➤ Functional Limits

Limits of this API version   

• Apply only to active and eligible online accessible payment accounts in euro currrency (the determining criterion for the purposes of that categorisation lies in the ability to perform daily payment transactions from such an account managed by the central backend IT system, source of data sent back thru APIs)

• Use AISP-mix model (PUT /consents method is mandatory for sending customer consent to ASPSP)

• Use only authentication with redirect mode (Strong Customer Authentication required and handled by the bank which IS NOT an obstacle according to French national competent authority 

Note : TPP are not allowed to send to ASPSP the PSU credentials, and only ASPSP SCA redirect screens can be used (no embeding process as clarified by European Banking Authority based on articles PSD2 #95.5 & RTS #31)

• Access to the list of trusted beneficiaries using GET /trustedBeneficiaries is NOT available (feature not implemented in Banque BCP online banking service)

• Access to customer account holder identity (first name and last name) is NOT available

• Transaction history data depth is aligned on online banking services (62-day period max for retail customers & small professionals/entrepreneurs segments, 90-day period max for large professionals & corporates, limited to 500 operations, no paginations managed by the API in both cases)

• "aisp extended_transaction_history" mode is NOT supported

• Access to payment account is done only using IBAN as main parameter

• There are no rate limits if the PSU-IP-ADDRESS is supplied, otherwise limited to 4 calls (see PSD2 regulations) :

  • per calendar day (00h00 - 23h59:59:999)
  • per TPP OID
  • per ASPSP end point
  • per PSU ID
  • per IBAN
  • per API AIS method (/!\   /transactions method  with or without dateFrom / dateTo parameters is considered as one method)

• The optional STET data "entryReference" applies only to PART & PRO/EI customer segments (see the functional perimeter in use case "Get transactions history")

Note : as this data is issued on the spot via API, the search using "entryReferenceFrom" and/or "entryReferenceTo" parameters is NOT supported

Limits related to eligible payment accounts

Apply to the following customer segments : 

• Retail customer who subscrided direct access "BCP Net" online banking. In this case, the payment account starting with 04 is called a “deposit account”, and includes joint account, as well as attached minor to the account family

Note 1 : the legal guardian or representative using Web Protexion solution (for managing persons under tutorship / curatorship) is not supported 

Note 2 : a retail customer is a "physical individual" having the legal status of "capable adult". He/she may have small professionals activities using legal status "individual entrepreneur", and is considered as a retail customer

• Professionals & corporates (using direct access "BCP Net PRO" online banking and an account starting with 08 with electronic funds transfers and direct debit s activated) have the status of "legal entity". In this case, the payment account is called "current account"

Limits related to SCA means compliant with this API

• Retail PSU equiped with password + SMS OTP and/or CAP reader and/or Secur'pass

• Professional PSU equiped with password + SMS OTP and/or CAP reader and/or Secur'pass

• Corporate PSU equiped with password + SMS OTP and/or CAP reader and/or physical token TurboSign

Note : if the PSU is only equiped with a physical token, this SCA mean can't be used on his/her mobile/smartphone

 ➤ From test to live data

According to PDS2 regulation, the data set available thru this dev portal, Try-it mode and sandbox are based on fictive data (or non-real ones).These data are described in the use case "Test our API".

In order to access to live data, please use first our API Register (see the product data sheet www.api.89c3.com/en/component/bpceportal/products/543/usecases/533).

Note : a weekly slot is reserved for a programmed maintenance (all IT infrastructure incl'd backends and API gateways) Monday morning from midnight to 06:00 am, and could generate some perturbations during this period (same for some banking batch processes initiated at the beginning or at the end of the day/month/quarter/year).

For live operations, the parameter "bankcode" allows to send API requests to the right ASPSP backend thru a dedicated « endpoint » www.<bkcode>.live.api.89c3.com(or www.<bkcode>.live.api.banquebcp.fr aligned on direct access domain name www.banquebcp.fr). Once chosen, this entry point shall also be used for all subsequent requests.