RFC validation API

The RFC service allows you to validate a Registro Federal de Contribuyentes (RFC). The process involves sending the string RFC to the service for validation. The service verifies the RFC sent in the Servicio de Administración Tributaria (SAT), thereby confirming the tax identity of an individual or a company.

Use cases

Digital onboarding: Automatically retrieves official data found in the SAT source during customer registration, without manual uploads.
KYC compliance: Collects and stores official identity data with authenticity guaranteed from the SAT source.
Financial services onboarding: Confirms that the RFC exists and that the RFC is registered under the name of the person who provided the proof for validation.
Fraudulent data detection: The service identifies characteristics of fraudulent data and detects all that do not match the official source, helping to prevent potential fraud attempts.

Base URL

https://web-prod01.tuidentidad.com

Authentication

Each company is assigned a unique, non-transferable API key that must be included to authenticate requests.

Headers

Tag	Type	Required	Description
ApiKey	string	yes	Customer key.

Example: ApiKey: YOUR_API_KEY

Rate Limit RFC using RFC

30QPM avg=2.83s min=1.46s med=1.93s max=47.43s p(90)=2.66s p(95)=2.78s

Endpoint

Method	Endpoint	Description
POST	/api/rfc/validate	Validate RFC using RFC string.

RFC by RFC string

Validates an RFC directly using the RFC value.

POST /api/rfc/validate

Request

Body Parameters

field	Type	Required	Description
rfc	string	yes	RFC string to validate Examples: XAXX010101000 for generics, 12 characters for business, 13 characters for physical persons.

Example Request

CURL

curl -X POST "https://web-prod01.tuidentidad.com/api/rfc/validate" \ -H "accept: application/json" \ -H "ApiKey: {YOUR_API_KEY}" \ -H "Content-Type: application/json" \ -d '{ "rfc": "XAXX010101000" }'

Successful Response

{
  "valid": true,
  "data": {
    "personType": "string",
    "rfc": "string",
    "businessName": "string",
    "name": "string",
    "registerStatus": "string",
    "emailContact": "string",
    "effectiveDate": "string"
  },
  "warnings": [
    {
      "code": "string",
      "message": "string",
      "fullMessage": "string"
    }
  ]
}

Response fields

Field	Type	Description
valid	boolean	Indicates whether the RFC validation was successful
data	object	Extracted and validated RFC information
warnings	array	List of warnings or non-critical issues
code	string	Error code.
message	string	Error message.
fullMessage	string	Complete message of the error code.

Data object

Field	Type	Description
personType	string	Person type could be 1=physical person, 2=juridical person.
rfc	string	Registro Federal de Contribuyentes.
businessName	string	Legal name of the company.
name	string	Name.
registerStatus	string	Register status.
emailContact	string	E-mail for contact.
effectiveDate	string	Effective date.

HTTP Status Codes

The API uses standard HTTP status codes to indicate the success or failure of a request.

Code	Status	Description
200	OK	The request was successfully processed. The response may include warnings.
204	No Content	The request was successful but no content is returned.
400	Bad Request	The request is invalid or missing required parameters.
500	Internal Server Error	An unexpected error occurred on the server.
503	Service Unavailable	An internal service or external dependency is temporarily unavailable.
504	Gateway Timeout	The request to an external service timed out.

Error response format

Field	Type	Description
code	string	Error code identifier
message	string	Message
fullMessage	string	Complete message of the error code.

json structure when the RFC is valid

{
    "valid": boolean,
    "data": {
        "personType": "string",
        "rfc": "string",
        "businessName": "string",
        "name": "string",
        "registerStatus": "string",
        "emailContact": "string",
        "effectiveDate": "string"
    },
    "warnings": [
        {
            "code": "string",
            "message": "string",
            "fullMessage": "string"
        }
    ]
}

JSON response when the RFC is invalid

{
    "code": "string",
    "message": "string",
    "fullMessage": "string"
}

Error codes

Warnings codes

Code	Message	Description	HTTP code
RFCS001	Failed to retrieve data.	The service was unable to retrieve the requested data.	500
RFCS004	The $0$ field is required.	The request contains required fields that are empty or contain only blank spaces.	400
RFCS007	Inconsistent data detected.	The OCR process detected inconsistent or incorrect information in the document.	400
RFCS010	Invalid API key.	The provided API key is invalid.	401
RFCS011	Request timed out.	The server took too long to respond and the request timed out.	500
RFCS012	Failed to retrieve server response.	An error occurred while retrieving the response from the server.	500
RFCS013	RFC or BusinessName does not match the source.	The provided RFC does not match the company information registered in the SAT.	400
RFCS014	No certificates found for the RFC.	The RFC does not have any certificates available for validation.	203
RFCS015	Invalid RFC format.	The provided RFC does not have a valid format.	400
RFCS016	SAT service unavailable.	The SAT service is temporarily unavailable.	503
RFCS017	No matches found in SAT.	The RFC was not found in the SAT database.	203
RFCS019	RFC information not found.	No information associated with the RFC could be retrieved from SAT.	203
RFCS020	Fiscal regime information cannot be verified.	The fiscalRegime and fiscalRegimeDate fields could not be verified against SAT records.	400
RFCS021	RFC values do not match in OCR results.	The RFC, RFCBarcode, and RFCDic values extracted during OCR processing do not match.	400

Support

If you encounter issues integrating the API, contact the Tu Identidad support team.