BGL BNP PARIBAS

BGL BNP Paribas XS2A (STET)

Version:  1.1413.037.004
State:  Prototyped
Environment: Sandbox
Base URI: https://bglllull-psd2api-sbx.luxhub.com/stet/v1
Authorization Endpoint: https://bglllull-cb-sbx.luxhub.com/api/oauth/authorize
Token Endpoint: https://bglllull-psd2api-sbx.luxhub.com/api/oauth/token
Categories: PSD2
Passport :

Payment Initiation Services (PIS)

The APIs we are exposing for PISP - as for AISP - use the OAuth2 for authorization. The PSU identification, authentication and the signing of payment requests is based on the Strong Customer Authentication (SCA) and it is done in the realm of the bank.

Depending on the bank you would like to integrate with, you have to implement Berlin Group or STET PSD2 API specification.

Below we will show you an example of both types for a simple Payment Initiation Request. For Berlin Group standard, the payment initiation endpoints are separated according to the type of payment product and payment service. As well, additional flows are supported for this standard, namely multiple SCA and signing baskets. These specifics flows are currently out of scope of the present document, but are fully supported by LUXHUB platform. Please refer Berlin Group PSD2 API official documentation for support in this direction.

STET

Below diagram shows the requests to be performed in the case of an API which uses STET specification for Payment Initiation.
The requests shown in yellow are explained in detail below.

 

1. To start, you have to get an access token based on your OAuth2.0 credentials.
  • example request:

    curl \
         -H 'Authorization: Basic ' \
         -H 'Content-Type : application/x-www-form-urlencoded' \
         -d 'grant_type=client_credentials&scope=pisp' \
         -X POST 'https://<Token Endpoint>' \
         --cert QWAC-cert.pem --key QWAC-key.pem​

 

2. Then you have to create a payment resource
  • example request:

    curl -i \
         -H 'Signature: ' \
         -H 'Authorization: Bearer ' \
         -H 'X-Request-ID: 12345678-1234-1234-1234-1234567890ab' \
         -H 'Content-Type: application/json' \
         -d '{"paymentInformationId":"0f49608cd17a49048cc808dfa1047572", "creationDateTime":"2019-01-18T17:07:43.455Z", "numberOfTransactions":1, "initiatingParty":{ "name":"AwesomeTPP","postalAddress":{"country":"LU","addressLine":[null,null]}, "organisationId":{"identification":"12LU5","schemeName":"COID","issuer":"ACPR"} }, "paymentTypeInformation":{"serviceLevel":"SEPA","localInstrument":"INST","categoryPurpose":"DVPM"}, "debtor":{"name":"John Smith"}, "debtorAccount":{"iban":"YY64COJH41059545330222956960771321"}, "ultimateCreditor":{ "name":"myMerchant","postalAddress":{"country":"FR","addressLine":["18 rue de la DSP2","75008 PARIS"]}, "organisationId":{"identification":"852126789","schemeName":"SIREN","issuer":"FR"},"privateId":null }, "paymentInformationStatus":"RCVD","creditTransferTransaction": [{ "paymentId":{"instructionId":"01ab09d3e59e4e2a95ddb83e4d7a0dbe","endToEndId":"5f429404c96843e2a791cd8a5150b6a0"}, "instructedAmount":{"currency":"EUR","amount":"1"}, "remittanceInformation":["Fake remittance information."] }], "supplementaryData":{"acceptedAuthenticationApproach":["REDIRECT"] }}' \
         -X POST 'https://<Base URI>/payment-requests' \
         --cert QWAC-cert.pem --key QWAC-key.pem​

 

3. You have to authorize (and authenticate) the PSU. After calling this URL, the PSU will be redirected to SCA of the chosen bank.
  • example request:

    curl \
         -X GET 'https://<Authorization Endpoint>?response_type=code&scope=pisp&client_id=<client_id>&redirect_uri=http%3A%2F%2F127.0.0.1%3A9003%2Fredirect_payment&state=12345678-1234-1234-1234-1234567890ab&resource= &code_challenge=<code_challenge_pkcs>&code_challenge_method=S256

 

4. Once the PSU has performed SCA for payment authorization, he will be redirected to your redirect URL. The following request has to be served by your application.
  • example request:

    curl\
         -X GET 'http://127.0.0.1:9003/redirect?code=<authorization_code>'​

 

5. Once you have received the authorization code, you can ask for access and refresh tokens.
  • example request:

    curl \
         -H 'Authorization: Basic ' \
         -H 'Content-Type : application/x-www-form-urlencoded' \
         -d 'grant_type=authorization_code&redirect_uri=http%3A%2F%2F127.0.0.1%3A9003%2Fredirect_payment&code=<authorization_code>&scope=pisp' \
         -X POST 'https://<Token Endpoint>' \
         --cert QWAC-cert.pem --key QWAC-key.pem​

 

6. Finally, you can retrieve the status of your payment initiation
  • example request:

    curl \
         -H 'Signature: ' \
         -H 'Authorization: Bearer ' \
         -H 'Content-Type : application/json' \
         -H 'X-Request-ID: 123456-1234-1234-1234567890ab' \
         -X GET 'https://<Base URI>/payment-requests/ ' \
         --cert QWAC-cert.pem --key QWAC-key.pem​

 

 

This website uses cookies. By continuing to use our website, you accept the use of these cookies.