How do I implement curp person lookup in my application?

To implement curp person lookup, integrate with a RENAPO-connected API provider. Send a GET or POST request with the 18-character CURP code, and the API returns the person's registered name, date of birth, gender, and state of birth. Most providers offer REST endpoints with JSON responses.

Can I do a reverse curp person lookup by name?

Yes, some providers support reverse lookup where you provide a person's full name, date of birth, and state of birth to retrieve their CURP. However, this requires more fields and may return multiple matches for common names. It also requires higher authorization levels from some providers.

What data privacy rules apply to curp person lookup?

Under Mexico's LFPDPPP, you must have the person's explicit consent before performing a curp person lookup. Your privacy notice must disclose this data collection, and you must implement proper data retention and deletion policies. Unauthorized lookups can result in significant fines.

Best way to implement curp person lookup in a Node.js backend?

andres_node opened this thread · May 21, 2026 · 1 reply

curp-person-lookup nodejs implementation REST

Question

andres_node Asker May 21, 2026

I need to add curp person lookup functionality to our Express.js API. The flow is: user enters their CURP during registration, we look up their personal data to pre-fill the form, and then they confirm the details are correct.

I've never integrated with a Mexican identity service before. A few questions:

What does a typical curp person lookup API request/response look like?
Should I call the API synchronously (block until response) or use async patterns?
How should I handle cases where the CURP exists but data fields are incomplete?
Is there a standard error code set across providers or is each one different?
Do I need to store the raw API response for compliance auditing?

I looked at doing a reverse curp person lookup too (name + DOB to find CURP) but I'm not sure if that's commonly supported or if it requires special permissions.

Our stack is Node.js 20, Express, PostgreSQL. We'd want to cache successful lookups in our database so we don't re-query for the same user during the same session. Is that acceptable from a compliance standpoint or do we need fresh data every time?

Answers

tania_api_dev May 22, 2026

I've implemented curp person lookup in several Node.js projects. Here's a practical guide:

Typical request/response:

Most providers accept a simple POST or GET with the CURP string. A typical response looks like:

{ "curp": "GARC850101HDFRRL09", "nombre": "CARLOS", "apellido_paterno": "GARCIA", "apellido_materno": "RAMIREZ", "fecha_nacimiento": "1985-01-01", "sexo": "H", "entidad_nacimiento": "DF", "estatus": "VIGENTE" }

Sync vs async:

For a registration form where the user is waiting, use async/await with a timeout. Set a 5-second timeout and show a loading state on the frontend. If the lookup times out, let the user fill in data manually and flag the account for later verification. Never block your event loop.

Incomplete data handling:

RENAPO records from before 2000 sometimes have incomplete data. Your code should treat every field except curp and estatus as potentially null. Pre-fill what you can and let the user complete the rest.

Error handling:

Error codes vary between providers unfortunately. Common patterns include:

404 — CURP not found in RENAPO
400 — invalid CURP format
503 — government service temporarily unavailable
429 — rate limit exceeded

Compliance and caching:

Yes, store the raw response with a timestamp. You'll need this for audits. Caching within the same session is fine — most compliance frameworks don't require you to re-query if the data was fetched within the last 24 hours for the same user action. Just make sure you encrypt the cached personal data at rest in PostgreSQL.

Reverse lookup:

It's supported by some providers but typically requires the full name, exact DOB, and state of birth. Since names must match exactly (including accents), it's error-prone. I'd recommend always asking for the CURP directly if possible — it's the most reliable input for a curp person lookup.

Check API Pull for providers with good Node.js examples in their docs. Some even offer npm packages that handle retries and error normalization for you.

● Thread open · 1 reply

Question

Answers

Find API Providers on apipull.com