Account information - Ma Banque Entreprise

v1.3.3 based on STET v1.4.1.3
Provided by:
PSD2 Team
Status:
Live
Category:
PSD2
Last update:
2023-11-27
Tags
#ACCOUNT INFORMATION
BNP
AISP
Contact the API Owner

This API intends to provide an interface between

  • Account Servicing Payment Service Providers (ASPSP)
  • A.I.S.P (Account Information Service Provider)

This API is based on STET API version 1.4.1.3.

Swagger versions

Version Description
1.3.3 From 13-SEP-2023
Since 25 July 2023, PSU refresh token changed: 24 hours to 180 days.
1.3.2 From 11-APR-2023
- Sandbox (11 APR 2023) and Live (06 JUN 2023):

/owners :
Return owner : real person or a company.
- In the first case, the name of the real person owning the account is provided in [Identity] block.
 - In the second case, the identity of the company owning the account is provided in [company] block.
1.3.1 From FEB-2022
/transactions :
List of transactions is limited to : 700 accounted transactions and 700 pending transactions returned (like "MaBanque Entreprise" Web-Banking).
1.3.0 From 11-MAY-2020
- Sandbox (only) :
/balances : ReferenceDate is returned.
/balances : Data "name" aligned with live balance value.
/transactions :
ValueDate is returned only for professional clients (see data “usage” from /accounts).
 TransactionDate is deprecated. This data should not be used.
 New controls DateTo / DateFrom (See Details).
 DateTo / DateFrom : max 15 days period is returned.
1.2.1 From 23-JAN-2020
-Sandbox : PSU consent will be valid only for 5 days. Therefore, in order to access continually to PSU AISP fake data it will be necessary to strongly authenticate the PSU at least each 5 days (by calling the /authorize endpoint).

From 20-JAN-2020
- Sandbox and Live : Update of Callback Links (no change of URLs to access our APIs).
1.1.0 From 27-NOV-2019 : Iban is returned.
1.0.0 From 05-SEP-2019 : Initial Version.


Details of implementation

Details of implementation
/consents Full-AISP model is implemented (A1 from the STET documentation) therefore PUT/consent endpoint is not implemented.
/authorize Time of validity of PSU refresh token is aligned with the Strong Customer Authentication.
PSU refresh token is valid for 180 days.
/accounts Only payment accounts (cash accounts).
Datas following are not returned in this endpoint:
- List of card based transactions
- List of balances
- Identity of the account owner
/balances See below for details

If there is no future transactions, future balance (OTHR) is not returned
/transactions Transactions are sent from newest to oldest booking date.
Deferred debit card transactions are integrated with others transactions.
No pagination data.
DateTo / DateFrom : max 15 days period is returned.
/owners See below for details.
/end-user-identity Civility, last and first name of the end-user are returned.
/trusted-beneficiaries Not implemented yet.


To access PSD2 BNP PARIBAS French Retail Banking API, please use one of the following links :

URL
PSD2 Sandbox (test data) with eIDAS certificate https://api.sandbox.bddf.bnpparibas/psd2-sandbox/corporate/V1.4
PSD2 Production (live data) https://api-psd2.bddf.bnpparibas/psd2/corporate/V1.4

How to use sandbox API ?

  <table border="2">
    <thead>
      <tr>
        <td></td>
        <td style="text-align:center">Details of implementation</td>
      </tr>
    </thead>
    <tbody>
      <tr>
        <td style="text-align:center">AISP sandbox data</td>
        <td style="padding: 10px">- The data are fictive. We put the accounts list of fictive users at TPP's disposal.</br> - Different static fictive balances and transactions are available, depending on the date of the request.</br>- The transactions are sent from newest  to oldest bookingDate. </br>- There's no consistency between the balances and the transactions.
        </td>
      </tr>
      <tr>
        <td style="text-align:center">AISP sandbox dataset</td>
        <td style="padding: 10px">
        <table border="1">
          <thead>
            <tr>
              <td style="text-align:center">User Id</td>
              <td style="text-align:center">Dataset</td>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td style="text-align:center">72318812</td>
              <td style="padding: 10px">2 accounts in EUR and USD</td>
            </tr>
            <tr>
              <td>22319812 </td>
              <td>&nbsp; 13 accounts (11 in EUR and 2 in USD)</td>
            </tr>
            <tr>
              <td style="text-align:center">32317812</td>
              <td style="padding: 10px">9 accounts (7 in EUR and 2 in USD)</td>
            </tr>
            <tr>
              <td style="text-align:center">97317812 </td>
              <td style="padding: 10px">1 account in EUR (this user did not subscribe to our online service for corporates allowing to consult transactions over  90 days)</td>
            </tr>
            <tr>
              <td style="text-align:center">73178881 </td>
              <td style="padding: 10px">No enterprise  authorization given to allow the TPP to access to accounts data (non passing-case)</td>
            </tr>
            <tr>
              <td style="text-align:center">55317817 </td>
              <td style="padding: 10px">PSU has no payment account (non passing-case).</td>
            </tr>
            <tr>
              <td style="text-align:center">55317817 </td>
              <td style="padding: 10px">This user did not subscribe to our online service for corporates allowing to consult transactions (non passing-case)</td>
            </tr>
          </tbody>
        </table>
        </br>
        </td>
      </tr>
      <tr>
        <td style="text-align:center">PSU Identification / Authentication</td>
        <td style="padding: 10px">- The PSU identification / authentication is needed at the first step of the PSU sandbox AISP Journey. The password is '785149' for all the users.
        </td>
      </tr>
    </tbody>
  </table>

The API is designed on a REST model using JSON structures. The Richardson Maturity Model is applied on level three using HAL HYPERMEDIA links