Bureau compliance reports
A bureau report packages the KYC findings from a completed bureau run into a structured PDF. You choose between a concise summary and a full dossier depending on the use case — internal onboarding flow vs. regulatory inspection.GET /api/v1/bureau/runs/{id}/report
Downloads a bureau compliance report for a completed run. The endpoint redirects302 to a time-limited signed URL from which the PDF is streamed directly.
Authentication: X-API-Key with runs:read scope.
PDF generation is idempotent. The first request for a given
run_id and mode generates and stores the document; all subsequent requests return the same stored file instantly. Reports cannot be deleted or modified after generation.Path parameters
The
run_id of a completed run. The run must have reached a terminal status (completed, failed, partial) before a report can be generated.Query parameters
Report format:
"resumido"— Summary report (~3 pages). Includes the overall compliance decision, risk band, key findings, and analyst sign-off block. Suitable for customer files and quick internal review."completo"— Full dossier (20+ pages). Includes all source data, partner (QSA) graphs, legal proceedings, complete per-check details, and an appendix. Suitable for regulatory inspection and in-depth AML review.
Response — 302 Redirect → application/pdf
Your HTTP client follows the redirect and receives the PDF as a binary stream. The signed download URL is valid for 1 hour.
Requesting
mode=completo may take a few seconds longer on first generation, as it renders all source data, QSA partner runs, and appendix sections. Subsequent requests for the same run return the cached file immediately.curl examples
Error responses
| HTTP status | Cause |
|---|---|
400 | Missing or invalid mode parameter (resumido or completo are the only accepted values). |
400 | The run has not reached a terminal status yet — wait for completion before requesting the report. |
404 | The report has not been generated yet. Trigger generation from the kycert dashboard or the POST endpoint before calling GET. |
403 | The API key does not have runs:read scope. |
FX operation laudo
An FX operation laudo is a cambial compliance certificate generated once the AI analysis for an operation has been completed. The laudo consolidates the regulatory classification, tax information, AML risk assessment, and analyst decision into a single signed PDF document.GET /api/v1/operacoes/{id}/laudo.pdf
Downloads the laudo de enquadramento cambial for a completed FX operation. The PDF is generated on demand and delivered as a direct binary response (not a redirect). Authentication:X-API-Key with runs:read scope.
Path parameters
The ID of the FX operation. The operation must have a completed AI analysis (
ai_report must be present) before the laudo can be generated.Response — 200 OK (application/pdf)
The response body is the raw PDF binary. The Content-Disposition header carries the suggested filename in the format laudo-{nature_code}-{date}-{laudo_number}.pdf.
The laudo contains the following AI-generated compliance fields:
| Field | Description |
|---|---|
operation_nature | Regulatory classification of the FX operation (e.g., remessa a título de serviços). |
taxation_irrf | Applicable IRRF (withholding tax) rate and basis. |
taxation_iof | Applicable IOF (financial operations tax) rate and basis. |
main_characteristics | Key regulatory characteristics of this operation nature. |
required_documents | Documents required under BCB and Receita Federal rules. |
cide | CIDE (contribution on economic domain) applicability, when relevant. |
siscoserv | SISCOSERV registration requirement, when applicable. |
regulations | Governing regulations and BCB circulars for this operation nature. |
Rate limit
Each operation may generate up to 10 laudos per hour. Requests beyond this limit return429 Too Many Requests.
curl example
Error responses
| HTTP status | Cause |
|---|---|
400 | The operation is still in draft status (rascunho). Complete the submission before generating the laudo. |
400 | The AI analysis has not been requested yet. Trigger analysis from the dashboard or via the operation detail API first. |
404 | Operation not found or does not belong to your account. |
429 | Rate limit exceeded: more than 10 laudo downloads in the past hour for this operation. |
Report availability
Reports and laudos are generated lazily on first request and stored immutably thereafter.| Document | Available when |
|---|---|
Bureau report (resumido or completo) | Run status is completed, failed, or partial and generation has been triggered. |
| FX operation laudo | Operation AI analysis is complete (ai_report is not null) and the operation is not in rascunho status. |
Reports cannot be deleted. They form part of your immutable compliance audit trail as required by BCB Circular 3.978/2020. Once stored, the same document is returned on every subsequent download request for that run ID and mode combination.
Idempotency
PDF generation is fully idempotent. Calling a report endpoint multiple times for the samerun_id (and mode, for bureau reports) always returns the identical document. kycert checks for an existing record before generating a new PDF — if one exists, it is returned immediately without re-rendering.
This means you can safely retry download requests in your integration without risk of generating duplicate documents or incurring additional generation costs.