//KYC & Onboarding

KYC & Digital Onboarding API

At CPF.CNPJ, we simplify and streamline access to essential information about individuals and companies.

The Challenge: Instant Onboarding Under KYC and AML/CFT Requirements

Brazilian digital platforms compete on instant onboarding: users expect to open an account, take out credit or activate a service within minutes from the app, with no physical branch and no paperwork. At the same time, regulated institutions must meet strict KYC (Know Your Customer) and AML/CFT requirements defined by Central Bank Circular 3.978, CMN Resolution 4.753 and Law 9.613/98, which require validating the identity of 100% of customers against official sources.

Reconciling speed with compliance is the critical point. Sign-up must check CPF and CNPJ against the Federal Revenue, confirm registration status and cross-match the declared name with the official one — all while the customer is still on screen. Manual processes do not scale: growing operations process hundreds of thousands of sign-ups per month, a volume impossible to review case by case without compromising regulatory deadlines or user experience.

Fraud amplifies the risk. Synthetic identities, third-party CPFs and irregular CNPJs slip in precisely at onboarding, when controls are weakest. Without validation at the official source, the company carries invalid customers into its base, exposes itself to financial losses and may facilitate money laundering, with liability for directors under Law 9.613/98.

How the CPF.CNPJ API Solves It

1. Real-Time CPF and CNPJ Validation at Sign-Up

During onboarding, the API is called synchronously to validate the provided CPF or CNPJ against the official Federal Revenue database. The response returns in seconds, indicating whether the document exists and its registration status, with no captcha and no date of birth required. This lets you approve legitimate customers instantly and block non-existent documents before the account is even created.

The integration is REST/JSON with simple token authentication, making it easy to fit the call into your existing sign-up flow — whether mobile app, web or core banking — without rewriting the user journey.

2. Registration Status Check and Name Cross-Matching

Beyond validating that the document exists, the API returns the registration status (Regular, Suspended, Cancelled, Null for CPF; Active, Closed, Unfit, Suspended for CNPJ) and the official name. Sign-up only proceeds when the document is regular, meeting the KYC requirement of knowing the real customer.

The name declared by the user is cross-matched with the official name returned by the Federal Revenue. Relevant discrepancies can be routed for review without blocking the entire flow, reducing synthetic identity fraud and incorrect entries right at the entry point.

3. Periodic Re-Validation for Continuous AML/CFT Monitoring

KYC does not end at onboarding. Central Bank Circular 3.978 requires periodic updating of registration data. The API lets you run batch jobs (daily, weekly or monthly) that re-validate the active customer base and detect status changes — for example, a CPF moving from Regular to Cancelled or a CNPJ being closed.

Status changes generate alerts for the compliance team to investigate, sustaining the continuous monitoring required by regulation and keeping the base always auditable, without relying on recurring manual review.

4. REST/JSON with Token Authentication

The API exposes REST endpoints that respond in JSON, with token authentication and guaranteed nationwide coverage. The same integration serves both single validation at sign-up and batch queries during monitoring, simplifying the architecture.

Complete logs of each query are available for auditing, providing the documentary trail that regulators and internal audits request to demonstrate the compliance of the KYC and AML/CFT process.

How to Integrate Into the Onboarding Flow

Integration is straightforward: during sign-up, call the API to validate the provided CPF (or CNPJ) before creating the account. The example below uses cURL to validate a CPF and proceed only if the status is regular:

# Validate CPF in the onboarding flow (KYC)
curl -X POST "https://api.cpfcnpj.com.br/2.0/single" \
  -H "Content-Type: application/json" \
  -d '{
    "tokenApi": "YOUR_TOKEN",
    "pacote": "F",
    "documento": "00000000000",
    "data": "1990-01-01"
  }'

# Response (example):
# {
#   "status": 1,
#   "data": {
#     "nome": "FULANO DE TAL",
#     "situacao": "REGULAR"
#   }
# }
#
# Onboarding rule:
# - status == 1 and situacao == "REGULAR" -> approve sign-up
# - otherwise -> block or send to manual review

For continuous AML/CFT monitoring, schedule batch re-validation of the active base and trigger alerts when the registration status changes. The full reference of endpoints, parameters and return codes is at https://www.cpfcnpj.com.br/dev/.

Expected Results

  • Onboarding in seconds: Validation at the official source approves legitimate customers with no manual wait.
  • 99.9% uptime: Stable infrastructure to sustain high-volume sign-ups.
  • Central Bank and LGPD compliance: Meets Circular 3.978 and AML/CFT with data handling compliant with the LGPD.
  • Fraud reduction: Blocks irregular CPFs and CNPJs before they enter the base.
CPF.CNPJ - Planos e serviços de consulta

Automate your KYC and onboarding with real-time CPF and CNPJ validation

Exclusive discounts on postpaid plan! Request a commercial proposal now!

Entrar em contatoConheça os pacotes