Skip to main content

Funds Confirmation (PSD2 STET)1.4.0.47

Overview

Third Party Providers can consume the PSD2 PIISP APIs to check if a given amount can be covered by the liquidity that is available on a Connexis Cash user cash account.

Our API allows TPPs to check if a customer has enough funds in his account on behalf of CONNEXIS CASH users. This API intends to provide an interface between:

  • Payment Instrument Issuer Service Providers (PIISP)

  • Third Party (Payment Service) Providers (TPP)

TPP act with the Payment Instrument Issuer Service Providers (PIISP) role.

The Payment Service User (PSU) is the owner of the accounts held by the ASPSP and gives accreditations to the TPP in order to access his accounts information or initiates payment from these accounts.

TPPs can now offer coverage payment checks to customers using CONNEXIS CASH eBanking solution.

User Consent

CONNEXIS CASH chose the Full-AISP model (A1 from the STET documentation) : CONNEXIS CASH does not require to be informed of the details of the PSU consent. Whatever the AISP request, the CONNEXIS CASH will respond, being unable to check the compliance of the request against the user choices. The PUT/Consent request is only applicable in the Mixed model (A2 of the STET documentation), CONNEXIS Cash will not implement such request in the sandbox environment and in the production environment. In accordance with the PSD2, a TPP and a PSU must have a contractual relationship.

However, note that in CONNEXIS CASH, the PSU is a company. The administrator appointed by the company will have to validate in CONNEXIS CASH (Entity setting > 3rd party provider) the use of a TPP for determined user. The scope (aisp / piisp / pisp) provided by the TPP during the Oauth2 flow will be checked against the scope previously selected by an entity administrator for a given TPP on its CONNEXIS CASH web portal.

API Architecture

The API is designed on a REST FULL model using JSON structures. Our API is based on STET (1.4) format.

Sandbox

A sandbox environment is available to facilitate the onboarding and learning process of the TPP.

Those APIs return fake data. No sensitive information shall be shared through the sandbox environment.

On the sandbox environment, Client_credential is the only OAuth 2.0 flow available.

Production

The URL of the production environment is https://psd2.api.cib.bnpparibas.com/.

The Authorization code url is : https://api.cib.bnpparibas.com/oauth2/v1/authorize?client_id={cliend_id}&response_type=code&scope={scopes}&redirect_uri={redirect_uri}&state={state}.

The TPP must use the OAuth2 Authorization Code Grant flow for AISP, PISP or PIISP scope. The production environment can only be accessed according to the full STET standard and requires a qwac certificate delivered by a QTSP. For a manual onboarding, the TPP should provide its QWAC certificate, callback URL, and EBA reference code to dl.cib.api.psd2.support@bnpparibas.com

Support

Need support? We are here to help you

In case of technical issue between you as TPP and the bank, please contact us at the following email address : dl.cib.api.psd2.support@bnpparibas.com

Please be aware that the client can always contact us via his usual BNPP representative as the issue might come from a wrong set up in the client contract.

Fallback Process

As part of its legal obligations under PSD2, BNPP CIB implements a fallback mechanism. This fallback solution is not available in sandbox environment with fake data.

Prerequisite

This process allows developers to use fallback mechanism only in case the dedicated API is not available and in compliance with the regulation (EU) 2018/389.

URL Fallback

The Fallback URL for TPP is the same URL as Connexis Cash customers : https://connexis.bnpparibas.com/

TPP identification

The same requirements regarding identification of TPPs with QWACs apply irrespective of whether the TPPs are accessing the users’ payment accounts via the dedicated interface or via Connexis Cash. The identification of TPPs towards Connexis Cash should be based on the use of qualified certificates for website authentication (QWACs).

Strong customer authentication through Connexis Cash

To access Connexis Cash, the user have to enter his customer credentials. TPP developers can connect to our online banking with this customer credentials in order to retrieve PSD2 data.

About us

BNP Paribas CIB is a leading global financial services firm, offering you solutions in capital markets, securities services, advisory, finance and treasury

 

group2