Access points to send traffic to BNPP CIB api platform
BNPP CIB API platform is available at the following access points:
Customers and partners accessing BNPP CIB APIs
Urls | Server Certificate | Expires |
https://api-mtls.sandbox.cib.bnpparibas.com | December 21, 2025 | |
https://api-mtls.cib.bnpparibas.com | CRT Format | January 31, 2025 |
https://api.sandbox.cib.bnpparibas.com | CRT Format | December 13, 2024 |
https://api.cib.bnpparibas.com | CRT Format | December 13, 2024 |
EU TPP accessing PSD2 APIs with a QWAC issued by a QTSP
Urls |
Server Certificate | Expires |
https://psd2.api.cib.bnpparibas.com |
CRT Format, P7B Format (Old Cert) |
April 06, 2024 |
https://psd2.api.cib.bnpparibas.com |
CRT Format, P7B Format (New Cert, to be used from March 28th) |
March 22, 2026 |
https://api-mtls.sandbox.cib.bnpparibas.com | same as first section above |
UK TPP accessing PSD2 API with an OBWAC issued by OBIE
Urls | Server Certificate | Expires |
https://ob-uk.api.cib.bnpparibas.com | CRT Format, P7B Format | July 30, 2023 |
https://api-mtls.sandbox.cib.bnpparibas.com | same as first section above |
Traffic from BNPP CIB API Platform
BNPP CIB API Platform is generating traffic for third-parties with signed JWT. Each third-party receiving JWT must check
1) it has been signed by CIB API Platform using the public key bellow,
2) the JWT did not expire,
3) the audience contains their URL.
- traffic from staging
- API Platform public key: CRT Format (expire February 07, 2024)
- traffic from sandbox
- API Platform public key: CRT Format (expire February 07, 2024)
- traffic from production
- API Platform public key: CRT Format (expire February 07, 2024)
Alternatively, mTLS can be used in some scenarios when BNPP CIB API Platform authenticate to a third-party API using a client certificate. The client certificates used are:
- traffic from staging
- Client Certificate: CRT Format
- traffic from sandbox
- Client Certificate: CRT Format
- traffic from production
- Client Certificate: CRT Format