Common Request Headers
In order to successfully send API requests, TPPs must send a set of HTTP headers that allow the bank to check the request's validity. This includes signing the request with a qualified certificate.
Formulate the required headers for the BNP Paribas API in accordance with these formatting rules:
- Headers are case-insensitive
- Header fields must be separated by a colon
- Key-value pairs must be in clear-text string format
- Denote the end of the header section with an empty field header
For a general review of HTTP 1.1 header formatting, see https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html.
The headers listed in the following table marked "mandatory" are required. All others are optional.
| Header | Description/Purpose | POST Requests | GET Requests |
|---|---|---|---|
| request-timeout | Integer. Sets the number of elapsed seconds until the call is aborted with a DEADLINE_EXCEEDED exception due to no response received. | Optional | Optional |
| token-customer-last-logged-time | Time when the PSU last logged in with the TPP | Optional | Optional |
| token-customer-ip-address |
PSU's IP address if the PSU is currently logged in with the TPP.
If the customer IP address is supplied (recommended), it is inferred that the PSU is present during the session (i.e., the request is PSU-initiated; adding a "customer-initiated": "true" header makes this explicit). Ex: 172.16.254.1 |
Optional | Optional |
| token-customer-device-id | Obtained by the TPP from details in the user agent information of the PSU. Ex: 00000000-00000000-01234567-89ABCDEF |
Optional | Optional |
| token-customer-user-agent | Specifies the user agent for the PSU..
Format: Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefoxversion Ex: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0 Mozilla/5.0 (Macintosh; Intel Mac OS X x.y; rv:42.0) Gecko/20100101 Firefox/42.0 If the PSU is using the TPP's mobile app, make sure the mobile app user-agent string is different than browser-based user-agent strings |
Optional | Optional |
| token-json-error | Boolean. Converts the error response, if any, to JSON format. See Changing Error Responses to JSON Format. | Optional | Optional |