No-Code Integration Blueprint

ISIN Flow

Method: GET
URL: https://api.isvalid.dev/v0/isin?value={{isin_input}}
Headers:
  Accept: application/json
  User-Agent: [your-app]/1.0
  Authorization: Bearer {{ISVALID_API_KEY}}
Rate Limit: according to your API plan

• Validate local format before API call: exactly 12 characters.
• In production, configure API key in environment (ISVALID_API_KEY).
• If valid, extract fisin, cfi_code, currency, lei and figi.
• If 429, apply fallback and exponential retry.

SWIFT/BIC Flow

Method: GET
URL: https://api.isvalid.dev/v0/bic?value={{bic_input}}
Headers:
  Accept: application/json
  Authorization: Bearer {{ISVALID_API_KEY}}
Regex BIC: /^[A-Z]{6}[A-Z0-9]{2}([A-Z0-9]{3})?$/

• Invalid format returns immediate error.
• Valid format queries API and confirms institution, country and city.
• Final status: BIC CONFIRMED or BIC NOT FOUND.

SBLC / DLC Flow

• There is no trusted free public API for direct validation.
• Perform indirect validation: issuer BIC plus trusted correspondent bank list.
• Open manual task for confirmation via official SWIFT channel (MT799/MT760/MT767).

Suggested Data Store

{
  "id": "uuid",
  "tipo_documento": "ISIN|SWIFT|SBLC|DLC",
  "valor_documento": "string",
  "status_validacao": "PENDENTE|VALIDO|INVALIDO|ERRO|MANUAL",
  "data_validacao": "timestamp",
  "fonte_validacao": "isvalid|swiftref|manual",
  "dados_resposta": {"json_original": "{}"},
  "flags": {"alerta_fraude": true, "requer_acao_manual": false}
}

Retry, Security and Compliance

• Retry: 3 attempts with exponential backoff (1s, 2s, 4s) for 500/502/503/429.
• Use HTTPS, sanitize inputs and enforce rate-limit by user/IP.
• Do not log sensitive documents in plain text.
• LGPD/GDPR: consent, retention period, export and deletion workflow.