This guide takes you from a fresh account to a valid response. It assumes you are already signed in to the console.
1. Get your API key
From the console, head to the API section (shortcut: /api) and open the Keys panel. Click Regenerate and copy the key shown in the modal. It is only displayed once.
Your key has this shape:
mxcep_<64 hexadecimal characters>2. Make your first request
POST /v1/validate validates a SPEI transfer against the Banxico CEP. The minimal body needs fecha, monto, and at least one of clave_rastreo or referencia_numerica.
curl -X POST 'https://api.example.com/v1/validate' \
-H 'Authorization: Bearer mxcep_••••' \
-H 'Content-Type: application/json' \
-d '{
"fecha": "2025-03-15",
"monto": 15000.50,
"clave_rastreo": "MXBA20250315001234",
"cuenta_beneficiaria": "012180004412345678"
}'Ejemplo en Python — próximamente.
Ejemplo en JavaScript — próximamente.
Ejemplo en PHP — próximamente.
emisor and receptor are optional when cuenta_beneficiaria is a CLABE or card number: the bank is inferred from the prefix. For DiMo phone numbers (10 digits), the receiver is resolved against your beneficiary directory and the global catalog.
3. Read the response
A successful response returns HTTP 200 with this envelope:
{
"data": {
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"type": "direct",
"status": "valid",
"fecha": "2025-03-15",
"monto": 15000.50,
"has_cep": true
},
"meta": {
"version": "1.x.x",
"api_version": "v1",
"request_id": "...",
"datetime": { "timezone": "UTC", "format": "ISO 8601" }
}
}The essentials:
data.idis the validation's UUID. Save it: you need it to download the CEP, fetch retry attempts, or anchor your own idempotency.data.statusis the verdict.validmeans the CEP exists and the data matches;not_foundmeans the CEP was queried but no match was found;cep_unavailablemeans Banxico is not responding;errormeans there was a non-recoverable failure.meta.request_idhelps support track down problems — include it when filing a ticket.- All timestamps are UTC with a
Zsuffix. Convert client-side if you need a local zone.
4. Where to go next
- Handle error codes without fragile text parsing: Errors
- Retry safely after a timeout: Idempotency
- Register a CLABE or card to validate against a whitelist: Create beneficiary
- Process validations in the background without blocking your request: Async validations
- Learn the auth contract in more depth: API authentication