The French version of these documents is available here.
This website, called the Arkéa Developer Portal, was created by Crédit Mutuel Arkéa (“Arkéa”), a variable credit cooperative and insurance brokerage with limited liability, Collective authorization No. 323, business registration number 775 577 018 (Brest Trade and Companies Register), located at 1, Rue Louis Lichou, 29480 Le Relecq-Kerhuon, France.
This website is designed to allow external users to access a Sandbox, APIs and, if available, the documentation that Arkéa has made available to them.
This website is also subject to a general legal notice which is available here.
By using the Portal, the User accepts to respect any indicated order, documentation, instruction or software requirement.
API : Interface or technical solution developed by Arkéa allowing the User to access services or contents.
User : A person representing a legal entity who has created an account on the Developer Portal.
Developer Portal : Website created by Arkéa which allows the User to access APIs and, if available, their documentation.
Sandbox : Test environment that allows the User to use testing data in order to test the implementation of the functions offered by the APIs.
Account creation and access to the Portal
Access to the APIs and to the Sandbox requires the creation of an account on the Portal.
Each User can create only one account.
Users make sure that the information they provide during the registration process is correct and in case of evolution, they agree to update this information without delay as long as they have an account.
If the information indicated by the User happens to be incorrect, Arkéa will have the right to temporarily or permanently suspend the functions allowed by the account.
When creating an account, the User will have to choose a username and a password. The User will have to ensure that those authentication elements are secure.
It is the responsibility of the User to take any reasonable measure in order to maintain the confidentiality of his identification elements.
In case of use by a third party of the identification elements of the User, the User has to inform Arkéa as soon as possible by email.
The User remains responsible of the acts realized by third parties using his authentication elements until Arkéa has been made aware of an unlawful use.
The contents of the Portal are governed by regulations regarding intellectual property. Except if otherwise indicated, Arkéa owns all the rights on the content of the Portal, this includes, without limitation, the Sandbox, the APIs, the documentation and the software.
Once the User has created an account, the User will be granted a limited, temporary, revocable, non-transferable, non-exclusive license that cannot be sublicensed.
The license will open access to the documentation, the Sandbox, and the APIs if the User meets the requirements that are applicable to them.
The user warrants that he holds all the intellectual property rights to everything he creates on or uploads to the Portal and that those items do not infringe on any third party’s intellectual property rights. Arkéa disclaims any liability for what the User creates on or uploads to the Portal.
Regarding those elements, the User guarantees Arkéa against any action, complaint, claim or opposition from any person who invokes an intellectual or industrial property right. In such case, compensation costs of any kind incurred by Arkéa (including but not limited to attorney’s fees) as well as damages and interests against Arkéa will be borne by the User.
The User will own all the intellectual property rights on any application he creates on the Sandbox. However, he will grant Arkéa a limited, royalty-free, non-exclusive right to use such applications on the Portal.
If Arkéa creates an application that has the same functions as an application created by the User, Arkéa will not have any obligation towards him.
By using the Portal, the User accepts to respect Arkéa’s intellectual property rights including but not limited to its name, brands, logos, signs, drawings or any other distinctive sign used by Arkéa.
The use by the User of the trademark, the copyrights, the logo or any other intellectual property or business secret of Arkéa is not allowed, unless a previous and explicit consent was given by Arkéa. Any use without express consent given by Arkéa of any of those elements will constitute an infringement of Arkéa’s intellectual property and expose the User to penalties.
If the User chooses to transmit information to Arkéa through feedback, comments, or suggestions on the Portal, the User will be granting their intellectual property rights to Arkéa in order to improve the Portal and its related services.
Any information for which the access requires the creation of an account is considered as confidential, regardless of it form.
If the User receives information that is considered confidential while using the Portal, the Sandbox, or the APIs, the User agrees not to disclose this information to any third party, in any form or for any reason, unless a legal provision requires him to do so.
The Portal may contain links towards external websites or applications. These websites or applications have not been analyzed by Arkéa. As a result, Arkéa denies any responsibility regarding the content of those websites or applications.
The User ;
- Agrees not to use the Sandbox, the APIs or their documentation in a way that would hurt the stability or the security of the Portal, or that would hinder the use of the Portal for other Users;
- Agrees not to use the Portal to collect information related to any other Users of the Portal;
- Will not act in any way that would, directly or indirectly, hurt Arkéa or any other User of the Portal;
- Will not use the Sandbox or the APIs in a way that would expose the Portal or Arkéa to security risks or to malwares;
Arkéa reserves the right to :
- Install security measures in order to maintain a better stability and security of the Portal, the Sandbox, and the APIs;
- Contact Users based on the information transmitted to Arkéa when the account was created or updated.
Considering the specificity of the computer networks, Arkéa will not be able to guarantee the access of the Users to the services of the Portal such as the Sandbox or the APIs.
As such, Arkéa can only be held to a best endeavors obligation.
If the User detects a malfunction of the Portal, the Sandbox, or the APIs, he is invited to alert Arkéa by any means.
The User will be liable for any directly or indirectly harmful consequences which are the consequence of omission, errors, faults, or failures that he may cause while using the Portal and its content.
Arkéa cannot guarantee that the Portal is error-free.
Except in case of gross or willful misconduct or negligence, Arkéa’s liability will not exceed a maximum annual amount of 10000 euros, all types of damages taken into account.
Arkéa will also not be liable in case of the occurrence of an event that is qualified as “force majeure” under French law, as defined in article 1218 of the French Civil Code and by the French courts.
The User can decide at any time to cease to use the services that require an account (such as the APIs and the Sandbox) by closing his account.
Arkéa reserves the right to terminate, for justified reasons, the access of the User to their account, to the Sandbox, or the APIs.
If the User does not inform Arkéa of a disagreement in this time limit, it will be considered as an acceptation of the modifications by the User.
If Arkéa does not immediately requests the application of one or more terms, this will not mean that Arkéa waivers any rights to do so in the future.
If Arkéa decides to subcontract parts of the Portal to a third party, the User will be bound to this third party in the same way that he is bound to Arkéa.
In case of conflict, the parties will agree to work together in order to find an out-of-court settlement.
If despite their efforts, the User and Arkéa do not find a solution to their conflict, the conflict will be submitted to the courts of Brest.
The term “PSD2 Regulation” refers to the Commission delegated regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication.
The term “PSD2-APIs” refers to the API interfaces that allow the User to offer account information services or payment initiation services as defined in the French Monetary and Financial code.
The term “USP” refers to the payment service user as defined in article 4 of the Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC.
As a reminder, the term “User” is used to talk about any physical person that represents a legal entity that has created an account on the Developer Portal.
Certificates and authorizations
The use of the PSD2-APIs requires the possession by the User of qualified certificates that are mentioned in the article 34 of the PSD2 Regulation.
In order to use the PSD2-APIs, the User will have to communicate those certificates to Arkéa as explained by the technical instructions in the PSD2-APIs and its documentation.
In order to access the PSD2-APIs, the User also needs to be authorized by his national competent authority in order to provide one or several payment services.
The authorization of the User defines which PSD2-APIs will be available to him.
If the User ceases to have the required authorization to deliver the mentioned payment services, the User will cease to use the relevant PSD2-APIs.
Strong customer authentication
In relation to the PSD2-APIs, some of the USPs actions will require the application of strong customer authentication as defined in the PSD2 Regulation.
The User ensures that he respects the strong customer authentication procedures implemented by Arkéa in their PSD2-APIs.
In case of unavailability of the PSD2-APIs, as defined in the PSD2 Regulation, the User will be able to continue to access the data covered by the PSD2-APIs through a fallback mechanism.
The different PSD2-APIs
The User that fills the required conditions may use one or several of the following PSD2-APIs in accordance with their documentation.
- The account information API
This API allows account information payment service providers to ask and receive information from Arkéa relating to one or several payment accounts, as well as their associated payment transactions, through a secure channel.
Except otherwise agreed upon, and except if the USP actively requests it, the User will not access the information related to the USPs payment accounts and their associated payment transactions more than 4 times on a 24-hour period.
- The payment initiation API
This API allows the payment initiation service providers to initiate a payment order from the USPs payment account, as well as to receive all the information required to initiate the payment and all the information that Arkéa has access to related to the execution of said operation, through a secure channel.
- The funds confirmation API
This API allows Arkéa to answer requests of a payment service provider related to the existence of the required funds on the USPs payment account in order to execute a payment operation.
- The trusted beneficiaries API
This API allows the authorized Users to access information related to the list of trusted beneficiaries that the USP created.
- The end user identity API
This API allows the authorized Users to access information related to the identity of the USP.