2 min read
What it is
The public ring is the outermost trust tier of the Credicorp API, served under /public/v1. Any caller can reach it with no API key and no OAuth token. It exposes public information — products, the loyalty ladder, published pages — and a small set of safe, validated submissions such as enquiries and cookie consent.
How it stays safe
Without a credential, the ring relies on rate limiting (60 requests per 60 seconds per IP), strict input validation, and server-fixed response shapes. A hard rule underpins it: no per-customer PII ever crosses the public ring. Account data, offers, payments and credit decisions sit behind authentication on the internal ring instead. See the ring explained.
Frequently asked questions
Is the public ring the whole API?
No. It is the unauthenticated outer tier. Authenticated, per-customer operations live on the internal ring and the partner API.
Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.