API Reference
Start typing to search…

Single payments

Your requests contains data and to ensure its authenticity, you are required to sign the requests while using Rabobank APIs.

Reference: Signature draft

Start with sandbox

We recommend that you first develop your application using the Sandbox environment in the Rabobank developer portal. Read Get Started to set up your account.

Get the signing certificate

Use either of the following certificates based on your API:

  • PSD2 – An eIDAS QSEAL certificate issued by the Qualified Trust Service Provider of your choice.
  • Premium – An EV SSL certificate for transport and an EV SSL signing certificate for signing messages.
    • Rabobank accepts:
      • EV SSL certificates from the certificate issuers listed in the Mozilla CA Certificate report.
      • X.509 format
      • RSA: key length should be at least 2048-bit
      • Certificate should be valid for a maximum of one year.

In case you don't yet have an official certificate, you can use an example certificate for Sandbox.

⤓ cert.pem ⤓ key.pem

👍

You can use these certificates to recreate the code example as shown below.

🚧

The signing certificate is sent with a signing request but not stored on the Rabobank developer portal. If you want to change/replace you can make changes on your own system.

You can also choose to have two valid certificates when allowed by your system.

Create the digest

The digest is a base64 encoded hash of the body, example: Base64(SHA512(body))

  1. Pass the body of your request (or an empty string if there is no body) through a hashing algorithm.
    📘

    We recommend using SHA 512 but you can also choose to use SHA 256

  2. Make sure the hashed output is Binary format.
  3. Base64-encode the output.
  4. Add the result to your digest header declaring the used hashing algorithm, i.e. (RSA-SHA512/RSA-SHA256).

Example digest header

Examples of the digest header for various APIs and their bodies using SHA-512:

PSD2 - Single Payment Initiation
{"creditorAccount":{"currency":"EUR","iban":"NL10RABO0123456789"},"creditorAddress":{"buildingNumber":"8","country":"NL","postcode":"2456RL","streetName":"Utrechtstraat","townName":"Utrecht"},"creditorAgent":"RABONL2U","creditorName":"Company","debtorAccount":{"currency":"EUR","iban":"NL10RABO0912345678"},"endToEndIdentification":"PI-123456789","instructedAmount":{"content":"10.25","currency":"EUR"},"remittanceInformationUnstructured":"Ref Number Merchant 235839479.3434","requestedExecutionDate":"2022-06-15"}
sha-512=97iSEKK+wtenUIu8DozlaGP+g2OjYy8F081o0gaLt4w6FomFJVEJktCPHEfrauwU48Tus44YStT8+q6erKA4Gg==
Premium - Business Single Payment Initiation
{"creditorAccount":{"iban":"NL10RABO0123456789","currency":"EUR"},"creditorName":"Company","debtorAccount":{"currency":"EUR","iban":"NL10RABO0912345678"},"instructedAmount":{"content":"10.25","currency":"EUR"},"creditorAddress":{"country":"NL","buildingNumber":"8","postcode":"2456RL","streetName":"Utrechtstraat","townName":"Utrecht"},"creditorAgent":"RABONL2U","debtorName":"Allen Martin","endToEndIdentification":"PI-123456789","remittanceInformationStructured":{"reference":"1515140706132013","referenceIssuer":"CUR","referenceType":"SCOR"},"requestedExecutionDate":"2023-01-25"}
sha-512=zHM9txFwU718P3n7PxunDWpzrpPNaa6Rb9JKoU5JIkLuLliiiobFYHYDEDoi7wO6Nj0Z00uqWtOcjjSDQzpxmw==
{"creditorAccount":{"iban":"NL10RABO0123456789","currency":"EUR"},"creditorName":"Company","debtorAccount":{"currency":"EUR","iban":"NL10RABO0912345678"},"frequency":"Quarterly","instructedAmount":{"content":"10.25","currency":"EUR"},"startDate":"2023-01-25","creditorAddress":{"country":"NL","buildingNumber":"8","postcode":"2456RL","streetName":"Utrechtstraat","townName":"Utrecht"},"creditorAgent":"RABONL2U","debtorName":"Allen Martin","endToEndIdentification":"PI-123456789","requestedExecutionDate":"2023-01-25","remittanceInformationStructured":{"reference":"1515140706132013","referenceIssuer":"CUR","referenceType":"SCOR"},"endDate":"2024-05-24"}
sha-512=HJcQr3G5Zt2izNQcFmfqBLONnSqb4pVQ4vaC7bAoAvS9Q9/5vyVqfm998CkKx+9v9QxTOmKLDbxvhxUhk/DZmw==
{"chargeBearer":"DEBT","creditorAccount":{"currency":"USD","bban":"02100002112345678901234567"},"creditorAddress":{"country":"US","buildingNumber":"8C","postcode":"5017","streetName":"5th Ave","townName":"New York"},"creditorAgent":"BANKUS33XXX","creditorName":"Company","debtorAccount":{"currency":"EUR","iban":"NL10RABO0912345678"},"instructedAmount":{"content":"10.25","currency":"USD"},"debtorName":"Allen Martin","endToEndIdentification":"PI-123456789","remittanceInformationStructured":{"reference":"1515140706132013","referenceIssuer":"CUR","referenceType":"SCOR"},"requestedExecutionDate":"2023-01-25"}
sha-512=8szvAigpAj1WJbILK9EgRF/+nYDEO9CpLo7sKkcjlsHEQk7fgYnQ45gR1SjDmhk8mwLdtODagjm0ygAA/WCxIw==
{"chargeBearer":"CRED","creditorAccount":{"currency":"GBP","iban":"GB60BARC48291709876543"},"creditorAddress":{"country":"UK","buildingNumber":"54","postcode":"N1 1PX","streetName":"Islington Park St","townName":"London"},"creditorAgent":"BARCGB21","creditorName":"Company","debtorAccount":{"currency":"EUR","iban":"NL10RABO0912345678"},"frequency":"Quarterly","instructedAmount":{"content":"10.25","currency":"GBP"},"startDate":"2023-01-25","debtorName":"Allen Martin","endToEndIdentification":"PI-123456789","remittanceInformationStructured":{"reference":"1515140706132013","referenceIssuer":"CUR","referenceType":"SCOR"},"requestedExecutionDate":"2023-01-25","endDate":"2024-05-24"}
sha-512=HSV/LRwpyaCZ5KwBRpN5ie4rQHigAJwqTOafADRuZ2ZltDrv0umuYmGYz38x5OAwKmAQgRctLJ68jNfIKHnQnQ==
Premium - Business Instant Payout
{"creditorAccount":{"currency":"EUR","iban":"NL40RABO8933084452"},"creditorAddress":{"buildingNumber":"8","country":"NL","postcode":"2456RL","streetName":"Utrechtstraat","townName":"Utrecht"},"creditorAgent":"RABONL2U","creditorName":"Company","debtorAccount":{"currency":"EUR","iban":"NL43RABO9012918502"},"debtorAgent":"RABONL2U","debtorName":"Allen Martin","endToEndIdentification":"PI-123456789","instructedAmount":{"content":"10.25","currency":"EUR"},"remittanceInformationStructured":{"reference":"Ref 2021-03-24","referenceIssuer":"CUR"},"urgencyIndicator":false,"uniqueRequestorReference":"0744f57f-d777-5369-b33e-d01641527faf"}
digest: sha-512=ZEmBwCCDcSOeoP8y4k5ZtHWA4/j0cLhwuXL551wyJgHCa9exEQCCi1kvSkU8NaW3lNDWqHRrMgkt4j0MGzApBQ==
{"creditorAccount":{"currency":"USD","iban":"NL40RABO8933084452","bban":""},"creditorAddress":{"buildingNumber":"8C","country":"US","postcode":"5017","streetName":"5th Ave","townName":"New York"},"creditorAgent":"RABONL2U","clearingSystem":{"code":"USABA","value":"026009593"},"creditorName":"Company","debtorAccount":{"currency":"EUR","iban":"NL43RABO9012918502"},"debtorAgent":"RABONL2U","debtorName":"Allen Martin","endToEndIdentification":"PI-123456789","instructedAmount":{"content":"10.25","currency":"USD"},"remittanceInformationUnstructured":"Ref Number Merchant 235839479.3434","remittanceInformationStructured":{"reference":"Ref 2024-09-02","referenceIssuer":"CUR"},"urgencyIndicator":false,"chargeBearer":"DEBT","uniqueRequestorReference":"0744f57f-d777-5369-b33e-d01641527faf"}
sha-512=8zdI7qSpYp6I16RKZUtkzryb4L2dGjSghm4tDBG8SFYlfzn/xoaom6/1t9PHMP9YdxwljfGd9xXYecEcNN3aCA==
{"account":{"value":"NL40RABO8933084452","type":"IBAN","name":"Allen Martin"}}
sha-512=adwckzJ1AFNfnFKZ2dmi//4R+6ELVVWtDIKbQzVIldiDMZY3e97ZoVXAhFJUGpdgckRhQT0JYVcLgbtkex7jLQ==
Premium - Payment Request
{"amountCents":10000,"currency":"EUR","description":"Mchi Restaurant","iban":"NL19RABO0123456790","clientReference":"Client-Reference","numPayers":1,"hasVariableAmount":false}
digest: sha-512=ttXH7VYT0BBoIFTsSrSkTMhKMbuBuC8ZaR3rZBSxwd1leleIsA4uLyfB0rHWUzALHUxA71iy6T2N7dAcGr08Gw==
🚧

Due to security regulation, spaces or line breaks between JSON elements cause incorrect digest error.

Create the signing string

The signing string contains several headers separated by line breaks.

👍

The order is not crucial, as long as you define them in the same order in the signature header.

Signing headers per API

ParameterRequiredRemark
dateYes
digestYes
x-request-idYes
psu-idNoThis field should be included as a header of the HTTP request
tpp-redirect-uriNoMandatory for HTTP POST requests
tpp-nok-redirect-uriNoThis field should be included as a header of the HTTP POST request

Example signing string

Examples of the signing string for various APIs:

PSD2 Single Payment Initiation
date: Thu, 24 May 2022 06:53:05 GMT
digest: sha-512=97iSEKK+wtenUIu8DozlaGP+g2OjYy8F081o0gaLt4w6FomFJVEJktCPHEfrauwU48Tus44YStT8+q6erKA4Gg==
x-request-id: 7d2da3f9-67d3-5034-b7cc-29f1a05ef1f5
tpp-redirect-uri: https://www.rabobank.nl
Premium – Business Single Payment Initiation
date: Tue, 24 Jan 2023 06:53:05 GMT
digest: sha-512=zHM9txFwU718P3n7PxunDWpzrpPNaa6Rb9JKoU5JIkLuLliiiobFYHYDEDoi7wO6Nj0Z00uqWtOcjjSDQzpxmw==
X-Request-ID: 7d2da3f9-67d3-5034-b7cc-29f1a05ef1f5
date: Tue, 24 Jan 2023 06:53:05 GMT
digest: sha-512=8szvAigpAj1WJbILK9EgRF/+nYDEO9CpLo7sKkcjlsHEQk7fgYnQ45gR1SjDmhk8mwLdtODagjm0ygAA/WCxIw==
X-Request-ID: 7d2da3f9-67d3-5034-b7cc-29f1a05ef1f5
date: Tue, 24 Jan 2023 06:53:05 GMT
digest: sha-512=HJcQr3G5Zt2izNQcFmfqBLONnSqb4pVQ4vaC7bAoAvS9Q9/5vyVqfm998CkKx+9v9QxTOmKLDbxvhxUhk/DZmw==
X-Request-ID: 7d2da3f9-67d3-5034-b7cc-29f1a05ef1f5
date: Tue, 24 Jan 2023 06:53:05 GMT
digest: sha-512=HSV/LRwpyaCZ5KwBRpN5ie4rQHigAJwqTOafADRuZ2ZltDrv0umuYmGYz38x5OAwKmAQgRctLJ68jNfIKHnQnQ==
X-Request-ID: 7d2da3f9-67d3-5034-b7cc-29f1a05ef1f5
Premium – Business Instant Payout
date: Thu, 18 Mar 2021 15:10:46 GMT
digest: sha-512=ZEmBwCCDcSOeoP8y4k5ZtHWA4/j0cLhwuXL551wyJgHCa9exEQCCi1kvSkU8NaW3lNDWqHRrMgkt4j0MGzApBQ==
x-request-id: e9c96b7e-8470-410a-937c-396fe9512fea
date: Thu, 18 Mar 2021 15:10:46 GMT
digest: sha-512=8zdI7qSpYp6I16RKZUtkzryb4L2dGjSghm4tDBG8SFYlfzn/xoaom6/1t9PHMP9YdxwljfGd9xXYecEcNN3aCA==
x-request-id: e9c96b7e-8470-410a-937c-396fe9512fea
date: Thu, 18 Mar 2021 15:10:46 GMT
digest: sha-512=adwckzJ1AFNfnFKZ2dmi//4R+6ELVVWtDIKbQzVIldiDMZY3e97ZoVXAhFJUGpdgckRhQT0JYVcLgbtkex7jLQ==
x-request-id: e9c96b7e-8470-410a-937c-396fe9512fea
Premium – Payment Request
date: Tue, 26 Okt 2021 08:12:31 GMT
digest: sha-512=q4Umm9vse7MvLpnlPC14Ym9pm2vy4rv8X6cV+V9Gn0c4Pp10U9g1FwsXgxdYQNUW1iVAK+zbjy7yKoqxDqLVlA==
x-request-id: 95126d8f-ae9d-4ac3-ac9e-c357dcd78811

Sign using your Private key

The signature is the signing string signed with the private key: Base64(RSA-SHA512(signing_string))

  1. Create the signing string.
  2. Sign it using the hashing algorithm you used (RSA-SHA512/RSA-SHA256) and the private key of the signing certificate.
  3. Base64-encode the output.

Example signature

Examples of the signature for various APIs:

PSD2 Single Payment Initiation
LW0sGv1Ptg8vTNVDzVCZv4l3TQSC565AMGlWOKNMAO7HorDeaswYhQO6Af0Y8fUmQsCRQOefC9JhjdXqjlJQXN7XYs2Zstg1FczWF4sExx2eAPquW5gwNyittSkg9Ln8wJ6/dnaZIa8KfzVWOH5wFPqb3mMmMn7RFAVpPp3hGEcrZAbTXglwyLTyr37/0beEBHC1sdjVkE+U6E7/lQs1IE0bgMS+qgIoncp+wVpELLg4FUe6CN5vC51exiud1sSxyScdNVbAhRK2XTgaxzQhN4VoYcztruxcyoVpYyK6sZK44lOO034i+HnUowrpTXV543p1u1O1q8Q4tnbQg+poYQ==
Premium – Business Single Payment Initiation
ZooLzRBY0Y/QGX/+lil/hhVoKt42HqU1YdayQnotACVqoRABqmfSfr0+jkW27QVbi1RgX57kG048HvhZaxWJD94WCzhZznIlB3mDOMJqa96GFJ+fqEMtnV5ZxPS9fCq5w3zz4UVRi9+Zi2qDocfH/9GgwnZ/TDkjI6Wxf/mUjYQC2OIDvPUY5jt2YggskCTnOHsUB1vSCFADQ7rf2n7FktwSvLmzCHRqpCzwC3ruISZaChKIDwgZsuhmwZUylvJMx5xuA+UdaMQ7Q98itGPXmilD/lx9wgJ+6Qlci0PwvnEQDoCP9pSlO7no2rCekyJE+D85u7plsjtk2sEhla7PvA==
c41VkRwduLo2v+N5GgYwmEDUkHCN5TA/WmB26q6CcXDGqnquwLB9RKYw9eZX/JsRQrh+NQVBKTIyPNgYFd4RsBvPnrM7TE4/G4PqFOwHYFqJiJTFGPjiPrc8ijTKQ8hqjsBlU2hKhycnDj0ViqmBWFvwgPKWMblvC4jgeOdn2m2PB6auAun42TvRsejN7oEgTqL5BsUvBb5Xzvkerqb/Sgn3eWKOeTZmArn7RVHBR2RlVYSfz35Ymz5pN+jEqwavtBRYlEY2kJ6yACuQx9pmlFhQzjdgl7XiDsrEmpr6/NZNn29zMh42TO9qO+xkIylNBtBw+gJUDP0a3iMgTME/mA==
S+GB0JmjPrmypNrSJAU5zj0p6j1/rxjAVImmDvWFbiZsRtLbq1S/igehHeGgIh1SXJZzW1TCMvXoIi8UJcL+iheAd+9Njj8R0vF3l2n4NdVXOqAfBPyH2hzwXNwRsgthfdsFJH3Bi4u0pArPIi01bjfs9clFd40Ex3uODRIg2R9OAeWCNn83n9ZvbcsmsU9/5Mzi84vycJENK+tE69Uy9gbbqXauCSicxbHnuhOKsv5PiRmvimYdfh0H22QW3k803Hk8mgkEAuwgwhLGGnxsoLb3bN+VAyxr3cx0ed64dXPKN5mZyjkqM9dz5fp0A/u5nQNuuDxU5zUqDRllZKKXNg==
GV/DUDamjX5WLLJOa0RUix1AneSSJ3ZVBj16rEWifTgm4ZD5PRJFakSo3Hp91p/sHY5bPj2XDSUWEKt+K70iTTH/eAZh2GWtNa1PvxHyDz4zTP29FP9MWXa7fsUuG8x9brcUDZW/I342OToo7nf6i35KTzubyJx/Q9o2OhfnYVUHOxkmSFABjUNLd/YXHmjXEHAq4jw89JkP6OXO31SimV+fNhYRQTI/f1B6nRYrnB/VJ8S9dl6Npy8G4wlhuWvZpR01LhLUXdyJisaHtbmSARF/KoHRWM0/wujVxyVM8P1od28y0uLQugA9aYsIx9TTZ6uVu3hzK4VO53HCOP6BZw==
Premium - Business Instant Payout
UkZ0iS8ReKTvZJgOhGZv6QetJFKWGJDUZxHjglmEeg1AKjtpxDAMbIGid1fgT4dola6HZbnvFO9SjyPfAKtz/dnBqdKcWDAdL+PStY/EyFvXeshwmkIE1FZLpomvXoUTWZmsFqW2fdO3PgciQXwv/gHUCAp1A0ZEVR2W1KifcXSMeotzTaog3gw2XTfQU+LmDdWx1sbXQJDmgcBnRpYlMRIX5R2GP1pQ61rDFydMJqpwv4RUsUyB+dQoHLd13rU4jlbNKvankVxJnij2xyQrFh1wkJVQG0+ECrtxW4B7SECwh4I7meQqGlPeXpWGDS2mg2NmWRTfI0+m3isUwblQcw==
PxeVVVDH6ezZZ4XuBygjdpKrUW3pqhk8h9oZkJ25KxHZR7B3LpoMDjUgLV/pb890MwQK8Z+wkor1cZjXT73Y+FlQB5oJH2WePUnpoQDtKsXJ+VtLJFe0KanJ58lEa7jjtoBelvdbvpse1Zlt98eTW4NVaOlLHeR3uRXcwgq3DvKc114T0Dt/aXHvB+ZzLKzF5suNUXyRSakvI81zknBKRX2FeOgwx7MIgiWYdfeM0XxjWDv7r+nC924Wn+LYwRHFCZsBIeXz0aED72K0TQnNndQlFXAd8aDw9rFHSiT7o0PYmK37n3tBw/F8jpzPQUhBayo30FLoFqSYI+/I92XJLA==
orkASK4HiryOEbTPQ52l0SD1cAjDpSZUbLdaiE5JYGDl1wv1fcXiKvKOa4nitZ4LsDctwA7cnpEkzv1XBAqy5uvggwKuZCjDbk9u5c5Sox9kzXgojLhcIcGlUXRmcTzDQl64kW6Hr6deTCOBzGmEQbdXmSWEsiQwp4bOIlhrw1iKN3PrAqN7tEFuEPn1VkK3XGoaD7DyBkAOANdjUgU9wg1c/5OAKZfzttoUXC1PzbzFnIkOVPIWG+1FidFSTcR+M07wwlZSbcx6XhSChRCM3Qpr3LvIGi+j8+eL6DsHEfbHb3sg1Zo4EreadKuwzfYuOMiYl+e6meyN2GWAVMLKYA==
Premium - Payment Request
0VOn8X/hNqt240+675ediIvcDNpiYEPXxQQ/d49NT6Zy3FPwCblhTN+0LVtaALVd8AR1/BYBHJjjxxm8QfDi5AWyZL0xWnPuqoASZrbIgPg8X/OxVTyEWfAX6DvVDZfOFEolwWmhkj/ngUEV47vQAvRQd00FhrUGm93W9LFU8ochn/8IfdQY51ZIjCnqW5/oL/mHRrjQ8V51UvDjbH5nYPeivvYvq2JOPaWw8mzSglVFa2c2FbKaakKGi+TfbI4CYNjMrkKBvuhFxmWtSXaYcz81KQre3BXMNKXwHVaYuIGm7x2TE0E07DqbrBGu9qetGuCQBsKLgUvKtEj4p/o01Q==

Create the Signature header

The signature header consists of the following components:

Component Example Description

keyId

$ openssl x509 -in cert.pem -noout -text

The serial number of the certificate as defined in the TPP-Signing-Certificate header. The format should be Integer not hex.

algorithm

rsa-sha512

Specify which algorithm was used when generating the signature:

  • rsa-sha512
  • rsa-sha256

headers

"date digest x-request-id"

The list of headers contained in the signature:

  • lowercase
  • separated by a space
  • in the same order as they have in the signing string

signature

The result created in step Sign using your Private key

Example signature header

The resulting signature header for our example:

PSD2 - Single Payment Initiation
Signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id tpp-redirect-uri",signature="LW0sGv1Ptg8vTNVDzVCZv4l3TQSC565AMGlWOKNMAO7HorDeaswYhQO6Af0Y8fUmQsCRQOefC9JhjdXqjlJQXN7XYs2Zstg1FczWF4sExx2eAPquW5gwNyittSkg9Ln8wJ6/dnaZIa8KfzVWOH5wFPqb3mMmMn7RFAVpPp3hGEcrZAbTXglwyLTyr37/0beEBHC1sdjVkE+U6E7/lQs1IE0bgMS+qgIoncp+wVpELLg4FUe6CN5vC51exiud1sSxyScdNVbAhRK2XTgaxzQhN4VoYcztruxcyoVpYyK6sZK44lOO034i+HnUowrpTXV543p1u1O1q8Q4tnbQg+poYQ=="
Premium – Business Single Payment Initiation
Signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="ZooLzRBY0Y/QGX/+lil/hhVoKt42HqU1YdayQnotACVqoRABqmfSfr0+jkW27QVbi1RgX57kG048HvhZaxWJD94WCzhZznIlB3mDOMJqa96GFJ+fqEMtnV5ZxPS9fCq5w3zz4UVRi9+Zi2qDocfH/9GgwnZ/TDkjI6Wxf/mUjYQC2OIDvPUY5jt2YggskCTnOHsUB1vSCFADQ7rf2n7FktwSvLmzCHRqpCzwC3ruISZaChKIDwgZsuhmwZUylvJMx5xuA+UdaMQ7Q98itGPXmilD/lx9wgJ+6Qlci0PwvnEQDoCP9pSlO7no2rCekyJE+D85u7plsjtk2sEhla7PvA=="
Signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="c41VkRwduLo2v+N5GgYwmEDUkHCN5TA/WmB26q6CcXDGqnquwLB9RKYw9eZX/JsRQrh+NQVBKTIyPNgYFd4RsBvPnrM7TE4/G4PqFOwHYFqJiJTFGPjiPrc8ijTKQ8hqjsBlU2hKhycnDj0ViqmBWFvwgPKWMblvC4jgeOdn2m2PB6auAun42TvRsejN7oEgTqL5BsUvBb5Xzvkerqb/Sgn3eWKOeTZmArn7RVHBR2RlVYSfz35Ymz5pN+jEqwavtBRYlEY2kJ6yACuQx9pmlFhQzjdgl7XiDsrEmpr6/NZNn29zMh42TO9qO+xkIylNBtBw+gJUDP0a3iMgTME/mA=="
Signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="S+GB0JmjPrmypNrSJAU5zj0p6j1/rxjAVImmDvWFbiZsRtLbq1S/igehHeGgIh1SXJZzW1TCMvXoIi8UJcL+iheAd+9Njj8R0vF3l2n4NdVXOqAfBPyH2hzwXNwRsgthfdsFJH3Bi4u0pArPIi01bjfs9clFd40Ex3uODRIg2R9OAeWCNn83n9ZvbcsmsU9/5Mzi84vycJENK+tE69Uy9gbbqXauCSicxbHnuhOKsv5PiRmvimYdfh0H22QW3k803Hk8mgkEAuwgwhLGGnxsoLb3bN+VAyxr3cx0ed64dXPKN5mZyjkqM9dz5fp0A/u5nQNuuDxU5zUqDRllZKKXNg=="
Signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="GV/DUDamjX5WLLJOa0RUix1AneSSJ3ZVBj16rEWifTgm4ZD5PRJFakSo3Hp91p/sHY5bPj2XDSUWEKt+K70iTTH/eAZh2GWtNa1PvxHyDz4zTP29FP9MWXa7fsUuG8x9brcUDZW/I342OToo7nf6i35KTzubyJx/Q9o2OhfnYVUHOxkmSFABjUNLd/YXHmjXEHAq4jw89JkP6OXO31SimV+fNhYRQTI/f1B6nRYrnB/VJ8S9dl6Npy8G4wlhuWvZpR01LhLUXdyJisaHtbmSARF/KoHRWM0/wujVxyVM8P1od28y0uLQugA9aYsIx9TTZ6uVu3hzK4VO53HCOP6BZw=="
Premium - Business Instant Payout
Signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="UkZ0iS8ReKTvZJgOhGZv6QetJFKWGJDUZxHjglmEeg1AKjtpxDAMbIGid1fgT4dola6HZbnvFO9SjyPfAKtz/dnBqdKcWDAdL+PStY/EyFvXeshwmkIE1FZLpomvXoUTWZmsFqW2fdO3PgciQXwv/gHUCAp1A0ZEVR2W1KifcXSMeotzTaog3gw2XTfQU+LmDdWx1sbXQJDmgcBnRpYlMRIX5R2GP1pQ61rDFydMJqpwv4RUsUyB+dQoHLd13rU4jlbNKvankVxJnij2xyQrFh1wkJVQG0+ECrtxW4B7SECwh4I7meQqGlPeXpWGDS2mg2NmWRTfI0+m3isUwblQcw=="
Signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="PxeVVVDH6ezZZ4XuBygjdpKrUW3pqhk8h9oZkJ25KxHZR7B3LpoMDjUgLV/pb890MwQK8Z+wkor1cZjXT73Y+FlQB5oJH2WePUnpoQDtKsXJ+VtLJFe0KanJ58lEa7jjtoBelvdbvpse1Zlt98eTW4NVaOlLHeR3uRXcwgq3DvKc114T0Dt/aXHvB+ZzLKzF5suNUXyRSakvI81zknBKRX2FeOgwx7MIgiWYdfeM0XxjWDv7r+nC924Wn+LYwRHFCZsBIeXz0aED72K0TQnNndQlFXAd8aDw9rFHSiT7o0PYmK37n3tBw/F8jpzPQUhBayo30FLoFqSYI+/I92XJLA=="
keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="orkASK4HiryOEbTPQ52l0SD1cAjDpSZUbLdaiE5JYGDl1wv1fcXiKvKOa4nitZ4LsDctwA7cnpEkzv1XBAqy5uvggwKuZCjDbk9u5c5Sox9kzXgojLhcIcGlUXRmcTzDQl64kW6Hr6deTCOBzGmEQbdXmSWEsiQwp4bOIlhrw1iKN3PrAqN7tEFuEPn1VkK3XGoaD7DyBkAOANdjUgU9wg1c/5OAKZfzttoUXC1PzbzFnIkOVPIWG+1FidFSTcR+M07wwlZSbcx6XhSChRCM3Qpr3LvIGi+j8+eL6DsHEfbHb3sg1Zo4EreadKuwzfYuOMiYl+e6meyN2GWAVMLKYA=="
Premium - Payment Request
Signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="0VOn8X/hNqt240+675ediIvcDNpiYEPXxQQ/d49NT6Zy3FPwCblhTN+0LVtaALVd8AR1/BYBHJjjxxm8QfDi5AWyZL0xWnPuqoASZrbIgPg8X/OxVTyEWfAX6DvVDZfOFEolwWmhkj/ngUEV47vQAvRQd00FhrUGm93W9LFU8ochn/8IfdQY51ZIjCnqW5/oL/mHRrjQ8V51UvDjbH5nYPeivvYvq2JOPaWw8mzSglVFa2c2FbKaakKGi+TfbI4CYNjMrkKBvuhFxmWtSXaYcz81KQre3BXMNKXwHVaYuIGm7x2TE0E07DqbrBGu9qetGuCQBsKLgUvKtEj4p/o01Q=="

Create a header containing the certificate

In order to verify your signature, you are required to send us a public certificate in a request header.

To do so:

  1. Strip the PEM certificate from its -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- tags.
  2. Remove all the line breaks.

Example

The result with our example certificate would be:

PSD2
TPP-Signature-Certificate: MIIDkDCCAnigAwIBAgIEWs3AJDANBgkqhkiG9w0BAQsFADCBiTELMAkGA1UEBhMCTkwxEDAOBgNVBAgMB1V0cmVjaHQxEDAOBgNVBAcMB1V0cmVjaHQxETAPBgNVBAoMCFJhYm9iYW5rMRwwGgYDVQQLDBNPbmxpbmUgVHJhbnNhY3Rpb25zMSUwIwYDVQQDDBxQU0QyIEFQSSBQSSBTZXJ2aWNlcyBTYW5kYm94MB4XDTE4MDQxMTA3NTgyOFoXDTIzMDQxMTA3NTgyOFowgYkxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MREwDwYDVQQKDAhSYWJvYmFuazEcMBoGA1UECwwTT25saW5lIFRyYW5zYWN0aW9uczElMCMGA1UEAwwcUFNEMiBBUEkgUEkgU2VydmljZXMgU2FuZGJveDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANoAjqGWUgCIm2F+0sBSEwLal+T3u+uldLikpxHCB8iL1GD7FrRjcA+MVsxhvHly7vRsHK+tQyMSaeK782RHpY33qxPLc8LmoQLb2EuiQxXj9POYkYBQ74qkrZnvKVlR3WoyQWeDOXnSY2wbNFfkP8ET4ElwyuIIEriwYhab0OIrnnrO8X82/SPZxHwEd3aQjQ6uhiw8paDspJbS5WjEfuwY16KVVUYlhbtAwGjvc6aK0NBm+LH9fMLpAE6gfGZNy0gzMDorVNbkQK1IoAGD8p9ZHdB0F3FwkILEjUiQW6nK+/fKDNJ0TBbpgZUpY8bR460qzxKdeZ1yPDqX2Cjh6fkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAYL4iD6noMJAt63kDED4RB2mII/lssvHhcxuDpOm3Ims9urubFWEpvV5TgIBAxy9PBinOdjhO1kGJJnYi7F1jv1qnZwTV1JhYbvxv3+vk0jaiu7Ew7G3ASlzruXyMhN6t6jk9MpaWGl5Uw1T+gNRUcWQRR44g3ahQRIS/UHkaV+vcpOa8j186/1X0ULHfbcVQk4LMmJeXqNs8sBAUdKU/c6ssvj8jfJ4SfrurcBhY5UBTOdQOXTPY85aU3iFloerx7Oi9EHewxInOrU5XzqqTz2AQPXezexVeAQxP27lzqCmYC7CFiam6QBr06VebkmnPLfs76n8CDc1cwE6gUl0rMA==
Premium
Signature-Certificate: MIIDkDCCAnigAwIBAgIEWs3AJDANBgkqhkiG9w0BAQsFADCBiTELMAkGA1UEBhMCTkwxEDAOBgNVBAgMB1V0cmVjaHQxEDAOBgNVBAcMB1V0cmVjaHQxETAPBgNVBAoMCFJhYm9iYW5rMRwwGgYDVQQLDBNPbmxpbmUgVHJhbnNhY3Rpb25zMSUwIwYDVQQDDBxQU0QyIEFQSSBQSSBTZXJ2aWNlcyBTYW5kYm94MB4XDTE4MDQxMTA3NTgyOFoXDTIzMDQxMTA3NTgyOFowgYkxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MREwDwYDVQQKDAhSYWJvYmFuazEcMBoGA1UECwwTT25saW5lIFRyYW5zYWN0aW9uczElMCMGA1UEAwwcUFNEMiBBUEkgUEkgU2VydmljZXMgU2FuZGJveDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANoAjqGWUgCIm2F+0sBSEwLal+T3u+uldLikpxHCB8iL1GD7FrRjcA+MVsxhvHly7vRsHK+tQyMSaeK782RHpY33qxPLc8LmoQLb2EuiQxXj9POYkYBQ74qkrZnvKVlR3WoyQWeDOXnSY2wbNFfkP8ET4ElwyuIIEriwYhab0OIrnnrO8X82/SPZxHwEd3aQjQ6uhiw8paDspJbS5WjEfuwY16KVVUYlhbtAwGjvc6aK0NBm+LH9fMLpAE6gfGZNy0gzMDorVNbkQK1IoAGD8p9ZHdB0F3FwkILEjUiQW6nK+/fKDNJ0TBbpgZUpY8bR460qzxKdeZ1yPDqX2Cjh6fkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAYL4iD6noMJAt63kDED4RB2mII/lssvHhcxuDpOm3Ims9urubFWEpvV5TgIBAxy9PBinOdjhO1kGJJnYi7F1jv1qnZwTV1JhYbvxv3+vk0jaiu7Ew7G3ASlzruXyMhN6t6jk9MpaWGl5Uw1T+gNRUcWQRR44g3ahQRIS/UHkaV+vcpOa8j186/1X0ULHfbcVQk4LMmJeXqNs8sBAUdKU/c6ssvj8jfJ4SfrurcBhY5UBTOdQOXTPY85aU3iFloerx7Oi9EHewxInOrU5XzqqTz2AQPXezexVeAQxP27lzqCmYC7CFiam6QBr06VebkmnPLfs76n8CDc1cwE6gUl0rMA==

More information on signatures

See:

<https://tools.ietf.org/html/draft-cavage-http-signatures-10> <https://tools.ietf.org/html/rfc3230>