Access points to send traffic to BNPP CIB apis
important ! upcoming certificate update for api endpoints
As part of our 2025 certificate renewal, our servers will be using new certificates signed by updated Certificate Authorities
Please make sure your API clients trust these new authorities ( authorities should be added to API client truststore)
Intermediate CA : Thawte EV RSA CA G2_0.crt
Root CA : DigiCert Global Root G2_0.crt
New certificates
| Urls | Server Certificate | Certificate Authority (CA) | Available Starting From |
https://api-mtls.sandbox.cib.bnpparibas.com TEST | July 11th, 2025 | ||
https://api.sandbox.cib.bnpparibas.com TEST | July 11th, 2025 | ||
https://api-mtls.cib.bnpparibas.com PROD | August 23rd, 2025 | ||
https://api.cib.bnpparibas.com PROD | August 23rd, 2025 |
Current certificates
| Urls | Server Certificate | Certificate Authority (CA) | Expires |
https://api-mtls.sandbox.cib.bnpparibas.com TEST |
| July 11th, 2025 | |
https://api.sandbox.cib.bnpparibas.com TEST |
| July 11th, 2025 | |
https://api-mtls.cib.bnpparibas.com PROD | August 23rd, 2025 | ||
https://api.cib.bnpparibas.com PROD | August 23rd, 2025 |
EU TPP accessing PSD2 APIs with a QWAC issued by a QTSP
| Urls | Server Certificate | Expires |
| https://psd2.api.cib.bnpparibas.com | CRT Format, P7B Format | March 22, 2026 |
| https://api-mtls.sandbox.cib.bnpparibas.com | same as first section above |
UK TPP accessing PSD2 API with an OBWAC issued by OBIE
| Urls | Server Certificate | Expires |
| https://ob-uk.api.cib.bnpparibas.com | CRT Format, P7B Format | July 30, 2023 |
| https://api-mtls.sandbox.cib.bnpparibas.com | same as first section above |
Traffic from BNPP CIB API Platform (JWT)
BNPP CIB API Platform is generating traffic for third-parties with signed JWT. Each third-party receiving JWT must check
1) it has been signed by CIB API Platform using the public key bellow,
2) the JWT did not expire,
3) the audience contains their URL.
- traffic from staging
- API Platform public key: CRT Format
- traffic from sandbox
- API Platform public key: CRT Format
- traffic from production
- API Platform public key: CRT Format
Traffic from BNPP CIB API Platform (MTLS)
Alternatively, mTLS can be used in some scenarios when BNPP CIB API Platform authenticate to a third-party API using a client certificate. The client certificates used are:
- traffic from non prod
- Client Certificate: api-mtls-global.sandbox.cib.bnpparibas.com.crt
- Intermediate : Entrust Certification Authority - L1M.crt
- Root : Entrust Root Certification Authority - G2.crt
- traffic from production
- Client Certificate: api-mtls-global.cib.bnpparibas.com.crt
- Intermediate : Entrust Certification Authority - L1M.crt
- Root : Entrust Root Certification Authority - G2.crt
Important ! upcoming certificate update for 2025
As part of our 2025 certificate renewal, our client certificate will be using new certificates signed by updated Certificate Authorities
Please contact your BNP API Provider for more information
- traffic from non prod
- Client Certificate: api-mtls-global_sandbox_cib_bnpparibas_com_0.crt
- Intermediate : Thawte EV RSA CA G2_0.crt
- Root : DigiCert Global Root G2_0.crt
- traffic from production
- Client Certificate: api-mtls-global_cib_bnpparibas_com_0.crt
- Intermediate : Thawte EV RSA CA G2_0.crt
- Root : DigiCert Global Root G2_0.crt
