DashboardHome
GuidesAPI ReferenceChangelog
DashboardHomeLog In
Guides

Verify a CLABE before payout

What it is

Before paying a real amount to a CLABE that your user just typed into a form, you can send a 0.01 MXN micro-deposit to that CLABE and get back the real holder's name and RFC. This lets you confirm the destination is who your user says it is — catching typos, preventing fraud, and satisfying compliance requirements.

Best for

Any flow where the counterparty's CLABE is user-entered: withdrawals from wallets, P2P transfers, onboarding a new vendor, marketplace seller setup.

How the money flows

sequenceDiagram
    autonumber
    participant You as Your backend
    participant Fintoc
    participant Dest as Destination bank

    You->>Fintoc: POST /v2/account_verifications (JWS)
    Fintoc->>Dest: 0.01 MXN micro-deposit
    Dest-->>Fintoc: Receipt with holder info
    Fintoc->>You: account_verification.succeeded (holder_id, holder_name)
    You->>You: Compare against what your user typed

How to configure it

1. Call the Account Verification endpoint

Requires a valid JWS signature because it moves 0.01 MXN from your Account.

curl --request POST \\
     --url <https://api.fintoc.com/v2/account_verifications> \\
     --header 'Authorization: sk_test_...' \\
     --header 'Fintoc-JWS-Signature: ...' \\
     --header 'content-type: application/json' \\
     --data '{ "account_number": "012969100000000110" }'

You'll get back an account_verification in pending status with holder_id and holder_name set to null.

2. Wait for the webhook

EventWhen it firesRecommended action
account_verification.succeededMicro-deposit settled and the holder info came back on the CEP.Compare counterparty.holder_name / holder_id against what your user typed. If they don't match closely enough, block the payout.
account_verification.failedVerification couldn't complete. The reason field tells you why.Ask the user to double-check the CLABE, or try again later.

3. Cache results

Holder info for a given CLABE doesn't change often. Store successful verifications keyed by CLABE so you don't re-verify the same destination on every payout. Many teams run verification at onboarding (when the user first adds a payout destination) and skip it on subsequent withdrawals to the same CLABE.

4. Don't over-trust exact string matches

Holder names from bank receipts aren't normalized. JOSE GONZALEZ PEREZ vs Jose Gonzalez P. should generally pass. Use a fuzzy-match threshold and consider RFC (holder_id) as the stricter signal.

For more details, check Verify CLABEs.

Updated about 2 hours ago

What’s Next