This API intends to provide an interface between
- Account Servicing Payment Service Providers (ASPSP)
- A.I.S.P (Account Information Service Provider)
This API is based on STET API version 1.4.1.3.
Swagger versions
Version | Description | |||
1.5.3 | From 13-SEP-2023
|
|||
1.5.2 | From 11-APR-2023
|
|||
1.5.1 | From 15-FEB-2021
|
|||
1.4.1 | From 22-SEP-2020 (Live) /trusted-beneficiaries : Trusted beneficiaries are returned. |
|||
1.3.0 | From 11-MAY-2020
|
|||
1.2.1 | From 23-JAN-2020 - Sandbox : PSU consent will be valid only for 5 days. Therefore, in order to access continually to PSU AISP fake data it will be necessary to strongly authenticate the PSU at least each 5 days (by calling the /authorize endpoint). From 20-JAN-2020 - Sandbox and Live : Update of Callback Links (no change of URLs to access our APIs). - Sandbox and Live : only for Hello bank! accounts, new balance is returned (instant balance - XPCD). |
|||
1.1.0 | From 27-NOV-2019 : Iban is returned. | |||
1.0.0 | From 12-JUL-2019 : Initial Version. |
Details of implementation
Details of implementation | |
/consents | Full-AISP model is implemented (A1 from the STET documentation) therefore PUT/consent endpoint is not implemented. |
/authorize | Time of validity of PSU refresh token is aligned with the strong Customer Authentication. PSU refresh token is valid for 180 days. Specially for Sandbox, PSU refresh token is valid for 5 days in order to facilitate the TPP's tests. |
/accounts | Only payment accounts (cash accounts). Datas following are not returned in this endpoint: - List of card based transactions - List of balances - Identity of the account owner |
/balances | See below for details. |
/transactions | Transactions are sent from newest to oldest booking date. Deferred debit card transactions are integrated with others transactions. No pagination data. DateTo / DateFrom : max 3 months period is returned. |
/owners | See below for details. |
/end-user-identity | Civility, last and first name of the end-user are returned. In case of professional client, the Social Reason is returned instead of civility, last and first name of the end-user. |
/trusted-beneficiaries | Trusted-beneficiaries are returned. No pagination data. |
To access PSD2 BNP PARIBAS French Retail Banking API, scope Hello Bank!, please use one of the following links :
URL | |
PSD2 Sandbox (test data) | https://api.sandbox.bddf.bnpparibas/psd2-sandbox/hellobank/V1.4 |
PSD2 Production (live data) | https://api-psd2.bddf.bnpparibas/psd2/hellobank/V1.4 |
How to use sandbox API ?
<table border="2">
<thead>
<tr>
<td> </td>
<td style="text-align:center">Details of implementation</td>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align:center">AISP sandbox data</td>
<td style="padding: 10px">- The data are fictive. We put the accounts list of fictive users at TPP's disposal.<br/> - Different static fictive balances and transactions are available, depending on the date of the request.<br/>- The transactions are sent from newest to oldest bookingDate. <br/>- There's no consistency between the balances and the transactions.</td>
</tr>
<tr>
<td style="text-align:center">AISP sandbox dataset</td>
<td style="padding: 10px">
<table border="1">
<thead>
<tr>
<td style="text-align:center">User Id</td>
<td style="text-align:center">Dataset</td>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align:center">1231231231</td>
<td style="padding: 10px">6 accounts in EUR => 5 individual accounts (3 individual customers and 2 professionals) and 1 co-account (individual account). <br/>+ 19 trusted-beneficiaries</td>
</tr>
<tr>
<td style="text-align:center">8569856952</td>
<td style="padding: 10px">1 co-account in EUR (individual account). <br/>+ 19 trusted-beneficiaries</td>
</tr>
<tr>
<td style="text-align:center">639828919</td>
<td style="padding: 10px">2 HelloBank! accounts with instant balance.</td>
</tr>
<tr>
<td style="text-align:center">1902163085</td>
<td style="padding: 10px">HelloBank! account with instant balance and 1 MaBanque account without instant balance.</td>
</tr>
<tr>
<td style="text-align:center">8712035648</td>
<td style="padding: 10px">TPP is no longer authorized by its NCA (non-passing-case).</td>
</tr>
<tr>
<td style="text-align:center">8712035648</td>
<td style="padding: 10px">PSU has no payment account (non-passing-case).</td>
</tr>
<tr>
<td style="text-align:center">5668994185</td>
<td style="padding: 10px">TPP is no longer authorized by the PSU (non-passing-case).</td>
</tr>
<tr>
<td style="text-align:center">9999999999</td>
<td style="padding: 10px">No trusted beneficiaries</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style="text-align:center">PSU Identification / Authentication</td>
<td style="padding: 10px">- The PSU identification / authentication is needed at the first step of the PSU sandbox AISP Journey. The password is '785149' for all the users. <br/> - For the PSU SCA in sandbox, only SMS OTP is available in the user interface ; no control is applied as long as numbers are full-filled. The password to test the non-passing case is "00000".<br/></td>
</tr>
</tbody>
</table>
The API is designed on a REST model using JSON structures. The Richardson Maturity Model is applied on level three using HAL HYPERMEDIA links