API Platform

Access points to send traffic to BNPP CIB apis

important ! upcoming certificate update for api endpoints

As part of our 2025 certificate renewal, our servers will be using new certificates signed by updated Certificate Authorities

Please make sure your API clients trust these new authorities ( authorities should be added to API client truststore)

Intermediate CA : Thawte EV RSA CA G2_0.crt

Root CA : DigiCert Global Root G2_0.crt

New certificates

Current certificates

EU TPP accessing PSD2 APIs with a QWAC issued by a QTSP

CURRENT CERTIFICATE : UK TPP accessing PSD2 API with an OBWAC issued by OBIE

NEW CERTIFICATE - UK TPP accessing PSD2 API with an OBWAC issued by OBIE 

Traffic from BNPP CIB API Platform (JWT)

BNPP CIB API Platform is generating traffic for third-parties with signed JWT. Each third-party receiving JWT must check
1) it has been signed by CIB API Platform using the public key bellow,
2) the JWT did not expire,
3) the audience contains their URL.

• traffic from staging
  • API Platform public key: CRT Format
• traffic from sandbox
  • API Platform public key: CRT Format
• traffic from production
  • API Platform public key: CRT Format

Traffic from BNPP CIB API Platform (MTLS)

Alternatively, mTLS can be used in some scenarios when BNPP CIB API Platform authenticate to a third-party API using a client certificate. The client certificates used are

• traffic from non prod
  • Client Certificate: api-mtls-global_sandbox_cib_bnpparibas_com_0.crt
  • Intermediate : Thawte EV RSA CA G2_0.crt
  • Root : DigiCert Global Root G2_0.crt
• traffic from production
  • Client Certificate: api-mtls-global_cib_bnpparibas_com_0.crt
  • Intermediate : Thawte EV RSA CA G2_0.crt
  • Root : DigiCert Global Root G2_0.crt