Limits

ligne89C3

Functional limits

The limits of this PSD2 API are :

  • Apply only to active and eligible online accessible payment accounts in euro currency (the determining criterion for the purposes of that categorisation lies in the ability to perform daily payment transactions from such accounts managed by the central backend IT system, source of all data sent back thru APIs)
  • Apply to the following customers segments (excl'd Attorney for tutorship) :
    • retail customers who subscribed "BanqueBCP" online banking services
    • professionals who suscribed "BanqueBCP" online banking services
    • corporates who suscribed "BanqueBCP" online banking services
  • Use AISP-mix model (the method PUT /consents is mandatory for sending customer consent to ASPSP 
  • Use only authentication with redirect mode (Strong Customer Authentication required and handled by the bank which IS NOT an obstacle according to French national competent authority 

Note : TPP are not allowed to send to ASPSP the PSU credentials, and only ASPSP SCA redirect screens can be used (no embeding process as clarified by European Banking Authority based on articles PSD2 #95.5 & RTS #31)

  • Access to the list of trusted beneficiaries using GET /trustedBeneficiaries is NOT available (feature not implemented in online banking service)
  • Access to PSU nor account holder identity (first name and last name using GET /end-user-identity) is NOT available
  • Transaction history data depth is aligned on online banking services (62-day period max for retail cutomers & small professionals/entrepreneurs segments, 90-day period max for large professionals & corporates, limited to 500 operations, no paginations managed by the API in both cases)
  • "aisp extended_transaction_history" mode is NOT supported
  • Access to payment account is done only using IBAN as main parameter

  • There are no rate limits if the PSU-IP-ADDRESS is supplied, otherwise limited to 4 calls (see PSD2 regulations) :

    • per calendar day (00h00 - 23h59:59:999)
    • per TPP OID
    • per ASPSP end point
    • per PSU ID
    • per IBAN
    • per API AIS method (/!\   /transactions method  with or without dateFrom / dateTo parameters is considered as one method)
  • The optional STET data "entryReference" applies only to PART & PRO/EI customer segments (see the functional perimeter in use case "Get transactions history").
    •  NB : as this data is issued on the spot via API, the search using "afterEntryReference" parameter is NOT supported

 

Limits related to the types of eligible payment accounts

  • Retail customer who subscrided direct access "BCP Net" online banking. In this case, the payment account starting with 04 is called a “deposit account”, and includes joint account, as well as attached minor to the account family.

Note 1 : the legal guardian or representative using Web Protexion solution (for managing persons under tutorship / curatorship) is not supported

Note 2 : a retail customer is a "physical individual" having the legal status of "capable adult". He/she may have small professionals activities using the legal status "individual entrepreneur", and is considered as a retail customer 

  • Large professional & corporate using direct access "BCP Net" online banking (and an account starting with 08 with electronic funds tranfers and electronic debits activated) have the status of "legal entity". In this case, the payment account is called "current account".

 

 

Limits linked to SCA means compliant with the API 

  • Retail PSU equiped with password + OTP SMS and/or CAP reader and/or soft token Sécur'Pass
  • Professionals PSU equiped with equiped with password + OTP SMS and/or CAP reader and/or physical token TurboSign

  Note : if the PSU is only equiped with a physical token, this SCA mean can't be used on his/her mobile/smartphone

 

From test to live data :

According to PDS2 regulation, the data set available thru this dev portal, Try-it mode and sandbox are based on fictive data (or non-real ones).These data are described in the use case "Test our API".

In order to access to live data, you will need to request for a GO Live thru the 89C3 API portal (or by using the self-enrolment API REGISTER) after testing your app using Try-it and Sandbox environments as described below : 

étapes test sandbox6 UK

Refer to Art. 30 (5). Account servicing payment service providers shall make available a testing facility, including support, for connection and functional testing to enable authorised payment initiation service providers, payment service providers issuing card-based payment instruments and account information service providers, or payment service providers that have applied for the relevant authorisation, to test their software and applications used for offering a payment service to users.

Please note that a weekly slot is reserved for a programmed maintenance (all IT infrastructure incl'd backends and API gateways) from Sunday midnight to Monday morning 06:00 am), and could generate some perturbations during this period. 

For live operations, the bank code allows TPP to send API requests to the right ASPSP backend thru a dedicated « endpoint » www.<bkcode>.live.api.89c3.com (or www.<bkcode>.live.api.banquebcp.fr aligned on direct access domain name www.banquebcp.fr). Once chosen, this entry point shall also be used for all subsequent requests.

Bank code

Bank name

 Bank short name

12579

Banque BCP

BBCP