The Axepta BNP Paribas Online API is an online payment solution designed to facilitate the integration of secure payments on your e-commerce platform. This technical documentation provides all the necessary information to understand, configure, and use our API effectively.

Presentation of the API

Key Features

• RESTful Architecture: The API is based on REST principles, offering a predictable and easy-to-use interface.

• Enhanced Security: Compliance with PCI-DSS standards and secure communication via HTTPS (TLS 1.2 or higher).

• Comprehensive Documentation: Detailed technical documentation to facilitate integration.

Use Cases

• Online Payments: Real-time payment processing.

• Transaction Management: Consultation and management of past transactions.

Authentication

Authentication Methods

The API supports two authentication modes: BasicAuth and OAuth2.0

OAuth 2.0 :

Authentication must be performed using the OAuth-V2 protocol.

The access token returned by the Axepta platform is valid for 1 hour.

After this period, you must re-authenticate to obtain a valid token.

Generate a JSON Web Token (JWT) by authenticating with your API Key via the endpoint authorization/oauth/token.

The token_type and access_token data must be present in all server requests, in the http 'Authorization' header

{
  "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkZGQzlEM0JEQzY2Mjc3MUYwNzYxRUJDRTkwOTMyMDMyQjdGOTQ1NTQiLCJ4NXQiOiJfOG5UdmNaaWR4OEhZZXZPa0pNZ01yZjVSVlEiLCJ0eXAiOiJhdCtqd3QifQ.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo3MTIxLyIsImV4cCI6MTc0MDQ3NTUwNCwiaWF0IjoxNzQwNDcxOTA0LCJqdGkiOiJiZjU3YmUwMi05YThiLTQxYjctYjNjNi02NzlmMTcxNDU2ZjAiLCJzdWIiOiJDVF9Mb2dlZWNvbV90ZXN0IiwibmFtZSI6IkNUX0xvZ2VlY29tX3Rlc3QiLCJtYXJrZXRwbGFjZUlkIjoiQ1RfTG9nZWVjb21fdGVzdF9NYXJrZXRwbGFjZSIsIm1hcmtldHBsYWNlQWN0aXZlIjpmYWxzZSwib2lfcHJzdCI6IkNUX0xvZ2VlY29tX3Rlc3QiLCJjbGllbnRfaWQiOiJDVF9Mb2dlZWNvbV90ZXN0Iiwib2lfdGtuX2lkIjoiMjEwMWUxNTgtNzY0NC00OGU4LWIzNmYtYmZhNzczNWJmYjAyIn0.Xgtb81-GBPGnQ2tSJKXIlA38koRqlVa2oLhT902t-ICocWYD4_35bTAiPfU2A4HWwQpg1PZTrdf4riSoA_v_5bWSM-rdHAb-Y7fNwQTYAUYDxkcrw9qc5JcjwBGlOgXGTzJR2xyPDTq2sO4qAxo00lhCVjhEQR47yqOFta9rkcCmg1i6T6BxF7ZO6tBECfo7NSJ0wgN7G5_Unmd5MgWuG8V5VdvDxhXa1p_sBQdmy6nBCRi2d2bh1BOrz_uT5U2zngVBPzZBXv046j7971JXZbR20JFpkqwrULCGR6fy78NvkrHNC4U8ZDHmbejBbObMGCb_8pWMnaLhIg0A1k2x0Q",
  "token_type": "Bearer",
  "expires_in": 3600
}

Idempotency

Le serveur d'Axepta BNP Paribas Online est idempotent: il ne traite la même requête qu'une seule fois.
Si de multiples requêtes identiques sont reçues, la même réponse sera renvoyée sans générer une nouvelle opération coté serveur.
Cette fonctionnalité permet d'éviter les doublons en cas de répétition du message de paiement.

Pour les messages POST et PATCH,  l'idempotence est garantie par l'utilisation du header http 'Idempotency-Key'

Sa valeur doit être unique par requête http émise vers le serveur, et il est de la responsabilité du client de la générer.
Il est conseillé d'utiliser un uuid-v4 pour ce header http.

The Axepta BNP Paribas Online server is idempotent: it processes the same request only once.

If multiple identical requests are received, the same response will be returned without generating a new operation on the server side.

This feature helps avoid duplicates in case of payment message repetition.

For POST and PATCH messages, idempotence is ensured by using the HTTP header 'Idempotency-Key'.

Its value must be unique for each HTTP request sent to the server, and it is the client's responsibility to generate it.

It is recommended to use a uuid-v4 for this HTTP header.