Limits

Operational limitations

These are the operational limitations of this PSD2 API in the version 1.4.2 :

  • Only apply to active payment accounts that are accessible online (cf. PSD2 Directive texts) => only current accounts will be returned
  • Use the REDIRECT authentication  approach only (Strong Customer Authentication required and handled by the bank), which IS NOT an obstacle according to French national competent authority

Note : TPP are not allowed to send to ASPSP the PSU credentials, and only ASPSP SCA redirect screens can be used (no embeding process as clarified by European Banking Authority based on articles PSD2 #95.5 & RTS #31)

  • Implement the mixed AISP consent mode, but not the full AISP consent mode :
    • By default, when no consent has been transmitted, all accounts are available
    • But the accounts balances and transactions detail either the cards outstandings and slips are available only for the accounts the consent was given
  • The limit is up to 4 batch accesses per calendar day for every method of this API(see use cases of every method for more details), but there is no limit when the customer asks directly his accounts online
  • Access to the list of trusted beneficiaries is NOT available (feature not implemented in Banques Palatines online banking service)
  • "aisp extended_transaction_history" mode is NOT supported
  • Dont allow to get the customer trusted beneficiaries list : it doesnt exist for Banques Palatines (<=> a recorded beneficiary and validated by strong authentication and no strong authentication is needed after for a payment validation and for this beneficiary)
  • Only the GET /accounts, PUT /consents, GET /balancesGET /transactions and GET /endUserIdentity methods are available  
  • Return data only for active delayed cards which have been used at least once in the past two months

Limitations related to customer segments:

  • The individual (IND) is a natural person categorized as a "capable adult". The IND can also have activities within the framework of a sole proprietorship (SP) = a company managed by a single person, and which has no legal personality, although it is registered in the directory of trades or in the Register of Commerce and Companies (RCC). Examples: craftsman or liberal profession. In this case, the SP is considered a IND
  • The categories "professional" (PRO) and "company" (COMP) cover legal persons.

Limitations related to the types of accounts accessible:

  • The accounts accessible via the AISP API are those available on remote banking, namely:
    • capable major
    • joint account Mr and Mrs
    • joint account Mrs and Mr
    • freelance
    • enrtreprise
    • attached minor
    • emancipated minor 
  • As the following account is not accessible on remote banking, it is not via the AISP API either
    • adult under guardianship

Limitations related to strong authentication means depending on the customer segment :

  • Classic customer (CLA): equipment with SMS OTP and / or Sécur'pass. Secur'pass is triggered as a priority if necessary
  • Professional customer (PRO): equipment with SMS OTP and / or Sécur'pass. Secur'pass is triggered as a priority if necessary
  • Business customer (BUS): equipment with OTP SMS

The table below summarizes the limitations by method for this API (the field names are given in italics):

Retrieval of the list of accounts and delayed debit cards ("GET /accounts" method):

Retrieval of an account balances report and a delayed debit card outstandings report ( "GET /accounts/balances" method) :

Retrieval of an account transactions set and a delayed debit card slips set("GET /accounts/transactions" method) :
  • In euros only                         [currency]
  • IBAN or encrypted PAN               [iban]   
  • Accounting balance                 [balanceType]         "CLBD"                  
  • Value date balance                  [balanceType]         "VALU"                  
  • Instant balance                            [balanceType]         "OTHR"
  • IBAN or encrypted PAN          [iban]
  • Up to 90 days maximum
  • IBAN or encrypted PAN          [iban]

Pagination of the displayed results :

Two parameters are proposed to customize the pagination of the displayed results :

  • the first one is the number of accounts/cards per page when calling get/accounts request. The default value is set to 5.
  • the second one is the number of transactions per page when calling a get/account/{}/transactions request. The default value is set to 15.

      

From test to live data :

According to PDS2 regulation, the data set available thru this dev portal, Try-it mode and sandbox are based on fictive data (or non-real ones).These data are described in the use case "Test our API".

In order to access to live data, please use first our API Register (see the product data sheet www.api.89c3.com/en/component/bpceportal/products/543/usecases/533).

Note : a weekly slot is reserved for a programmed maintenance (all IT infrastructure incl'd backends and API gateways) Sunday morning from midnight to 06:00 am, and could generate some perturbations during this period (same for some banking batch processes initiated at the beginning or at the end of the day/month/quarter/year).

 

As in test mode, the institution code (see the list of accessible banking institutions below) will allow you to address the correct customer repository via an "endpoint" in the format : www.40978.live.api.89c3.com(or www.40978.live.api.palatine.fr aligned on direct access domain name www.palatine.fr). Once chosen, this entry point shall also be used for all subsequent requests.

Bank code Bank name Bank short name Available for tryIt and sandbox Available for live operations
40978 Banque Palatine   PAL

-

YES