credicorp figures today, map each value to an endpoint and cut over. Products, pricing, quotes and…
Read →
Respond to a 401 cleanly
A partner 401 has two causes: an expired token (re-mint and retry once) or an invalid credential (fix it — do not…
Read →
Set up a webhook endpoint
A production webhook endpoint needs five things: a public HTTPS URL, signature verification, a fast 2xx, async…
Read →
Smoke-test the public API in 60 seconds
Confirm the public ring works before you build: three unauthenticated curls — healthz, products, quote — prove…
Read →
Render a live Business Loan quote widget
Wire a small front-end control to the public quote endpoint so visitors get a live, accurate Business Loan figure…
Read →
Capture a lead with POST /public/v1/enquiries
Send accepted form submissions to the public enquiries endpoint. Capture consent first, run your own anti-abuse…
Read →Developer glossary
Plain definitions of the terms used across the Credicorp API docs.

Public ring (/public/v1)
The public ring is the unauthenticated /public/v1 surface — published figures, quotes, loyalty vocabulary, a lead…
Read →
Partner ring (/partner/v1)
The partner ring is the token-gated /partner/v1 surface — applications, decisions, payments and identity checks —…
Read →
Model Context Protocol (MCP)
Model Context Protocol (MCP) is an open standard for exposing tools to language-model agents over JSON-RPC. Credicorp…
Read →
JSON-RPC 2.0
JSON-RPC 2.0 is a lightweight RPC protocol carried as JSON — a method name, params, and an id in, a result or error…
Read →
MCP tool
An MCP tool is a named function with a typed input schema that an agent invokes via tools/call. Credicorp's public…
Read →
Client-credentials grant
The client-credentials grant is the OAuth 2.0 machine-to-machine flow: a server exchanges a client ID and secret for a…
Read →
Access token
An access token is the short-lived bearer JWT you send as Authorization: Bearer on partner calls. You mint it from your…
Read →
Scope
A scope is a named capability on an OAuth token — like applications:write — that bounds what the token can do. Request…
Read →
Least privilege
Least privilege means granting only the minimum access a job needs. Applied here: scope every credential narrowly and…
Read →Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.