➤ Functional limits  

General limits 

• Apply only to authorized and eligible payment accounts (the determining criterion for the purposes of that categorisation lies in the ability to perform daily payment transactions from such accounts) that are accessible online (cf. PSD2 Directive text)

• Use the authentication with redirect reinforced mode only (Strong Customer Authentication required and handled by the bank, which IS NOT an obstacle according to french national competent authority) & call for o-confirmation method

Note : TPP are not allowed to send to ASPSP the PSU credentials, and only ASPSP SCA redirect screens can be used (no embeding process as clarified by European Banking Authority based on articles PSD2 #95.5 & RTS #31)

• Manage only single payment initiation requests in euro currency either in
  • SCT CORE (immediate or differed or recurring) for all customer segments
    
  •  or Instant Payment for all customer segments

• The following methods are available
  • POST/paymentRequest
  •  POST/paymentRequest/{paymentRequestResourceId}/o-confirmation)
  •  GET/paymentRequest and PUT/paymentRequest (only for differed PIPS) are the only ones available

• Field "chargeBearer" is mandatory as of POST /payment-requests method and must be valued to "SLEV"

• Field "categoryPurpose" is mandatory as of POST /payment-requests method

• Field "creditorAccount" is mandatory as of POST /payment-requests method

• Field "successfulReportUrl" is mandatory as of POST /payment-requests method 

• If debtor account is included in PIS request, the PSU UX is reduced to one SCA (no SCA exemptions apply)
  
  
• Cancellation of PIS operations can be made thru the API (before the same dead line applied for online banking environment)
  

• Creditor BIC is mandated 

• If no PSU actions is performed during 04 mns on redirect screens (or 30 mns overall), the PSU will be considered as disconnected and no redirection will be provided back to the TPP 

Customer segments limitations

• PART segment is retail segment (adult customer)

• PRO segment gathers small companies

• ENT segment gathers medium to large corporations

Payment account limitations

• Payment accounts are those available through the online banking 

• Some business rules can apply and may limit fund tranfer operations (anti-fraud rules, ...)

SCA limitations

• retail PSU : password + OTP SMS and/or CAP reader and/or soft token Sécur'Pass

• professionals : hard token certificate and/or soft tokenSécur'Pass and/or password + CAP reader and/or password + OTP SMS 

Note : CASH PISP operations will be rejected if the PSU is not using Secur'Pass SCA and if the creditor IBAN is not registred by the PSU in his direct access.

➤ Access to live data   

According to PDS2 regulation, the data set available thru this dev portal, Try-it mode and sandbox are based on fictive data (or non-real ones). These data are described in the use case "Test our API".

In order to access to live data, please use first our API Register (see the product data sheet www.api.89c3.com/en/component/bpceportal/products/543/usecases/533).

Please note that a weekly slot is reserved for a programmed maintenance (all IT infrastructure incl'd backends and API gateways) Sunday morning from 02:00 to 06:00 am, and could generate some perturbations during this period. 

For live operations, the parameter "bankcode" allows TPP to send API requests to the right ASPSP backend thru a dedicated « endpoint » www.<bankcode>.live.api.89c3.com (or www.40978.live.api.palatine.fr aligned on direct access domain name www.palatine.fr). Once chosen, this entry point shall also be used for all subsequent requests.