Restrictions

Funtional limitations :

The limitations of this PSD2 API in the version 1.0 are as follows:

• Apply only to authorized and eligible payment accounts (the determining criterion for the purposes of that categorisation lies in the ability to perform daily payment transactions from such accounts) that are accessible online (cf. PSD2 Directive text) for retail banking customers (PART). The following segments are NOT included : professionals, corporates and associations, legal guardians

• Use the authentication with redirect mode only (Strong Customer Authentication required and handled by the bank), which IS NOT an obstacle according to French national competent authority

Note : TPP are not allowed to send to ASPSP the PSU credentials, and only ASPSP SCA redirect screens can be used (no embeding process as clarified by European Banking Authority based on articles PSD2 #95.5 & RTS #31)

• Manage only single payment initiation requests in euro currency either in SCT CORE (immediate or differed) or Instant Payment

• The methods POST/paymentRequest (except POST/paymentRequest/{paymentRequestResourceId}/confirmation), GET/paymentRequest and PUT/paymentRequest (only for differed PIPS) are the only ones available

• Field "chargeBearer" is mandatory as of POST /payment-requests method and must be valued to "SLEV" 

• Field "categoryPurpose" is mandatory as of POST /payment-requests method

• Field "creditorAccount" is mandatory as of POST /payment-requests method 

• Field "successfulReportUrl" is mandatory as of POST /payment-requests method 

• Cancellation of PISP operations is available thru the API, or can be made by the PSU through his/her direct access

• Different PIS requests having the identical parameters as an already executed one (same date, same debtor & creditor IBAN, same amount, ...) will be rejected (same feature as direct access)

• If the PSU doesn't perform any action during 04 mns on redirect screens (or 30 mns overall), the PSU will be considered as disconnected and no redirection will be provided back to the TPP

Limitations linked to SCA :

• retail PSU : password + OTP SMS and/or CAP reader and/or soft token Sécur'Pass 

Note 1 : no SCA exemptions apply

Note 2 : PIS requests with "CASH" categoryPurpose will be rejected IF PSU SCA is not performed using Sécur'Pass (or the physical token for PRO & ENT) AND if the creditor IBAN is not registered before (> 72 hours) by PSU using direct access / online banking

From test to live data :

According to PDS2 regulation, the data set available thru this dev portal, Try-it mode and sandbox are based on fictive data (or non-real ones).These data are described in the use case "Test our API".

In order to access to live data, please use first our API Register (see the product data sheet www.api.89c3.com/en/component/bpceportal/products/543/usecases/533).

Please note that a weekly slot is reserved for a programmed maintenance (all IT infrastructure incl'd backends and API gateways) from Sunday midnight to Monday morning 06:00 am), and could generate some perturbations during this period. 

For live operations, the parameter "bankcode" allows TPP to send API requests to the right ASPSP backend thru a dedicated « endpoint » www.<bankcode>.live.api.89c3.com (or www.<bankcode>.live.api.credit-cooperatif.coop aligned on direct access domain name www.credit-cooperatif.coop). Once chosen, this entry point shall also be used for all subsequent requests.