The Serasa Score runs 0 to 1000, and behind the same CPF login sit the debts, protests, lawsuits and bounced-check records that move it. Serasa Experian, part of the Experian group, operates the app for the Brazilian consumer market. An integrator usually wants two things from it: the score with its trend, and the itemised situation of the CPF — who is owed what, the protest values, the cartório a protest sits in, and the log of who has been querying that CPF. The free tier exposes the check and the score; the Premium tier adds real-time monitoring and Dark Web exposure. Reaching those records cleanly, under the account holder's authorisation, is the work this brief describes.
The practical recommendation is short. Treat consented session integration as the spine for the bureau records — score, CPF file, inquiry log, alerts — because that is where the value an integrator actually buys lives. Route the bank balances and transactions Serasa surfaces through Conexão Bancária via Open Finance instead; it is a different, regulated path and worth keeping separate so consent scope stays clean.
The records behind a Serasa login
Each row below is a surface the app really shows a logged-in user. Granularity is what we have seen the screen or the downloadable report carry, confirmed during the build against a consenting account.
| Data domain | Where it originates in the app | Granularity | What an integrator does with it |
|---|---|---|---|
| Serasa Score | Score tab, recomputed from the six pillars (payments, experience, debts, credit search, registration, contracts) as the Serasa score material describes it | Single 0–1000 integer, band label, recent trend | Pre-qualification, underwriting signal, score-change triggers |
| CPF pendencies (situação do CPF) | CPF check / "Consulta" | Per item: debts, protests, lawsuits, bounced checks — creditor, amount, date, cartório for protests | Affordability and risk checks, collections targeting |
| CPF inquiry history | Relatório de consultas (downloadable report) | Who queried the CPF and when | Identity-fraud monitoring, intent signals |
| Monitoring alerts | Serasa Premium real-time stream | Event: new inquiry, protest, lawsuit, negativação, score move; delivered by email and SMS | Push risk events into a CRM or risk engine |
| Dark Web exposure | Serasa Premium Dark Web monitor | Matches on one CPF, up to 5 emails, up to 3 phones, one passport, per Serasa's Premium pages | Account-takeover and fraud-prevention workflows |
| Bank connections | Conexão Bancária / "Minhas Conexões" | Consented account and transaction data via Open Finance Brasil | Cash-flow underwriting, income checks |
| Wallet & bill payments | Digital wallet, processed through the group's PagueVeloz | Bill payments, top-ups, payment history | Reconciliation, payment-status sync |
Getting to the score and the CPF file
Three routes apply here. They differ in what they reach and how long they hold.
Consented session integration and protocol analysis
The account holder authorises access; we analyse the app and web traffic and reproduce the authenticated calls that return the score, the CPF situation, the inquiry report and the Premium alert stream. This is the route that reaches the records an integrator is actually after. Effort is moderate. Durability is tied to the front end — when Serasa reshapes a screen the captured flow shifts, and that is planned for, not a surprise. Access is arranged with you during onboarding against a consenting account, so there is nothing for you to stand up first.
Open Finance Brasil consented sharing
For the bank balances and transactions Serasa ingests through Conexão Bancária, the right path is Open Finance Brasil consent under the Banco Central, using the standardised API manual the regulator publishes. It is the most durable route because it is regulated and versioned, but it covers the linked-bank feed, not the bureau score. We set up the consent flow and the participant onboarding with you.
Native report export
Serasa lets a user download a consult-and-debts report. As a fallback this gives a batch snapshot of pendencies and inquiries without real-time movement — useful as a reconciliation cross-check rather than the primary feed.
A score-and-pendencies read, in practice
Illustrative shape, confirmed during the build — field names are normalised, not Serasa's internal identifiers. Note the two surfaces are fetched and time-stamped together.
# Authenticated session established during onboarding against a consenting CPF
POST /auth/session
{ "cpf": "<consented>", "device_token": "<bound>" }
-> 200 { "session": "sess_…", "expires_in": 1800 }
GET /consumer/score
Authorization: Bearer sess_…
-> 200 {
"score": 742,
"band": "bom",
"scale_max": 1000,
"trend_30d": +18,
"read_at": "2026-05-17T09:14:22-03:00"
}
GET /consumer/cpf-situation
Authorization: Bearer sess_…
-> 200 {
"read_at": "2026-05-17T09:14:23-03:00",
"pendencies": [
{ "type": "divida", "creditor": "…", "amount_brl": 1289.40, "since": "2025-11-02" },
{ "type": "protesto", "creditor": "…", "amount_brl": 503.10,
"cartorio": "…", "date": "2025-09-19" }
],
"score_blocked_for_third_parties": false
}
# Plan-gated surface: returns 403 plan_required when the consenting
# account is not on Premium — surfaced as a typed state, not a null
GET /consumer/monitoring/alerts
-> 403 { "error": "plan_required", "tier": "premium" }
What lands at the end of the build
Everything is scoped to the surfaces above, not a generic kit.
- An OpenAPI/Swagger specification covering the score read, the CPF-situation read, the inquiry report and the alert stream, with the plan-gated states modelled.
- A protocol and auth-flow report: the session establishment, token lifetime and refresh, device binding, and how the Premium gate behaves.
- Runnable source for the key endpoints in Python and Node.js, including the score/pendencies time-alignment.
- Automated tests, including the plan-gated and score-blocked paths so regressions are caught.
- Interface documentation an engineer who was not on the build can follow.
- Data-retention and consent-handling guidance written against Cadastro Positivo and the LGPD.
Cadastro Positivo, the LGPD and consented access
Serasa's bureau records sit inside Brazil's positive-registry regime — the Lei do Cadastro Positivo (Lei 12.414/2011), amended by Lei Complementar 166 in 2019 per published legal analyses, which moved the registry from opt-in to opt-out and lets a registered person request exclusion at any time. Personal data in credit history has a statutory legal basis under the LGPD's credit-protection provision, and the LGPD's data-portability right — the criteria for which fall to the ANPD — is the consumer's lever to move their own data out. The studio works only from the account holder's authorisation: we read what the consenting user can see, log the consent and the reads, minimise stored fields to what the integration needs, and sign an NDA where the engagement calls for one. The linked-bank feed is governed separately under Open Finance Brasil, supervised by the Banco Central, which is the reason we keep that consent scope apart from the bureau reads.
What we plan around on this build
Two things shape the engineering more than anything else here.
First, the score and the pendencies are not one snapshot. The Serasa Score is recomputed from six pillars on its own cadence and can lag the underlying CPF events; a fresh score read paired with a stale debt list produces a wrong decision. We fetch both in the same pass and stamp them with a single read time so downstream logic can reconcile, not guess.
Second, the Premium tier gates real-time monitoring, Dark Web exposure and the score block/unblock control. We map exactly which fields the consenting account's plan exposes and return a typed "plan-gated" state instead of an empty value, so a free-tier account never looks like a clean record by accident. The score-blocked-for-third-parties flag gets the same treatment — reported as blocked, not as zero or unknown. When Serasa reshapes a screen, we re-run the captured flows against a consenting account and patch the parsers before the change reaches your side; that maintenance posture is part of how the integration is delivered, arranged with you, not a hurdle put in front of you.
Where this integration gets used
- A lender pre-qualifying applicants reads the Serasa Score and open pendencies at application time, in one consented call.
- A collections platform subscribes to the monitoring stream to learn the moment a debtor's CPF status moves.
- A marketplace running seller onboarding uses the CPF situation and inquiry log as a fraud and identity signal.
- A personal-finance product combines the bureau score with the user's Open Finance bank feed for a fuller picture.
Keeping the feed honest after launch
The surfaces refresh at different rates. The score is recomputed periodically, not per second. Pendencies update as creditors and cartórios report. Monitoring alerts are near-real-time over email and SMS. We poll each surface on a cadence matched to how fast it actually changes, dedupe repeated alert events, and flag a stale read rather than serve it as current. The re-validation against a consenting account runs on the same schedule so a front-end change is caught before it reaches you.
Screens from the app
Sources and what was checked
In May 2026 we went through Serasa's own consumer pages for the consult-and-debts report and the score composition, its Open Finance / Conexão Bancária material, the Premium monitoring and Dark Web pages, and a Banco Central announcement on the Open Finance roadmap, alongside published legal analysis of the Cadastro Positivo and LGPD interaction. Primary references:
- Serasa — consult and debts report
- Serasa — score composition and other Brazilian scores
- Serasa — Open Finance / Conexão Bancária
- Agência Brasil — Banco Central, credit portability in Open Finance
Mapped by the OpenBanking Studio integration desk · May 2026.
Other apps in Brazil's credit and payments space
Same category, named for keyword reach and to show where a unified integration would sit — no ranking implied.
- Consumidor Positivo — Boa Vista's consumer app (Equifax group), with a 0–1000 score built on its own positive registry and debt history.
- SPC Brasil — the retail-federation bureau, scoring on payment history, open debts and CPF inquiries.
- Quod — the bank-owned bureau, with a Quod Score on a 300–1000 scale.
- Nubank — digital bank holding accounts, cards and credit lines, and an Open Finance participant.
- PicPay — payments and wallet app with bill payment and debt-renegotiation flows.
- RecargaPay — Pix, bill payment and recharge app, now authorised as a credit and finance company.
- iti — Itaú's digital wallet for transfers and bill payments.
- Acordo Certo — a debt-negotiation marketplace tied to consumer credit status.
- Mercado Pago — wallet, payments and credit attached to the Mercado Livre ecosystem.
Questions integrators ask about Serasa
Can you read the Serasa Score and the open pendencies in one pass, or are they separate surfaces?
They are separate reads behind the same CPF login. The score is a single recomputed number with a band and trend; the pendencies file is an itemised list of debts, protests, lawsuits and bounced checks. We capture both and stamp them with the same read time so a downstream decision is not made on a fresh score against a stale debt list.
Do the monitoring and Dark Web alerts depend on the account being on Serasa Premium?
Yes. Real-time CPF/CNPJ monitoring, Dark Web exposure checks and score block/unblock sit behind the paid Premium tier, while the free CPF check and the Serasa Score itself do not. We map which fields the consenting account's plan actually exposes and the integration reports a field as plan-gated rather than returning a silent null.
Is the bank-account data inside Serasa reachable the same way as the bureau score?
No. The bank balances and transactions Serasa pulls in through Conexao Bancaria arrive via Open Finance Brasil consent, a regulated route supervised by the Banco Central do Brasil. The Serasa Score, CPF pendencies and inquiry log are bureau records reached through consented session integration. Most builds use both, scoped separately.
If Serasa changes its app screens, does the feed we ship break?
A front-end change can shift the captured flow. When that happens we re-run the flows against a consenting account, patch the parsers and ship the fix as part of maintenance, so the change is absorbed on our side before it reaches your system.
Most teams take the source-code route: we build the integration, hand over runnable code, the OpenAPI spec, the automated tests and the interface write-up, and you pay from US$300 — settled after delivery, once you are satisfied. If you would rather not run anything yourself, the same surfaces are available as a hosted endpoint you call and pay for per request, with nothing due up front. Turnaround is one to two weeks. Send the app name and what you need out of Serasa's data through our contact page and we will scope it.
App profile: Serasa: Consulta CPF e Score
Serasa: Consulta CPF e Score is the consumer app of Serasa Experian, listed under the package br.com.serasaexperian.consumidor on Google Play and also published on the App Store, per the store listings. It offers free CPF checks (debts, protests, lawsuits, bounced checks), the free Serasa Score on a 0–1000 scale, CPF monitoring and Dark Web alerts on the Premium tier, score block/unblock for third-party inquiries, a digital wallet for bill payment and phone top-ups processed via the group's PagueVeloz, and bank-account linking through Open Finance Brasil. Serasa Experian is headquartered in São Paulo. This profile is a neutral recap for integration scoping.