Skip to main content

Strong Authentication through Connexis Cash

With Connexis Cash APIs, there are 2 Strong Contumer Authentications (SCA) required from the user:

  • When the user authenticates himself to access Connexis Cash environment through the Redirect approach in the OAuth token generation
  • When the user wants to authorize a payment.



SCA screen during OAuth token generation

This authentication process must be performed by the client for any service he wants to use: AISP, PISP and PIISP. It allows him to access the Connexis Cash environment.  

1. After the client is redirected to Connexis Cash log in page, the client connects  the same way as today : He enters his Authentication ID and his 6-digit password (OTP).

Connexis PSD2 Login













2. If the user has access to several entities, he is redirected to a page to choose the one he wants to work in



PISP SCA screen

When the client initiates a payment, at the final stage, he needs to authorize/sign it. This must be done through SCA.

The PISP redirects the user to Connexis Cash, where this one was previously authenticated.


The challenge code (OTP) requested from the user includes a dynamic link as defined under Article 5 of the RTS. After finalizing the strong authentication, Connexis Cash redirects the user to the TPP interface.



The customer obtains his OTP, allowing him to log in or to authorize a payment,  through his physical token or his Connexis Pass application (screen of mobile application) :





About us

BNP Paribas CIB is a leading global financial services firm, offering you solutions in capital markets, securities services, advisory, finance and treasury