Error list | Rabobank Developer Portal

Endpoint	Error code and description	Cause for the error	Solution
Oauth2.0 / Authorisation Services	Http status: 400 (Bad request) {"error": "invalid_grant"}	Sending an invalid, expired or already used authorisation code.	To solve this issue please consider the following: Make sure to pass the correct authorisation code within the expiration time period of 5 minutes. Make sure to only use an authorisation code once, do not call the token endpoint multiple times with the same authorisation code. Note: We recommend you to add a slight delay of 1000 milliseconds before calling this endpoint. This delay will make sure the authorisation codes are synchronised across our servers.
Oauth2.0 / Authorisation Services	Http status: 400 (Bad request) {"error": "invalid_request"}	No ‘grant_type’ or the wrong ‘grant_type’ provided.	To solve this issue check the ‘grant_type’ parameter. When requesting an authorization code the ‘grant_type’ should be ‘authorization_code’, when requesting a refresh token the ‘grant_type’ should be ‘refresh_token’. ‘grant_type’ should never be empty!
General error	Http status: 400 (Bad request) {"error": "Format error"} "More information": "The value for 'Date' is not a valid 'LocalDateTime'"	Wrong date formatting used.	The parameter ‘date’ should always be written in the following manner: Tue, 18 Sep 2018 09:51:01 GMT
General error	Http status: 401 (Unauthorized) {"error": "invalid_client_ID_or_secret"}	The cause of this error is one of the two reasons listed below: 1. Invalid client id is supplied in the request. 2. Your TPP application is not subscribed to an API using OAuth 2.0.	To solve this issue first double check if your application is subscribed to the API you are trying to access. Then check if the client ID of that application is the same client ID you send in your request.
Oauth2.0 / Authorisation Services	Http status: 401 (Unauthorized) {"error": "invalid_grant"}	This error message is caused by the use of an invalid refresh token.	To solve this issue make sure to pass a valid refresh token. Keep in mind that a refresh token can only be used once and expires after 30 days.
General error	Http status: 401 (Unauthorized) {"error": "invalid_client"}	The ‘authorization’ header is incorrect.	To solve this issue first double check if your application is subscribed to the API you are trying to access. The ‘authorisation’ header should consist of a base64 encoded string ‘Your_Client_ID:Your_Client_Secret’. Make sure these match the clientID and secret of the subscribed application.
General error	Http status: 401 (Unauthorized) {"error": "This server could not verify that you are authorized to accss the URL"}	This error message is caused by passing an expired or invalid access token.	To solve this issue check the expiry time associated with the access token. Keep in mind that an access token is only valid for 60 minutes. If the access token has expired, use the refresh token to get a new access token. If you are unable to get a new access token using the refresh token, the common scenario would be either the consent of the user has expired or has been revoked by the user. This can be validated via the Consent Details API. In this case the client must renew the consent flow.
General error	Http status: 401 (Unauthorized) {"error": "Not registered to plan"}	You are trying to access an API which you are not subscribed to.	To solve this issue please make sure you are subscribed to the API you are trying to use.
General error	Http status: 401 (Unauthorized) {"error": "Client ID or secret missing or invalid"}	This error is caused by using a client ID in the token and a client ID in your request that do not match.	To solve this issue make sure that both the client ID in the token and the client ID in your request match the client ID of your application.
General error	Http status: 401 (Unauthorized) {"error": "Certificate role is not valid"}	This error is caused by your certificate which has an invalid role assigned to it.	You are doing a request for an api that isn't mentioned in your QSEAL certificate. Please make sure to use the correct certificate. For more information please refer to https://www.dnb.nl/openbaar-register.
General error	Http status: 401 (Unauthorized) {"error": "The certificate authority is untrusted"}	This error is caused by your certificate which is issued by an untrusted authority.	Please make sure to use a certificate issued by a trusted authority. For a list of trusted authorities please refer to this page: https://esignature.ec.europa.eu/efda/tl-browser/#/screen/home.
General error	Http status: 401 (Unauthorized) {"error": "The CA was not found in the trust"}	Certificate not found in the trust store.	Please contact our support team via the contact page.
General error	Http status: 401 (Certificate_Invalid) {"error": "Certificate is missing"}	This error message is given when no certificate is present in the ‘TPP-signature-certificate’ header.	To solve this issue make sure that you send your certificate in the ‘TPP-signature-header.’
General error	Http status: 401 (Signature_Invalid) {"error": "Could not validate signature, invalid certificate format"}	This error is caused by an invalid format of your keyId header.	To solve the issue please make sure the keyID header is an integer, and not in hex format. Integer: 25071980481887561669120182095626 Hex: 22:73:88:29:ad:ce:57:9a:7b:d7:09:60:2c:08:33:58:98:90:38:ae
General error	Http status: 401 (Signature_Invalid) {"error": "Invalid signature"}	This error refers to the ‘signature’ header being incorrect and can have multiple causes.	There are multiple components to the signature. To solve it please make sure first that the list of headers contained in the signature are: · Lowercase · Separated by a space · In the same order as they are in the signing string If this is all correct then please refer to our signing documentation: PIS/AIS/CAF: https://developer.rabobank.nl/signing-requests-psd2-apis PIS Bulk: https://developer.rabobank.nl/signing-requests-psd2-bulk-api BAI: https://developer.rabobank.nl/signing-requests-business-account-insight-apis BBPI: https://developer.rabobank.nl/signing-requests-business-bulk-payment-initiation BDD: https://developer.rabobank.nl/signing-requests-business-direct-debit
General error	Http status: 401 (Signature_Invalid) {"error": "Invalid client certificate is provided"}	This error is caused by mismatching certificates in your application and your request.	To solve this issue please make sure that the certificate in your application is the same certificate as the one you send in your request.
General error	Http status: 403 (Forbidden) {"error": "Forbidden"}	This error is triggered one of two ways: · There is no valid consent. · You do not have the required permission.	To solve this issue first check the status of the consent. You can do this using the Consent Detail Service API. If the status of the consent is valid, please check if the scope of the API you are calling is present in the consent as well as the account number. If the status of the consent is expired then the consent is indeed inactive and a new consent needs to be signed by the PSU.
PSD2 Enrollment	Http status: 403 (Forbidden) {"error": "Internal Server Error"}	This error is caused by using a JWT token which is not allowed.	To solve this issue please use a JWS request as described in our documentation page https://developer.rabobank.nl/jws-request-tpp-enrollment.
General error	Http status: 404 (Not Found) {"error": "Not Found"}	This error can be triggered multiple ways: The URL that you are looking for does not exist. Your are requesting the status of a transaction too fast after posting it. A timeout occured between one or multiple applications.	To solve this issue always check the URL you are calling for any errors (a typo for example). Also make sure to build in at least a few miliseconds delay between a POST request and the subsequent GET request. Finally you can try the request again later. If the issue persist after a few retries please contact support.
General error	Http status: 404 (Method not allowed) {"error": "Method not allowed"}	This error is caused by trying to do a POST request to endpoint that only accepts GET requests and vice versa.	Please double check that you are doing the correct type of request. Most endpoints support only one specific type of request and not others.
General error	Http status: 429 (Access_Exceeded) {"error": "The maximum number of calls for unattended requests has been exceeded for account with ID"}	This error is caused by exceeding the maximum number of requests you can do per second OR when you exceed the maximum number of unattended calls you can do with AIS or BAI API.	Please refer to the overview page of the API you are using to check what the maximum number of calls per second are. For most APIs this is 6 to 10 calls per second. When using AIS or BAI API keep in mind that you can only do 4 unattended calls per account, per day.
Oauth2.0 / Authorisation Services	OAuth Error An error occurred while processing the OAuth request. Error: invalid_request Error description: invalid redirect_uri	The cause of this error is that the redirect URL provided in the request does not match the redirect URL provided in the application.	To solve this issue please make sure that the redirect URL present in the request is the same as the redirect url present in the your application.
General error	Http status: 500 (Internal Server Error)	Something went wrong on a network level. Either on our side, on your side or somewhere in between.	Try the request again at a later time, if the issue persists please contact support.
General error	Http status: 503 (Service Unavailable)	One or more Rabobank services are not available.	Try the request again at a later time, if the issue persists please contact support.
Payment Initiation Bulk/ Business Bulk Payment Initiation/ Business Direct Debit	Http status: 503 (Resource Unknown) {"error": "Internal Server Error"}	No payment file is present in the request	Make sure the pain001 or pain008 file is added to the POST request