The Axepta BNP Paribas Online API is an online payment solution designed to facilitate the integration of secure payments on your e-commerce platform. This technical documentation provides all the necessary information to understand, configure, and use our API effectively.


The technical documentation for our API is available here: https://axeptabnpparibas-docs.redocly.app/


Presentation of the API

Key Features

  • RESTful Architecture: The API is based on REST principles, offering a predictable and easy-to-use interface.

  • Enhanced Security: Compliance with PCI-DSS standards and secure communication via HTTPS (TLS 1.2 or higher).

  • Comprehensive Documentation: Detailed technical documentation to facilitate integration.

Use Cases

  • Online Payments: Real-time payment processing.

  • Transaction Management: Consultation and management of past transactions.


Authentication

Authentication Methods

The API supports two authentication modes: BasicAuth and OAuth2.0

We recommend using OAuth 2.0 authentication.

OAuth 2.0 :

Authentication must be performed using the OAuth-V2 protocol.

The access token returned by the Axepta platform is valid for 1 hour.

After this period, you must re-authenticate to obtain a valid token.

Generate a JSON Web Token (JWT) by authenticating with your API Key via the endpoint authorization/oauth/token.

The token_type and access_token data must be present in all server requests, in theĀ http 'Authorization' header

{
  "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkZGQzlEM0JEQzY2Mjc3MUYwNzYxRUJDRTkwOTMyMDMyQjdGOTQ1NTQiLCJ4NXQiOiJfOG5UdmNaaWR4OEhZZXZPa0pNZ01yZjVSVlEiLCJ0eXAiOiJhdCtqd3QifQ.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo3MTIxLyIsImV4cCI6MTc0MDQ3NTUwNCwiaWF0IjoxNzQwNDcxOTA0LCJqdGkiOiJiZjU3YmUwMi05YThiLTQxYjctYjNjNi02NzlmMTcxNDU2ZjAiLCJzdWIiOiJDVF9Mb2dlZWNvbV90ZXN0IiwibmFtZSI6IkNUX0xvZ2VlY29tX3Rlc3QiLCJtYXJrZXRwbGFjZUlkIjoiQ1RfTG9nZWVjb21fdGVzdF9NYXJrZXRwbGFjZSIsIm1hcmtldHBsYWNlQWN0aXZlIjpmYWxzZSwib2lfcHJzdCI6IkNUX0xvZ2VlY29tX3Rlc3QiLCJjbGllbnRfaWQiOiJDVF9Mb2dlZWNvbV90ZXN0Iiwib2lfdGtuX2lkIjoiMjEwMWUxNTgtNzY0NC00OGU4LWIzNmYtYmZhNzczNWJmYjAyIn0.Xgtb81-GBPGnQ2tSJKXIlA38koRqlVa2oLhT902t-ICocWYD4_35bTAiPfU2A4HWwQpg1PZTrdf4riSoA_v_5bWSM-rdHAb-Y7fNwQTYAUYDxkcrw9qc5JcjwBGlOgXGTzJR2xyPDTq2sO4qAxo00lhCVjhEQR47yqOFta9rkcCmg1i6T6BxF7ZO6tBECfo7NSJ0wgN7G5_Unmd5MgWuG8V5VdvDxhXa1p_sBQdmy6nBCRi2d2bh1BOrz_uT5U2zngVBPzZBXv046j7971JXZbR20JFpkqwrULCGR6fy78NvkrHNC4U8ZDHmbejBbObMGCb_8pWMnaLhIg0A1k2x0Q",
  "token_type": "Bearer",
  "expires_in": 3600
}



Idempotency

The Axepta BNP Paribas Online server is idempotent: it processes the same request only once.

If multiple identical requests are received, the same response will be returned without generating a new operation on the server side.

This feature helps avoid duplicates in case of payment message repetition.

For POST and PATCH messages, idempotence is ensured by using the HTTP header 'Idempotency-Key'.

Its value must be unique for each HTTP request sent to the server, and it is the client's responsibility to generate it.

It is recommended to use a uuid-v4 for this HTTP header.