Third Party Providers can consume the PSD2 PIISP APIs to check if a given amount can be covered by the liquidity that is available on a Connexis Cash user cash account.
Our API allows TPPs to check if a customer has enough funds in his account on behalf of CONNEXIS CASH users. This API intends to provide an interface between:
Payment Instrument Issuer Service Providers (PIISP)
Third Party (Payment Service) Providers (TPP)
TPP act with the Payment Instrument Issuer Service Providers (PIISP) role.
The Payment Service User (PSU) is the owner of the accounts held by the ASPSP and gives accreditations to the TPP in order to access his accounts information or initiates payment from these accounts.
TPPs can now offer coverage payment checks to customers using CONNEXIS CASH eBanking solution.
CONNEXIS CASH chose the Full-AISP model (A1 from the STET documentation) : CONNEXIS CASH does not require to be informed of the details of the PSU consent. Whatever the AISP request, the CONNEXIS CASH will respond, being unable to check the compliance of the request against the user choices. The PUT/Consent request is only applicable in the Mixed model (A2 of the STET documentation), CONNEXIS Cash will not implement such request in the sandbox environment and in the production environment. In accordance with the PSD2, a TPP and a PSU must have a contractual relationship.
However, note that in CONNEXIS CASH, the PSU is a company. The administrator appointed by the company will have to validate in CONNEXIS CASH (Entity setting > 3rd party provider) the use of a TPP for determined user. The scope (aisp / piisp / pisp) provided by the TPP during the Oauth2 flow will be checked against the scope previously selected by an entity administrator for a given TPP on its CONNEXIS CASH web portal.
The API is designed on a REST FULL model using JSON structures. Our API is based on STET (1.4) format.
A sandbox environment is available to facilitate the onboarding and learning process of the TPP.
Those APIs return fake data. No sensitive information shall be shared through the sandbox environment.
On the sandbox environment, Client_credential is the only OAuth 2.0 flow available.
The URL of the production environment is https://psd2.api.cib.bnpparibas.com/.
The TPP must use the OAuth2 Authorization Code Grant flow for AISP, PISP or PIISP scope. The production environment can only be accessed according to the full STET standard and requires a qwac certificate delivered by a QTSP. For a manual onboarding, the TPP should provide its QWAC certificate, callback URL, and EBA reference code to firstname.lastname@example.org
Need support? We are here to help you
In case of technical issue between you as TPP and the bank, please contact us at the following email address : email@example.com
Please be aware that the client can always contact us via his usual BNPP representative as the issue might come from a wrong set up in the client contract.
As part of its legal obligations under PSD2, BNPP CIB implements a fallback mechanism. This fallback solution is not available in sandbox environment with fake data.
This process allows developers to use fallback mechanism only in case the dedicated API is not available and in compliance with the regulation (EU) 2018/389.
The Fallback URL for TPP is the same URL as Connexis Cash customers : https://connexis.bnpparibas.com/
The same requirements regarding identification of TPPs with QWACs apply irrespective of whether the TPPs are accessing the users’ payment accounts via the dedicated interface or via Connexis Cash. The identification of TPPs towards Connexis Cash should be based on the use of qualified certificates for website authentication (QWACs).
Strong customer authentication through Connexis Cash
To access Connexis Cash, the user have to enter his customer credentials. TPP developers can connect to our online banking with this customer credentials in order to retrieve PSD2 data.