Sorry, you need to enable JavaScript to visit this website.

Frequently Asked Questions

Check our FAQs below to find the help you need.

General

I have an idea for a new API. What can I do?

If you have a great idea for a new API please let us know. Go to our contact page to request an enhancement and share your thoughts with us.

What is the difference between Sandbox and Production?

The main difference between Sandbox and Production is the data that is returned by the APIs. In Sandbox test data is returned while in Production live data is returned.

The Sandbox environment enables you to develop and test your application.

  • Sandbox mimics all interactions with Rabobank just as we have in production.
  • Sandbox allows you to fully test the OAuth2.0 process without needing a real Rabobank account.
  • Sandbox APIs describe how to trigger specific functional or error responses.
I want to start using Rabobank production APIs. What do I need to do?

Once you have completed your development on our Sandbox environment you cannot automatically start using our production APIs.

For using non-PSD2 APIs like Payment Request in production, please send a business inquiry through our contact form.

For PSD2 APIs it is possible to get an account by using the PSD2 enrollment API if you are a certified AISP, PISP or CISP.

Our Account Information, Payment Initiation and Confirmation Availability of Funds API are available in production.

I signed up for Sandbox but I didn't get an email from Rabobank

Please check your spam-folder. If you still need help contact us via the contact form.

My activation link is not working.

Try to copy the complete link manually and paste it in the address bar of your browser.
The link expires after 24 hours. In case of an expired activation link please contact us via the contact form.

I have registered but I am not able to log on.

If you forgot your password, you can reset it here.

My contact details are changing, how do I report this?

When your email address changes, the owner of your developer organization needs to send an invite to your new address. It is not possible to change your email address. 

If you are the owner of the developer organization, make sure to also change ownership to your new address.

How do I stay informed about changes within an API that I am subscribed to?

You will receive an email about breaking changes with an indication of how long the old version will stay available.

I have a problem using a Rabobank API. What do I do?

Check our other FAQs to find a solution to your problem.

Do you still need help? Go to our contact page to report a problem.

Can a minor give consent?

For now it is only possible for adults (18+) to give consent.

API-usage

What is the difference between a SEPA EU credit transfer and a Cross Border credit transfer?

All payments in EUR to countries in the SEPA region are SEPA EU payments. Payments in EUR outside the SEPA region and all non-EUR payments are Cross Border credit transfers. To initiate these payments you need to use a different endpoint then for the SEPA EU payments. Please check the API documentation.

Why do I get a rejection after sending in a (Cross Border) payment?

A rejection can have several causes. Please check if the correct endpoint is used and/or whether all mandatory fields are provided. Note that Cross Border payments require additional information compared to SEPA payments.

How to use mutual TLS?
  1. Generate an x509 certificate and key pair.
  2. Register your application and paste the contents of your x509 certificate in PEM format.
  3. Use your prefered programming language or framework to create a secure request using the certificate and private key from step 1.

A more detailed description on how to use mutual TLS can be found here.

How do I create a TLS certificate (x509)?

You can generate one yourself with openssl for example:

$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
How to use OAuth 2.0?

Rabobank secured APIs use OAuth2 for authentication and authorization. When you succesfully pass the OAuth flow you receive a access token.

A detailed description on how to use OAuth2 can be found here.

Where can I find OAuth 2.0 scopes?

To find OAuth 2.0 scopes first select a product, then select an API by clicking 'View reference' and lastly search for Scopes within the oAuth2.0 access code flow section.

I have lost my client secret. How do I reset it?

To reset your client secret click 'My Apps' in the main menu, click on the application in question and then click the 'Reset' link in the 'Client Secret' section. Your new secret will be displayed.

What is a plan?

Plans specify the limitations and subscription details of how developers can use our API Products. A plan for instance includes rate limit setting for a product or specific API.

How do I subscribe my application?

After you have created your application you can check our API marketplace and subscribe your application.

How can I migrate to a different version of the same product?

When migrating to a new version of a product you first need to unsubscribe your application from the current product. Now you can subscribe your application again to the desired version of the product.

How can we use the "In-app" consent flow to make it possible for the user to give consent without having the need for a Rabo-scanner?

We support both the Web and In-app consent flow. For the Web flow the Rabo scanner is mandatory and for the In-app flow consent can be given via the Rabo Bankieren App.

Prerequisites:

  • the Rabobank Bankieren app needs to be installed on and registered to the device. On iOS use Bankieren app version >= 6.7, on Android use Bankieren app >= 5.14.1
  • since the url is picked up from the device itself, the oAuth2 /authorize call should be done on the device. If not, the web flow will start.
API-calls fail although the same requests works fine in sandbox.

There can be multiple reasons why requests are failing. Most errors are self-explanatory. However, your request could be failing because it doesn't contain the "user-agent". Make sure you provide a user agent in your request.

I am getting a 401 (unauthorized) HTTP status code. What went wrong?

The possible reasons for a 401 HTTP status code:

  • The required client id or client secret has not been successfully provided.
  • Your application is not subscribed to the correct product.
  • The TLS certificate for your application was not provided in the developer portal.
  • The TLS certificate was not added to the API call.
  • The TLS certificate added to the API call does not match the one provided in the developer portal.
I am getting a 429 (too many requests) HTTP status code. What went wrong?

The 429 HTTP status code indicates that your application exceeded the rate limit. Check the plan of the product you subscribed your application to for more information on rate limits.

PSD2

When will a Credit Transfer be processed as an Instant Payment (Credited directly)?

Rabobank will process credit transfers via Instant Payments, in case the beneficiary bank is participating in instant payments (Also see “which banks participate in Instant Payments”).

If the account of the recipient is not at one of these banks, we will process the payment according to the timelines of a SEPA credit transfer. This means that a payment to another bank takes more time and that the amount is not credited on the account of the recipient in the evenings and at the weekend. We inform the user about this during authorisation of the payment.

Which banks participate in Instant Payments?

The following banks participate from mid-2019: Rabobank, ING, ABN Amro, Volksbank (SNS, Regio Bank and ASN), Knab.

I enrolled for PSD2 but I didn't get an email from Rabobank

After you enroll you should receive an email with an activation link within 8 working hours. If you didn't receive this email, check if you are using the correct email address, also check your spam-folder. If you still need help contact us.

I received an error message during PSD2 enrollment, what can I do?

Please check whether the company name stated on the Certificate and in the NCA register are identical. If they are, please contact us.

I can see all APIs after the PSD2 enrollment, may I use them all?

No, you may only use the PSD2 APIs for which you are licensed by your National Competent Authority.

My activation link is not working after using the PSD2 enrollment API

You need to activate your account within 24 hours otherwise the link expires. You cannot request a new activation link yourself.

In case of an expired activation link please contact us.

Is Rabobank following any API standard?

Our PSD2 APIs are developed using the Berlin group API standard

How do I create the digest header?

The digest is a base64 encoded hash of the body: Base64(SHA512(body))

  1. Take the body of your request or an empty string if there is no body.
  2. Pass the body through the SHA512 hashing algorithm (SHA256 is also allowed).
  3. Make sure the hashed output is binary. In other words; do not convert it to a string.
  4. Base64 encode the output.
  5. Add the result to your Digest header and make sure that you declare which hashing algorithm you have used.

An example of the digest header for an empty body using SHA256 or SHA512:

Digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
Digest: SHA-512=z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==
Using the Signature header

Please read our extensive explanation on how to sign PSD2 requests with your eIDAS QSEAL certificate.

Which accounts can I access?

You can access Rabobank current accounts that our clients use in Rabo Online Banking.

Who can use the Account Information (AIS) APIs?

Only registered AISPs with a license from “De Nederlandsche Bank” can use the AIS APIs. AISPs that are registered in another member state need a passporting notification from “De Nederlandsche Bank”.

Who can use the Payment Initiation (PIS) APIs?

Only registered PISPs with a license from “De Nederlandsche Bank” can use the PIS APIs. PISP’s that are registered in another member state need a passporting notification from “De Nederlandsche Bank”.

When will it be possible to use the PSD2 API’s?

Our Account Information, Payment Initiation and Confirmation Availability of Funds API are available in production.

Where to find a Qualified Trust Service Provider (QTSP)

You can find a list of QTSPs in the Trusted List Browser at https://webgate.ec.europa.eu/tl-browser/.

Could not find an answer?

Need help with an API, have account related issues or a question about something else? Please get in touch with our support team.