How a member's Sicredi data is reached
Sicredi's app sits on a back end that Banco Central do Brasil already regulates as an Open Finance Brasil participant. Sicredi's own published Open Finance material dates its onboarding project to April 2021 — ahead of the phase that made participation mandatory — and it appears on the Open Finance Brasil participant list. That changes the integration problem. The cleanest route to a member's account data is not a scrape; it is consented sharing over a standardized, contract-stable interface that the regulator itself defines.
We work two routes here and treat the regulated one as the spine.
Open Finance Brasil consented sharing
This is the route we would build the integration around. With the member's electronic consent, the standardized resources cover registration data, balances, transactions, credit operations, credit cards and — through the later phase — investments, FX and insurance positions. Authentication follows the Brazilian FAPI profile: mutual-TLS, signed client assertions, and a consent object created before any account call. Durability is the strong argument: the schema is fixed by the ecosystem, so a Sicredi front-end redesign does not break the feed. We handle the participant onboarding or the consent journey with you during the engagement; it is part of the work, not a gate.
Authorized protocol analysis of the app
Some surfaces are composed inside the app in ways the regulated resources do not mirror exactly — the "Sicredi Extrato" view, for instance, blends investments, card limits, credit installments due, retirement fund positions and consortium quotas into one screen. Where you need that exact composition or a field the standardized set does not carry, we capture and document the app's own authenticated traffic under your authorization. It is medium effort and medium durability; we keep a maintenance check that re-validates the captured flow whenever Sicredi ships a front-end change.
User-consented session as a fallback
Where neither of the above fits a deadline, a member-driven consented session — run under the member's authorization, gated by the same password and Internet Banking security device the app already requires — can stand in. Lower durability, but it gets data moving while the regulated route is provisioned.
What the Sicredi app actually holds
The table maps each surface to where the member sees it, how fine-grained it is, and what an integrator does with it. Rows reflect the app's own menus, not a generic bank checklist.
| Data domain | Where it originates in the app | Granularity | What an integrator does with it |
|---|---|---|---|
| Balances & conta corrente | "Current Account" / Saldo screen | Per-account, near real-time | Cash-position dashboards, treasury sweeps |
| Sicredi Extrato | Opt-in "Subscribe/View Sicredi Extrato" view under Current Account | Dated lines, plus aggregated cards, credit, retirement and consortium | Reconciliation and bookkeeping sync |
| Pix activity | Pix area — sent, received, Agendado, Recorrente, Automático | Per-transaction with key/QR metadata | Payment-ops feeds, recurring-payment tracking |
| Cards | Card information screen and Sicredi Extrato | Limits, history, installments due | Spend feeds, credit monitoring |
| Investments | Savings (poupança) and funds screens, Sicredi Extrato | Positions and fund balances | Portfolio aggregation, net-worth views |
| Loans & credit | Loans screen, credit installments in Extrato | Contracts and instalment schedules | Lending dashboards, affordability checks |
| Consortiums & retirement | Sicredi Extrato aggregation | Group, quota, instalments; fund positions | Wealth-aggregation and planning tools |
What lands in your repo
The output is a working integration for the surfaces above, not a report. For Sicredi that means:
- An OpenAPI specification covering the consent object, account discovery, balances, transactions and the credit/investment resources you need.
- A protocol and auth-flow report documenting the FAPI chain — mTLS, the signed client assertion, consent creation and the token exchange — exactly as exercised against Sicredi.
- Runnable source for the key calls in Python or Node.js: consent setup, account list, balance and statement pulls, with pagination and the joint-account consent check wired in.
- Automated tests against a sandbox or a consenting member account, including the unsubscribed-Extrato and expired-consent paths.
- Interface documentation and data-retention guidance covering consent records and minimization.
An extract pull, in code
Illustrative shape of the consented path — endpoint paths and field names are confirmed against the live flow during the build, not guessed here.
# Open Finance Brasil resource access — FAPI (mTLS + private_key_jwt)
# Illustrative; exact paths/claims verified during the engagement.
sess = mtls_session(client_cert, client_key) # transport-layer mutual TLS
# 1. token with a signed client assertion (no shared secret)
tok = sess.post(f"{AUTH}/token", data={
"grant_type": "client_credentials",
"scope": "consents",
"client_assertion_type":
"urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion": signed_jwt(client_id, AUTH),
}).json()["access_token"]
# 2. create the consent: scope it to what the member agreed to
consent = sess.post(f"{API}/open-banking/consents/v3/consents",
headers={"Authorization": f"Bearer {tok}"},
json={"data": {"permissions": [
"ACCOUNTS_READ", "ACCOUNTS_BALANCES_READ",
"ACCOUNTS_TRANSACTIONS_READ", "CREDIT_CARDS_ACCOUNTS_READ"],
"expirationDateTime": iso(plus_days(90))}}).json()
# 3. member authorizes -> authorization_code -> member-bound access token
member_tok = redeem_code(sess, await_redirect(consent["data"]["consentId"]))
# 4. accounts -> balances -> transactions
for acc in get(sess, member_tok,
f"{API}/open-banking/accounts/v2/accounts")["data"]:
aid = acc["accountId"]
bal = get(sess, member_tok,
f"{API}/open-banking/accounts/v2/accounts/{aid}/balances")
txns = paged(sess, member_tok,
f"{API}/open-banking/accounts/v2/accounts/{aid}/transactions")
emit(normalize(acc, bal, txns)) # joint-account consent checked upstream
Open Finance Brasil consent, and how we stay inside it
The scheme is run by Banco Central do Brasil. Consent under it is defined as a free, informed, prior and unequivocal statement made by electronic means, for a specific purpose and a fixed window — not a standing grant. Three things shape how we build against Sicredi specifically. Joint-account transactions need every holder with transactional access to consent. Consents expire, so a feed silently dying is a real failure mode unless the renewal window is designed in. And the permission set requested has to match what the member actually agreed to, nothing wider.
Our posture is the ordinary professional one: access is authorized or user-consented, every consent and call is logged, only the permitted fields are retained, and an NDA is in place where the work touches your side. None of that is a hurdle put in front of you — it is how the integration is run.
Engineering judgments specific to Sicredi
Things we account for on this app because they are particular to it:
- Sicredi Extrato is opt-in. A member subscribes to it inside the app; it is not on by default. We map the card, consortium and retirement fields as conditionally present, so an unsubscribed member yields a clean gap instead of a broken record.
- Joint conta corrente consent. We model the sync so a joint account only flows once each required holder's consent is on file, and the integration names the missing holder rather than returning a silent partial.
- Consent-window design. We build the sync around the consent expiry and schedule a re-consent prompt ahead of it, so a member's feed does not lapse unnoticed mid-cycle.
- Cooperative, not one bank. Sicredi is a federation of cooperatives on a shared core; we keep the integration tolerant of per-cooperative differences in what a member can see, rather than assuming one uniform tenant.
- Device-bound session. The app gates on the same password and Internet Banking security device as the web channel; we design the auth flow around that device-bound session and arrange the consenting or sandbox account with you during onboarding.
Where integrators put this to work
- An accounting platform syncing a cooperative member's conta corrente and Extrato lines straight into reconciliation, with Pix in and out tagged.
- A wealth tool aggregating a member's funds, poupança, consortium quotas and retirement positions next to holdings held elsewhere.
- A lender pulling consented credit-card limits and loan instalment schedules for an affordability decision on an agribusiness member.
- A treasury system tracking near-real-time balances across several Sicredi accounts held by one cooperative-member business.
Working with us, and what it costs
A runnable Sicredi consent-and-extract client, with its FAPI auth chain documented and tested, lands in your repository from $300 — and that is billed only after delivery, once you have confirmed it works against your account or sandbox. The alternative is our hosted endpoints: you call them and pay per call, with nothing paid up front. Either path runs on a one-to-two-week cycle, and you bring just the app name and what you want out of its data — the consent journey and any participant onboarding are arranged with you as part of the job. Start the conversation at /contact.html.
Screens we mapped
Public Play Store screenshots used while tracing where each data surface lives. Select to enlarge.
What was checked
Checked in May 2026: Sicredi's published Open Finance material and its appearance on the Open Finance Brasil participant directory; Banco Central do Brasil's role and the scheme's consent definition and phase scope; the app's own feature and "Sicredi Extrato" descriptions; and Sicredi's published company history. Primary sources:
- Open Finance Brasil — participating institutions
- Banco Central do Brasil
- Sicredi — Sicredi Extrato feature page
- Sicredi — published company history
Mapped by the OpenBanking Studio integration desk · 2026-05-17.
Questions integrators ask about Sicredi
Does Sicredi's Open Finance participation reach investments and cards, or just the current account?
It reaches more than the conta corrente. Sicredi joined every phase of Open Finance Brasil, so registration and transactional data (Phase 2) plus investments, FX and insurance (Phase 4) are within the standardized resource set. Credit cards and loans fall under that scope too. Part of the build is mapping which Open Finance resource each Sicredi surface — balances, Extrato lines, card limits, fund positions — actually lands under, since the app's own naming does not match the API naming one to one.
A member's conta corrente is joint and only one holder has consented — how is that handled?
Open Finance Brasil requires every holder with transactional access to a joint account to consent before that account's transactions can be shared. We model the sync so a joint conta corrente only flows once each required holder's consent is on file, and the integration reports which holder's consent is still missing instead of silently returning a partial or empty statement.
Sicredi Extrato aggregates consortiums and retirement positions — can those be integrated as well?
Yes, where the member has subscribed to Sicredi Extrato inside the app, since that view is opt-in rather than on by default. Consortium group, quota and installment data and retirement fund positions are reachable either through authorized protocol analysis of the Extrato view or through the Open Finance investment resources. We map these fields as conditionally present so an unsubscribed member produces a clean gap rather than a broken record.
We only have a consenting member login, not a Banco Central participant registration — can you still build it?
Yes. The build runs against a consenting member account or a sandbox, and the participant onboarding or consent journey on the Open Finance side is arranged with you during the engagement rather than expected up front. A member test login is enough to capture and validate the flow; the regulated-route paperwork is set up alongside the work.
App profile — Sicredi (factual recap)
Sicredi is the app of Banco Cooperativo Sicredi, a Brazilian credit-cooperative financial system. Per Sicredi's published history, Brazil's first credit cooperative was founded in 1902 in Nova Petrópolis, Rio Grande do Sul, by the Swiss priest Theodor Amstad; the app describes Sicredi as the first cooperative financial institution in Brazil and says it offers more than 300 financial products and services. The app (package br.com.sicredimobi.smart on Google Play, also on iOS) is for members and provides balance and statement viewing, bill and tax payment and scheduling, Pix, transfers, investments, loans, credit and debit card information, agency location, and a mobile token / QR code. It is gated by the member's password and Internet Banking security device, and supports Samsung Pay and Google Pay (Pix por Aproximação) per the app's own description.