Comece agora

Get Started

Welcome to the CARREFOUR Developer Portal. This short guide will get you started with our APIs and allow you to begin integrating our services into your applications. Covered in this guide:

Registration
Obtaining a Test Certificate
Authentication
Accessing the Sandbox
Feedback and Support
Golden Book

Registration

We currently have 2 categories of API documented on the site, Open Data – Public APIs and the PSD2 – Private APIs.
You don’t need to register to access the Open Data resources, please use these to test connectivity to CARREFOUR and access the services they provide. For the PSD2 Account, Payment and Funds Confirmation APIs, you will first need to register an account on the Developer Portal.

Please go to the Registration page to set up your account
Complete the forms and activate your account using the link sent via confirmation email
Once registered set up an organisation or join an existing colleague’s organisation
You will now have access to the Test Certificate menu

Test Certificate

In readiness for the new electronic certificate (eIDAS) regulation, the PSD2 Sandbox APIs require a signed X.509 certificate to access the test resources. The production APIs will require a QTSP provided QWAC certificate to securely connect but for the purposes of this testing facility we will provide you with the required certificates to develop and test your application against our Sandbox.

To generate a test certificate, please execute the following commands using OpenSSL:

1. Generate a new RSA private key

$ openssl genrsa -out server.key 2048

2. Generate the X.509 Certificate Signing Request

$ openssl req -sha256 -new -key server.key -out server.csr -outform der

Certificate requirements

Requirements for the TLS and HTTP Signature certificate:

Public key algorithm: RSA-2048 bits
Signature algorithm: SHA-256 bits
Valid upon upload

Authentication

Our PSD2 APIs all support REDIRECT OAuth2 authentication. You will find the required test user credentials in the APIs Technical Documentation accessed via the API Catalogue.

For our OBIE specification APIs the following steps are required to complete the Authentication flow:

Gain an access token via certified connection to our Authentication Store
Post Consent using the defined end-points and retrieve a test Consent ID
Using the provided redirect resources, authenticate your chosen test User and select test Accounts
Using the received authorisation code, retrieve a bearer token to access the Sandbox resources

Please see the provided Technical Documentation for further guidance on the authentication flow for the specific API you are using.

Sandbox

The Sandbox contains mock data for the purpose of testing API connectivity. We have provided test users that represent the different customer types that will be available in the production API responses. The Sandbox interface and authentication flows are created to represent the production environment to allow you to progress the development and testing of your application.

Feedback and Support

Dive in and start coding your applications using our APIs. If you get stuck or require additional support then please include the swagger definition for each API. Contact our team using the Support link available on the homepage.

Golden Book

CARREFOUR supports the v3.1.5 UK Open Banking standard, amongst other versions. Our implementation guide is designed to assist you, as a TPP with registration, on-boarding and completion of both AIS and PIS standard journeys.