Goal
Retrieve, audit, and manage the validation records produced by POST /v1/validate and POST /v1/validate-ocr. This how-to covers the full post-validation workflow: finding records, inspecting their details, downloading artifacts, exporting for reconciliation, and controlling retry behavior per-record.
Prerequisites
- An active API key (
mxcep_…) withvalidations:read. - To delete records:
validations:delete. - To export:
validations:read(same permission — no separate export permission needed).
Steps
1. List validations
GET /v1/validations returns a paginated list of all your validations. Filter by status, type (direct or ocr), date range, or free-text search (matches clave de rastreo, referencia numérica, emisor, and receptor).
# Fetch the last 20 valid direct validations
curl 'https://api.example.com/v1/validations?status=valid&type=direct&per_page=20' \
-H 'Authorization: Bearer mxcep_••••'Response (abbreviated):
{
"data": [
{
"id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"type": "validation",
"attributes": {
"status": "valid",
"validation_type": "direct",
"created_at": "2025-03-15T14:22:10Z"
}
}
],
"meta": { "total": 314, "page": 1, "per_page": 20 }
}To include soft-deleted records, add with_deleted=1.
2. Get aggregated stats
Before exporting or drilling in, check the status breakdown with GET /v1/validations/stats. Supports the same filters as the list endpoint.
curl 'https://api.example.com/v1/validations/stats?date_from=2025-01-01&date_to=2025-03-31' \
-H 'Authorization: Bearer mxcep_••••'{
"data": {
"type": "validation_stats",
"attributes": {
"total": 1240,
"valid": 987,
"not_found": 201,
"deleted": 15,
"other": 52
}
}
}3. Inspect a single record
Fetch full details — including ocr_result, retry_state, and request_data — with GET /v1/validations/{id}. Use ETag / If-None-Match to get 304 responses when polling for async completions.
curl 'https://api.example.com/v1/validations/f47ac10b-58cc-4372-a567-0e02b2c3d479' \
-H 'Authorization: Bearer mxcep_••••'When the validation is still queued or processing, the response includes Retry-After and meta.next_poll_after_seconds to guide your polling interval.
4. Download a CEP certificate
When status is valid and has_cep is true:
# XML (Banxico canonical format)
curl 'https://api.example.com/v1/validations/f47ac10b-.../cep?format=xml' \
-H 'Authorization: Bearer mxcep_••••' --output cep.xml
# PDF (human-readable)
curl 'https://api.example.com/v1/validations/f47ac10b-.../cep?format=pdf' \
-H 'Authorization: Bearer mxcep_••••' --output cep.pdf5. Download a receipt image
OCR validations store the sanitized comprobante image on the platform:
curl 'https://api.example.com/v1/validations/c3d4e5f6-.../image' \
-H 'Authorization: Bearer mxcep_••••' --output comprobante.png6. Export results to CSV or XLSX
Use GET /v1/validations/export to download all matching validations as a file. Supports the same filters as the list endpoint:
curl 'https://api.example.com/v1/validations/export?format=xlsx&status=valid&date_from=2025-01-01' \
-H 'Authorization: Bearer mxcep_••••' \
--output validations-q1.xlsxUse format=csv for the default (no flag needed) or format=xlsx for a spreadsheet.
7. Manage retry state per record
If a validation is in a retry loop (e.g. Banxico was unavailable), you can:
View retry history:
curl 'https://api.example.com/v1/validations/f47ac10b-.../retry-attempts' \
-H 'Authorization: Bearer mxcep_••••'Reconfigure retry policy for this record only:
curl -X PUT 'https://api.example.com/v1/validations/f47ac10b-.../retry-policy' \
-H 'Authorization: Bearer mxcep_••••' \
-H 'Content-Type: application/json' \
-d '{
"enabled": true,
"max_retries": 5,
"interval_seconds": 300,
"outcomes": ["not_found", "cep_unavailable"]
}'Cancel ongoing retries:
curl -X POST 'https://api.example.com/v1/validations/f47ac10b-.../cancel-retries' \
-H 'Authorization: Bearer mxcep_••••'Returns 200 with the updated retry_state.cancelled_at timestamp.
8. Delete a record
Soft-delete a validation to remove it from your default list view:
curl -X DELETE 'https://api.example.com/v1/validations/f47ac10b-...' \
-H 'Authorization: Bearer mxcep_••••'Returns 204. Soft-deleted records are still retrievable via GET /v1/validations?with_deleted=1.
What's next
- Validate from a receipt image: see Validate via OCR.
- Set an account-level default retry policy: see Configure retry policy.
- Analyze trends across your validations: see Analyze insights.