Restrictions

Functional limitations :

The limitations of this PSD2 API in the version 1.0 are as follows:

• Apply only to authorized and eligible payment accounts (the determining criterion for the purposes of that categorisation lies in the ability to perform daily payment transactions from such accounts) that are accessible online (cf. PSD2 Directive text) for retail banking customers (PART) & small professionnals (PRO). The following segments are NOT included :
  • large professionals, corporates and associations using CE Net direct acess interface
  • legal guardians using WebProtexion direct acess interface 

• Use the authentication with redirect mode only (Strong Customer Authentication required and handled by the bank), which IS NOT an obstacle according to French national competent authority

Note : TPP are not allowed to send to ASPSP the PSU credentials, and only ASPSP SCA redirect screens can be used (no embeding process as clarified by European Banking Authority based on articles PSD2 #95.5 & RTS #31)

• Manage only single payment initiation requests in euro currency either in
  • SCT CORE (immediate or difffered) 
  • or Instant Payment (not available for Caisse d'Epargne Ile de France and Caisse d'Epargne Auvergne Limousin) 

• The methods POST/paymentRequest (except POST/paymentRequest/{paymentRequestResourceId}/confirmation), GET/paymentRequest and PUT/paymentRequest (only for differed PIPS) are the only ones available 

• Field "chargeBearer" is mandatory as of POST /payment-requests method and must be valued to "SLEV" 

• Field "categoryPurpose" is mandatory as of POST /payment-requests method

• Field "creditorAccount" is mandatory as of POST /payment-requests method

• Field "successfulReportUrl" is mandatory as of POST /payment-requests method

• Cancellation of PISP operations can be made thru the API or by the PSU through his/her direct access

• Different PIS requests having the identical parameters as an already executed one (same date, same debtor & creditor IBAN, same amount, ...) will be rejected (same feature as direct access)

• If the PSU doesn't perform any action during 04 mns during on redirect screens (or 30 mns overall), the PSU will be considered as disconnected and no redirection will be provided back to the TPP

 Limitations linked to SCA :

• retail PSU : password + OTP SMS and/or CAP reader and/or soft token Sécur'Pass

• small professionals : password + OTP SMS and/or CAP reader

Note 1 : no SCA exemptions apply

Note 2 : PIS requests with "CASH" categoryPurpose will be rejected IF PSU SCA is not performed using Sécur'Pass AND if the creditor IBAN is not registered before (> 72 hours) by PSU using direct access / online banking

From test to live data :

According to PDS2 regulation, the data set available thru this dev portal, Try-it mode and sandbox are based on fictive data (or non-real ones).These data are described in the use case "Test our API".

In order to access to live data, please use first our API Register (see the product data sheet www.api.89c3.com/en/component/bpceportal/products/543/usecases/533).

Please note that a weekly slot is reserved for a programmed maintenance (all IT infrastructure incl'd backends and API gateways) Monday morning from 02:00am to 06:00 am), and could generate some perturbations during this period . 

For live operations, the parameter "bankcode" allows TPP to send API requests to the right ASPSP backend thru a dedicated « endpoint » www.<bankcode>.live.api.89c3.com (or www.<bankcode>.live.api.caisse-epargne.fr aligned on direct access domain name www.caisse-epargne.fr). Once chosen, this entry point shall also be used for all subsequent requests.