
Decision reason: adverse_credit
adverse_credit is a decision reason value. Adverse credit signals led to a decline. It appears in the <a…
Read →
Decision reason: affordability
affordability is a decision reason value. The application did not meet affordability criteria. It appears in the <a…
Read →
Decision reason: identity_unverified
identity_unverified is a decision reason value. Identity or business verification could not be completed. It appears in the <a…
Read →
Decision reason: insufficient_trading_history
insufficient_trading_history is a decision reason value. The business had too little trading history to assess. It appears in the…
Read →
Decision reason: out_of_appetite
out_of_appetite is a decision reason value. The request fell outside current lending appetite. It appears in the <a…
Read →
Error code catalogue
This is the master list of error.code values. Each links to a dedicated page with the exact cause, an example response and the…
Read →
Error code: account_suspended
account_suspended returns HTTP 403 with type: authentication_error. The partner account is suspended. Branch on the code and…
Read →
Error code: audience_mismatch
audience_mismatch returns HTTP 401 with type: authentication_error. The token audience did not match this API. Branch on the code…
Read →
Error code: cms_page_not_found
cms_page_not_found returns HTTP 404 with type: invalid_request_error. The requested CMS page key does not exist. When it is about…
Read →
Error code: consent_required
consent_required returns HTTP 422 with type: invalid_request_error. The consent gate was not satisfied. When it is about one…
Read →
Error code: form_required
form_required returns HTTP 422 with type: invalid_request_error. The required <code>form</code> key was absent. When it is about…
Read →
Error code: idempotency_key_in_progress
idempotency_key_in_progress returns HTTP 409 with type: invalid_request_error. A request with this key is still being processed…
Read →
Error code: idempotency_key_malformed
idempotency_key_malformed returns HTTP 400 with type: invalid_request_error. The idempotency key was not a valid format. When it…
Read →
Error code: idempotency_key_reused
idempotency_key_reused returns HTTP 409 with type: invalid_request_error. An idempotency key was reused with a different body…
Read →
Error code: insufficient_scope
insufficient_scope returns HTTP 403 with type: authentication_error. The token lacks the required scope. Branch on this code — it…
Read →
Error code: invalid_api_key
invalid_api_key returns HTTP 401 with type: authentication_error. The supplied credential was not valid. Branch on this code — it…
Read →
Error code: invalid_dept
invalid_dept returns HTTP 422 with type: invalid_request_error. The routing department was not recognised. When it is about one…
Read →
Error code: invalid_email
invalid_email returns HTTP 422 with type: invalid_request_error. A supplied email address was not valid. When it is about one…
Read →
Error code: invalid_json
invalid_json returns HTTP 400 with type: invalid_request_error. The request body was not valid JSON. Branch on this code — it is…
Read →
Error code: invalid_value_type
invalid_value_type returns HTTP 422 with type: invalid_request_error. A field value was the wrong type. Branch on this code — it…
Read →
Error code: mcp_invalid_params
mcp_invalid_params returns HTTP 422 with type: invalid_request_error. MCP tool parameters failed validation. When it is about one…
Read →
Error code: mcp_method_not_found
mcp_method_not_found returns HTTP 404 with type: invalid_request_error. An MCP JSON-RPC method was not recognised. When it is…
Read →
Error code: mcp_tool_not_found
mcp_tool_not_found returns HTTP 404 with type: invalid_request_error. An MCP tool name was not recognised. When it is about one…
Read →
Error code: method_not_allowed
method_not_allowed returns HTTP 405 with type: invalid_request_error. The HTTP method is not allowed on this route. Branch on the…
Read →
Error code: missing_api_key
missing_api_key returns HTTP 401 with type: authentication_error. A partner-plane call had no API key. Branch on this code — it…
Read →
Error code: missing_content_type
missing_content_type returns HTTP 400 with type: invalid_request_error. The request was missing a JSON content type. Branch on…
Read →
Error code: payload_too_large
payload_too_large returns HTTP 422 with type: invalid_request_error. The fields object exceeded the size limit. When it is about…
Read →
Error code: rate_limited
rate_limited returns HTTP 429 with type: rate_limit_error. You exceeded the request rate. Branch on this code — it is stable —…
Read →
Error code: request_body_too_large
request_body_too_large returns HTTP 422 with type: invalid_request_error. The whole request body exceeded the size cap. Branch on…
Read →
Error code: resource_not_found
resource_not_found returns HTTP 404 with type: invalid_request_error. The referenced resource does not exist. Branch on this code…
Read →
Error code: route_not_found
route_not_found returns HTTP 404 with type: invalid_request_error. No endpoint matches the path. Branch on this code — it is…
Read →
Error code: scope_not_granted
scope_not_granted returns HTTP 403 with type: authentication_error. The token is missing a specific required scope. Branch on the…
Read →
Error code: server_error
server_error returns HTTP 500 with type: api_error. An unexpected server-side error occurred. Branch on this code — it is stable…
Read →
Error code: signature_invalid
signature_invalid returns HTTP 400 with type: invalid_request_error. A request-signed call failed signature verification. Branch…
Read →
Error code: support_message_too_long
support_message_too_long returns HTTP 422 with type: invalid_request_error. A support chat message exceeded the length limit…
Read →
Error code: support_session_closed
support_session_closed returns HTTP 409 with type: invalid_request_error. The support chat session is already closed. When it is…
Read →
Error code: temporarily_unavailable
temporarily_unavailable returns HTTP 503 with type: api_error. The service is briefly unavailable. Branch on this code — it is…
Read →
Error code: token_expired
token_expired returns HTTP 401 with type: authentication_error. The OAuth access token has expired. Branch on the code and apply…
Read →
Error code: token_revoked
token_revoked returns HTTP 401 with type: authentication_error. The credential was revoked. Branch on the code and apply the fix…
Read →
Error code: unknown_field
unknown_field returns HTTP 400 with type: invalid_request_error. The body contained a field the endpoint does not accept. Branch…
Read →
Error code: unsupported_media_type
unsupported_media_type returns HTTP 415 with type: invalid_request_error. The content type is not supported. Branch on the code…
Read →
Error code: webhook_endpoint_limit
webhook_endpoint_limit returns HTTP 422 with type: invalid_request_error. The endpoint limit was reached. Branch on the code and…
Read →
Error code: webhook_endpoint_url_invalid
webhook_endpoint_url_invalid returns HTTP 422 with type: invalid_request_error. A webhook endpoint URL was rejected. When it is…
Read →
Error code: webhook_event_unknown
webhook_event_unknown returns HTTP 422 with type: invalid_request_error. An unknown event type was subscribed to. When it is…
Read →
Error code: webhook_signature_invalid
webhook_signature_invalid returns HTTP 400 with type: invalid_request_error. A webhook signature failed verification. Branch on…
Read →
Error code: webhook_signature_missing
webhook_signature_missing returns HTTP 400 with type: invalid_request_error. A webhook arrived without a signature header. Branch…
Read →
GET /.well-known/oauth-authorization-server
The OAuth 2.0 authorization-server metadata document (RFC 8414). Advertises the token endpoint, JWKS URI, supported grants and…
Read →
GET /.well-known/oauth-protected-resource
The OAuth 2.0 protected-resource metadata document. Tells a client which authorization server guards a resource — used by MCP…
Read →
GET /partner/v1/applications/{id}
Read a single application's current state on the partner ring: its status, the submitted details and links to the associated…
Read →
GET /partner/v1/decisions/{id}
Read a credit decision on the partner ring: the outcome, any conditions and the offer terms. Decisioning is authoritative;…
Read →
GET /partner/v1/oauth/jwks
The JSON Web Key Set: the public keys that sign partner access tokens, so you can verify a token's signature, issuer and audience…
Read →
GET /partner/v1/payments/{id}
Read a payment's status on the partner ring: provisioned, pending, settled or failed. Pairs with the payment webhook for push…
Read →
GET /public/v1/cms/pages/{key}
GET /public/v1/cms/pages/{key} reads a published CMS page by its stable key. It returns the sanitised, ready-to-render content…
Read →
GET /public/v1/config/pricing
The authoritative pricing configuration the whole estate reads: the single source of truth for published figures, so marketing…
Read →
GET /public/v1/healthz
The live health probe on the public ring. Returns a small JSON body indicating the hub is serving; used by monitors, load…
Read →
GET /public/v1/loyalty/tiers
The loyalty tier ladder: the tier vocabulary, thresholds, headline benefits and cooldown — single-sourced so marketing and your…
Read →
GET /public/v1/loyalty/tiers
GET /public/v1/loyalty/tiers returns the loyalty-tier vocabulary — the four tiers Bronze → Silver → Gold → Platinum, each with…
Read →
GET /public/v1/mcp
The MCP server card: a discovery probe that returns the server's identity and capabilities so MCP clients can configure…
Read →
GET /public/v1/products
The product catalogue: the three Credicorp products — Business Loan, Credicorp Flex, Credicorp Slice — each with its real name,…
Read →
GET /public/v1/quote/flex
A representative Credicorp Flex preview — the revolving business credit facility. Illustrates cost of drawing against a limit;…
Read →
GET /public/v1/quote/onetime
A representative Business Loan quote for an amount and term. Bounded to £50–£500 principal and 14–84 days by the engine's…
Read →
GET /public/v1/slice/billers
The list of accepted billers for Credicorp Slice — the suppliers and billers a company can pay now and repay over a short…
Read →
GET /public/v1/slice/billers
GET /public/v1/slice/billers lists the accepted billers for Credicorp Slice — the public-safe view of each live biller: name,…
Read →
GET /public/v1/support/widget.css
GET /public/v1/support/widget.css serves the support-widget stylesheet — the styles that pair with widget.js to render the…
Read →
GET /public/v1/support/widget.js
GET /public/v1/support/widget.js serves the support-widget script — a self-contained JavaScript file you add to any page to…
Read →
HTTP 400 Bad Request
A 400 Bad Request means the request could not be parsed or was structurally wrong. The response body is the standard <a…
Read →
HTTP 401 Unauthorized
A 401 Unauthorized means the request lacked a valid credential (partner plane). The response body is the standard <a…
Read →
HTTP 403 Forbidden
A 403 Forbidden means the caller is authenticated but not allowed to do this. The response body is the standard <a…
Read →
HTTP 404 Not Found
A 404 Not Found means the route or resource does not exist. The response body is the standard <a…
Read →
HTTP 409 Conflict
A 409 Conflict means the request conflicts with the current state. The response body is the standard <a…
Read →
HTTP 422 Unprocessable Entity
A 422 Unprocessable Entity means the request parsed but a value failed validation. The response body is the standard <a…
Read →
HTTP 429 Too Many Requests
A 429 Too Many Requests means you exceeded the rate limit. The response body is the standard <a…
Read →
HTTP 500 Internal Server Error
A 500 Internal Server Error means an unexpected error occurred on our side. The response body is the standard <a…
Read →
HTTP 503 Service Unavailable
A 503 Service Unavailable means the service is temporarily unavailable. The response body is the standard <a…
Read →
MCP methods: initialize, tools/list, tools/call
Three JSON-RPC methods drive the Credicorp MCP server. initialize negotiates the protocol revision and returns server identity;…
Read →
MCP tool: EligibilityCriteria
EligibilityCriteria returns the baseline a business must meet to be considered for Credicorp finance — a read-only MCP tool an…
Read →
MCP tool: GetQuote
GetQuote returns an indicative quote for a stated amount and term as a read-only MCP tool. It is an illustration, not an offer —…
Read →
MCP tool: HowToApply
HowToApply returns the application steps and what a business should prepare — a read-only MCP tool that lets an agent guide…
Read →
MCP tool: ListProducts
ListProducts returns the Credicorp lending line-up as a read-only MCP tool: Business Loan, Credicorp Flex and Credicorp Slice. It…
Read →
MCP tool: LoyaltyTiers
LoyaltyTiers is a read-only MCP tool on the Credicorp MCP server that returns the four-tier loyalty ladder — the same vocabulary…
Read →
MCP tool: ProductDetails
ProductDetails returns the full detail of one Credicorp product — Business Loan, Credicorp Flex or Credicorp Slice — as a…
Read →
MCP tool: eligibility_criteria
Returns Credicorp's eligibility criteria: who can apply. The headline is that Credicorp lends to UK limited companies, not to…
Read →
MCP tool: get_quote
Computes a representative Business Loan quote for an amount (GBP) and a term (days). Only the Business Loan is quotable — the…
Read →
MCP tool: how_to_apply
Returns the steps to apply for Credicorp finance, so an agent can walk a qualified company through the journey and hand it off to…
Read →
MCP tool: list_products
Returns the three Credicorp products — Business Loan, Credicorp Flex and Credicorp Slice — each with its real name, a one-line…
Read →
MCP tool: loyalty_tiers
Returns the Credicorp loyalty ladder — the tiers, their thresholds and headline benefits — the same vocabulary the public loyalty…
Read →
MCP tool: product_details
Returns a single product's published description plus its byte-exact representative figures. The description is the hub-canonical…
Read →
POST /partner/v1/applications
Open a new application on the partner ring. Idempotent with an Idempotency-Key, scoped to applications:write, and sub-limited to…
Read →
POST /partner/v1/decisions/{id}/refresh
Re-run the decisioning model for an application. Costly, so sub-limited to 1 req/s. Use only when new information materially…
Read →
POST /partner/v1/identity/checks
Run a KYC/AML identity check on the partner ring. Calls the identity provider, so sub-limited to 5 req/s. Returns a check…
Read →
POST /partner/v1/mcp
The token-gated MCP server: the same JSON-RPC 2.0 protocol as the public server, behind an OAuth bearer token, exposing…
Read →
POST /partner/v1/oauth/introspect
The OAuth 2.0 token-introspection endpoint. Check whether an access token is active and read its scopes, expiry and subject…
Read →
POST /partner/v1/oauth/token
The OAuth 2.0 token endpoint. Exchange client credentials for a short-lived bearer access token scoped to the capabilities you…
Read →
POST /partner/v1/payments/links
Provision a payment link over open-banking PISP on the partner ring. Sub-limited to 10 req/s. Money-out remains a governed manual…
Read →
POST /public/v1/consent
Record a PECR cookie-banner consent snapshot from a marketing site's cookie banner. Fail-open, unauthenticated, and distinct from…
Read →
POST /public/v1/consent
POST /public/v1/consent records a cookie-consent snapshot under PECR §6 / GDPR recital 47. It captures a visitor’s analytics and…
Read →
POST /public/v1/enquiries
The public lead-intake endpoint: record one accepted enquiry, lead or complaint. Unauthenticated by design (anonymous leads are…
Read →
POST /public/v1/enquiries
POST /public/v1/enquiries records a public enquiry — the endpoint behind every contact form, department request and complaint…
Read →
POST /public/v1/mcp
The MCP server's JSON-RPC 2.0 endpoint: one request in, one response out. Methods include initialize, tools/list, tools/call and…
Read →
POST /public/v1/mcp
/public/v1/mcp is the Credicorp MCP server — a Model Context Protocol endpoint that lets an AI agent read public business-lending…
Read →
POST /public/v1/support/chat
POST /public/v1/support/chat powers the embedded support assistant — the endpoint the on-site chat widget calls to send a visitor…
Read →
Pagination on the partner API
How partner list endpoints paginate: cursor-based paging with a limit and a next cursor, stable ordering, and how to iterate a…
Read →
Partner API error reference
The error model for the /partner/v1 ring: auth errors, scope errors, validation, conflict, the 429 with RateLimit headers, OAuth…
Read →
Payment reason: bank_rejected
bank_rejected is a payment failure_code value. The bank rejected the collection. It appears in the <a…
Read →
Payment reason: disputed_by_customer
disputed_by_customer is a payment failure_code value. The customer disputed the collection. It appears in the <a…
Read →
Payment reason: insufficient_funds
insufficient_funds is a payment failure_code value. The account had insufficient funds to cover the collection. It appears in the…
Read →
Payment reason: mandate_cancelled
mandate_cancelled is a payment failure_code value. The payment mandate had been cancelled. It appears in the <a…
Read →
Payment reason: technical_error
technical_error is a payment failure_code value. A technical error prevented collection. It appears in the <a…
Read →
Public API error reference
The error model for the /public/v1 ring: status families, the JSON error body, the 422 range errors on quotes, the 429 rate-limit…
Read →
Rate limits and 429 responses
The public ring allows 60 requests per 60 seconds per IP. Cross that fixed window and every further request returns 429 Too Many…
Read →
Register a webhook endpoint
A webhook endpoint is the HTTPS URL Credicorp POSTs events to. You register one per integration, choose which event types it…
Read →
Retrying failed requests safely
Retry only the retry-able. 429 and 5xx are transient — back off and try again. 4xx other than 429 will fail identically on retry,…
Read →
The error envelope and status codes
Every API error uses one envelope. A non-2xx response returns {"error":{...}} with a stable type, a machine-readable code, a…
Read →
The webhook event envelope
Every webhook shares one envelope shape. The outer object identifies the event (id, type, created), flags whether it is live or…
Read →
Webhook API versioning
Webhook payloads are versioned by date. Each event carries api_version, e.g. 2026-07-01. Within a version, changes are only ever…
Read →
Webhook delivery and retries
Credicorp expects a 2xx within 10 seconds. Return one to acknowledge, then process asynchronously. Any non-2xx or timeout…
Read →
Webhook event catalogue
This is the master list of webhook type values. Events are grouped by resource — enquiry, decision, loan, payment, account,…
Read →
Webhook event: account.updated
The account.updated webhook fires when a customer account record changes. Its data.object is a account. A typical handler will…
Read →
Webhook event: consent.granted
The consent.granted webhook fires when a consent flag is set. Its data.object is a consent. A typical handler will unlock the…
Read →
Webhook event: consent.withdrawn
The consent.withdrawn webhook fires when a consent flag is withdrawn. Its data.object is a consent. A typical handler will…
Read →
Webhook event: decision.completed
The decision.completed webhook fires when a lending decision is reached. Its data.object is a decision. A typical handler will…
Read →
Webhook event: decision.referred
The decision.referred webhook fires when a decision is referred for manual review. Its data.object is a decision. A typical…
Read →
Webhook event: enquiry.created
The enquiry.created webhook fires when a public enquiry is submitted. Its data.object is a enquiry. A typical handler will route…
Read →
Webhook event: enquiry.updated
The enquiry.updated webhook fires when an enquiry’s status changes (e.g. new → in_progress). Its data.object is a enquiry. A…
Read →
Webhook event: kyc.passed
The kyc.passed webhook fires when identity and business verification passes. Its data.object is a kyc. A typical handler will…
Read →
Webhook event: kyc.referred
The kyc.referred webhook fires when verification is referred for manual checks. Its data.object is a kyc. A typical handler will…
Read →
Webhook event: loan.activated
The loan.activated webhook fires when a loan is drawn down and becomes live. Its data.object is a loan. A typical handler will…
Read →
Webhook event: loan.arrears
The loan.arrears webhook fires when a loan falls into arrears. Its data.object is a loan. A typical handler will trigger a…
Read →
Webhook event: loan.closed
The loan.closed webhook fires when a loan is fully repaid or written off. Its data.object is a loan. A typical handler will…
Read →
Webhook event: loan.disbursed
The loan.disbursed webhook fires when loan funds are sent to the customer. Its data.object is a loan. A typical handler will…
Read →
Webhook event: loan.restructured
The loan.restructured webhook fires when a loan’s terms are restructured (e.g. a payment plan). Its data.object is a loan. A…
Read →
Webhook event: loyalty.tier_changed
The loyalty.tier_changed webhook fires when a customer moves loyalty tier. Its data.object is a loyalty. A typical handler will…
Read →
Webhook event: mandate.activated
The mandate.activated webhook fires when a direct debit / payment mandate becomes active. Its data.object is a mandate. A typical…
Read →
Webhook event: mandate.cancelled
The mandate.cancelled webhook fires when a payment mandate is cancelled. Its data.object is a mandate. A typical handler will…
Read →
Webhook event: offer.accepted
The offer.accepted webhook fires when a customer accepts a loan offer. Its data.object is a offer. A typical handler will move…
Read →
Webhook event: offer.created
The offer.created webhook fires when a loan offer is generated after approval. Its data.object is a offer. A typical handler will…
Read →
Webhook event: offer.expired
The offer.expired webhook fires when a loan offer lapses without acceptance. Its data.object is a offer. A typical handler will…
Read →
Webhook event: payment.disputed
The payment.disputed webhook fires when a payment is disputed (e.g. an indemnity claim). Its data.object is a payment. A typical…
Read →
Webhook event: payment.failed
The payment.failed webhook fires when a repayment attempt fails. Its data.object is a payment. A typical handler will trigger a…
Read →
Webhook event: payment.refunded
The payment.refunded webhook fires when a settled payment is refunded. Its data.object is a payment. A typical handler will…
Read →
Webhook event: payment.succeeded
The payment.succeeded webhook fires when a scheduled repayment settles. Its data.object is a payment. A typical handler will…
Read →
Webhook event: statement.generated
The statement.generated webhook fires when a monthly statement is produced. Its data.object is a statement. A typical handler…
Read →
Webhook event: support.chat_escalated
The support.chat_escalated webhook fires when a support chat is escalated to a human. Its data.object is a chat. A typical…
Read →
Webhook signature verification
Verify every webhook before you trust it. Each delivery carries a Credicorp-Signature header: a timestamp and an HMAC-SHA256 of…
Read →Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.