1. Register in the API Portal → Register

2. Complete the registration form and accept the regulation

Important informartions:

a. Username = login to the application

b. The organization name is created automatically from the combination of Username+"_org

3. After approval by the Bank's employee, an e-mail will be sent. Complete the registration by selecting the activation link from the message sent

4. After entering the login and password correctly, you will be redirected to the "Control Panel". Then create an application by selecting "Add Applications”

5. Complete the application adding form:

Required parameters:

"App info" tab

• Application name
• Platform - the value from the field is not used - free choice

Tab "Additional Info":

TPPID - the value must be correct, according to your certificate. It must match the value of the "Entity 2.5.4.97" field in the eIDAS certificate (qualified certificate meeting the conditions set out in Article 34 of the RTS PSD2), for the self-signed certificate provided by Bank BNP Paribas for the purposes of SandBox environment tests, it is: sandboxPremiumApi

Tab "API management"

at this step, You indicate Premium API services grouped under the common name PremiumAPI 1_1.2 and accept the regulations of selected services.

6. After approval by the Bank's employee, an e-mail confirming access will be sent

7. After logging in again and selecting the "Applications" option, the following parameter will be automatically assigned: client_id = API KEY, which you will provide in the request. example: l7xxc972f2fa9ef2427ea4b54c15a554f3b0

Full technical documentation is available in the form of Swagger

2. How to log in to the authorization blank?

After connecting to the authorization blank, the login screen is skipped and the scope of consent is presented for approval

3. How to log in to the sandbox as part of a client from the corporate segment?

Premium services do not work within the corporate segment

4. Whether the JWS signature is validated in the sandbox environment?

Yes. In the scope of JWS, we use the detached format (RFC 7515 standard), so in X-JWS-SIGNATURE You should specify:

• Base64URLencode(JWSHeader) + ".." + Base64URLencode(sign(Base64URLEncode(JWSHeader) + "." + Base64URLencode(payload)))
• The signed payload and the payload from the query cannot differ even at the whitespace level, i.e. spaces, tab, CR, LF

5.  How do You access the API production environment?

In order to receive access to the API Premium Production environment, please contact us by e-mail: open-banking@bnpparibas.pl

6. Is it possible to enter more redirect_uri addresses?

In the Portal's API (Applications -> Edit ->) it is possible to enter several redirect addresses separated by a space or a comma (both forms are correct).

7. Is prior access to PSD2 services required to call Premium API services?

In order to facilitate implementation on the TPP side, API Premium was created on the basis of the PSD2 process and services, but they work independently.

8. Is the exchangeToken or refreshToken method supported?

No, the only allowable value is grant_type=authorization_code. Consents for Premium services are only one-time (scopeUsageLimit=single) and only in the presence of the PSU (isDirectPsu=true) and are valid for 24 hours. In the Production environment, each service initiation requires a separate user consent. You must log in (according to the method of logging in to the online banking system set by him), in order to then be able to read the content and authorize Premium's consent to the transfer of data (also by the method set in the online banking system).