Bulk

A guide for developers to try code examples and test Rabobank’s Business Payment Initiation APIs.

📘

The Rabobank Sandbox uses stubs.

  • End‑to‑end flows cannot be tested—only simulated responses.
  • Certificates are not validated against requirements.

Authentication in Sandbox

We provide a key and certificate for mTLS authentication and request signing:

mTLS

Signing

Base URL

All sandbox API endpoints start with:

https://api-sandbox.rabobank.nl/openapi/sandbox/payments

Available Endpoints

Payment Initiation

Bulk payment initation: POST /bulk/credit-transfers

Bulk STP payment initiation: POST /bulk-stp/credit-transfers

Payment Status

Status retrieval bulk payment: GET /bulk/credit-transfers/{paymentId}/status

Status retrieval bulk STP payment: GET /bulk-stp/credit-transfers/{paymentId}/status

Example requests and responses

Initiate a bulk payment

Endpoints:

POST https://api-sandbox.rabobank.nl/openapi/sandbox/payments/bulk/credit-transfers

POST https://api-sandbox.rabobank.nl/openapi/sandbox/payments/bulk-stp/credit-transfers

Request

X-Request-ID: d65d4172-03fe-41f7-afd5-6f4ae50f73c4
PSU-IP-Address: 102.81.214.149
Digest: sha-512=j36brqM2uQlpXw7CvhiTiefid4MV9hWTJ8iD9L8XF3CoOG6pp5dhZOAybZOdXvildAfX0yzvlcTzeJc/MK3Xhg==
Signature: keyId="474941545142452678797059264714336600071935444114",algorithm="rsa-sha512",headers="date digest x-request-id",signature="NDNE0WFictyXYHSeBOGhDZl0MKfmUhoozi2DdwgjwfeBLh7VdV8uip2ydf52ZHXXcdojHSeCQ77EL1MW8xr9LeKE0ESFvoX1VVNb07MUaMa9+H4X0epV9oeDCO2pyLUGj1JMs0G1uwGnxGBpFwBZdeX903IbgquTk99Yo7BzK54yxwWsLVQ7FMrXTNwL2jOv3b5LdQemLuqfBnXPYF8OkAXzaGl37LyGJz5rewCQICJrngaiDb8fHOGzMTf7JdG94AtJTk8BeRb0lzRlEBKbIJhPCLi9Va1KGHWRPMSdcfDRpaxgdEK2rWl9AMqkjY/d3Nx8pI+IRDD4SLIAVNLCKQ=="
Signature-Certificate: MIID9DCCAtygAwIBAgIUUzEdjjbjLOePU7NeZfai6bv9RJIwDQYJKoZIhvcNAQELBQAweDEyMDAGA1UEAwwpUmFib2JhbmsgZGV2ZWxvcGVyIHBvcnRhbCBTYW5kYm94IHRlc3RpbmcxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MREwDwYDVQQKDAhSYWJvYmFuazAgFw0yNTExMTIxNTQ3MzRaGA8yMTAwMTAyNTE1NDczNFoweDEyMDAGA1UEAwwpUmFib2JhbmsgZGV2ZWxvcGVyIHBvcnRhbCBTYW5kYm94IHRlc3RpbmcxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MREwDwYDVQQKDAhSYWJvYmFuazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALGoQqBxfADuEAHs/k1UoKkqn1XrK3ocV/rItsnCU3ynW9gahC8Ggj4UtcjNcXh8fBieV+6oeFcMRXofY6PiS6IM3YxofwMUM0JqTC/JZcoVhnEButAbg+DVJJfR7jxEDFUR2LL2RTLHYugtJdbg92kuUy7bXjayj6/Ef2R3s+cI7rHiI7oAftce61k4sVmQxGtxAVt+jrSB8eX/hVqdzfNb1MSzRbfII56rLgeaSbWm7gkYcJimyWjPuabqxY0cIvwkum5BRJ87x+QRdxzJuXYuwZsUMaY4ETYiiwUv7Q2vOZ066a6zBs++JSdgCUypvqm9YvRn3vCxB3+me+jvhdUCAwEAAaN0MHIwHQYDVR0OBBYEFHr3mI71/GxAJ/nDhNTZL+XEX6cZMB8GA1UdIwQYMBaAFHr3mI71/GxAJ/nDhNTZL+XEX6cZMA4GA1UdDwEB/wQEAwIFoDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAEZod53U0IhIQZSVo4mVSn/bWT53uaeAcSwtRi+hyb8K2nDmT8wWdb6xewghd6EXIpWwetG8+odqvCaatdwPa4XjxE9XEecZC+EAYucY7joEk+maDjgJdgNNCwmWGQvOi9Fav9o2bbSGC3Y615K34aMmSNfuCGJHTw88RciLhPUdLMQF3gUTcQjlRcmE0oBZilZ0BF8Q1BIaJiFZZ7nNb4FGYB3ouySsmz/aPTz+VENZp2geCGjxW+SUIVpKiWA6NN2iJkp4Zywe39FxCca0Fw+QHl0vuMhh5fxyFA3eJLZREsZdgqwXnvIwNIM6/Yd1lxUIEyHL1J/m/vcJv/X0ZY4=
Date: Fri, 30 Jul 2021 10:30:00 GMT
Content-Type: multipart/form-data; boundary=WebKitFormBoundaryOEFsgWLJCyxInJHO
Accept: application/xml
Body: --WebKitFormBoundaryOEFsgWLJCyxInJHO\r\n
Content-Disposition: form-data; name="xml_sct"; filename="SampleFile.xml"\r\n
Content-Type: application/xml\r\n
\r\n
<-content of SampleFile.xml->\r\n
--WebKitFormBoundaryOEFsgWLJCyxInJHO--\r\n

Response

<?xml version="1.0" encoding="UTF-8"?>
<InitiatedTransactionResponse>
    <_links>
        <status>
            <href>/payments/bulk/credit-transfers/123e4567-e89b-42d3-a456-556642444321/status</href>
        </status>
    </_links>
    <paymentId>123e4567-e89b-42d3-a456-556642444321</paymentId>
    <transactionStatus>RCVD</transactionStatus>
</InitiatedTransactionResponse>

Retrieve Bulk Payment Status

Endpoints:

  • GET https://api-sandbox.rabobank.nl/openapi/sandbox/payments/bulk/credit-transfers/123e4567-e89b-42d3-a456-556642444321/status
  • GET https://api-sandbox.rabobank.nl/openapi/sandbox/payments/bulk-stp/credit-transfers/123e4567-e89b-42d3-a456-556642444321/status

Request

X-Request-ID: d65d4172-03fe-41f7-afd5-6f4ae50f73c4
Digest: sha-512=z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==
Signature: keyId="474941545142452678797059264714336600071935444114",algorithm="rsa-sha512",headers="date digest x-request-id",signature="jMwa3CLiFNLurpmODUIsEIlNNNzzufPuFiL1QZx5attDRASwu7fEljPvCVHAL/8ANVoogCK0xCG3pAsU99b+ZlcimHhtHHVcGMJ3yTunOBJMp/5HTmFu7o4/C3S9zThkbPCgJXvoOxerQBRsY+LdZElbOkipwFljglHqUN/hfJTh+PZBum/7bBiJm+WeOlwT5wfMda0jB/VWsTkHqmA1lcYMQzWhIeI5hz6AFT1BY1ONNgGBUVX5JyQLbM40rVb1FDB/DAY+9w8yGEOxLl3lqXtM7sBP+xtvRECk7jm8u6iUPkk1pTHbHHI2Jjq3SRb/B2GDqUb+tgSfPndLUsXzcg=="
Signature-Certificate: MIID9DCCAtygAwIBAgIUUzEdjjbjLOePU7NeZfai6bv9RJIwDQYJKoZIhvcNAQELBQAweDEyMDAGA1UEAwwpUmFib2JhbmsgZGV2ZWxvcGVyIHBvcnRhbCBTYW5kYm94IHRlc3RpbmcxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MREwDwYDVQQKDAhSYWJvYmFuazAgFw0yNTExMTIxNTQ3MzRaGA8yMTAwMTAyNTE1NDczNFoweDEyMDAGA1UEAwwpUmFib2JhbmsgZGV2ZWxvcGVyIHBvcnRhbCBTYW5kYm94IHRlc3RpbmcxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MREwDwYDVQQKDAhSYWJvYmFuazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALGoQqBxfADuEAHs/k1UoKkqn1XrK3ocV/rItsnCU3ynW9gahC8Ggj4UtcjNcXh8fBieV+6oeFcMRXofY6PiS6IM3YxofwMUM0JqTC/JZcoVhnEButAbg+DVJJfR7jxEDFUR2LL2RTLHYugtJdbg92kuUy7bXjayj6/Ef2R3s+cI7rHiI7oAftce61k4sVmQxGtxAVt+jrSB8eX/hVqdzfNb1MSzRbfII56rLgeaSbWm7gkYcJimyWjPuabqxY0cIvwkum5BRJ87x+QRdxzJuXYuwZsUMaY4ETYiiwUv7Q2vOZ066a6zBs++JSdgCUypvqm9YvRn3vCxB3+me+jvhdUCAwEAAaN0MHIwHQYDVR0OBBYEFHr3mI71/GxAJ/nDhNTZL+XEX6cZMB8GA1UdIwQYMBaAFHr3mI71/GxAJ/nDhNTZL+XEX6cZMA4GA1UdDwEB/wQEAwIFoDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAEZod53U0IhIQZSVo4mVSn/bWT53uaeAcSwtRi+hyb8K2nDmT8wWdb6xewghd6EXIpWwetG8+odqvCaatdwPa4XjxE9XEecZC+EAYucY7joEk+maDjgJdgNNCwmWGQvOi9Fav9o2bbSGC3Y615K34aMmSNfuCGJHTw88RciLhPUdLMQF3gUTcQjlRcmE0oBZilZ0BF8Q1BIaJiFZZ7nNb4FGYB3ouySsmz/aPTz+VENZp2geCGjxW+SUIVpKiWA6NN2iJkp4Zywe39FxCca0Fw+QHl0vuMhh5fxyFA3eJLZREsZdgqwXnvIwNIM6/Yd1lxUIEyHL1J/m/vcJv/X0ZY4=
Date: Fri, 30 Jul 2021 10:30:00 GMT
Accept: application/xml
Body:

Response

<?xml version="1.0" encoding="UTF-8"?>
<transactionStatus>RCVD</transactionStatus>

Test Scenarios

We offer predefined scenarios to test happy flows, errors, and edge cases.

POST /credit-transfers Scenario's

Request Scenario                            Response                               Remark                                                                      
Valid Request with valid PAIN001 xml file   201 CREATED                            multipart/form-data with payload variable name as xml_sct                   
Send Request with required header missing   400 BAD REQUEST                        Make a request without a header such as PSU-IP-Address                      
Large PAIN001 xml file                      400 BAD REQUEST                        Make a request with PAIN001 xml file larger than 64MB and valid digest      
PAIN001 xml file is missing *               400 BAD REQUEST                        Make a request without the PAIN001 xml file                                 
PAIN001 xml file is empty *                 400 BAD REQUEST                        Make a request with and empty PAIN001 xml file                              
Send Request with invalid signature         401 Unauthorised - Invalid Signature   Make a request with an invalid signature                                    
Send Request with invalid certificate       401 Unauthorised - Invalid Certificate Make a request with an invalid certificate                                  
Send Request with invalid digest            401 Unauthorised - Invalid digest      Make a request with an invalid digest                                       
If there is no consent for the used accounts401 Unauthorised - No permissions foundMake a request with an account that has no permissions for this product type
Server issue with the account consent       500 Internal server error              Internal Server Error, Permissions for this product type cannot be accessed 
Use PUT instead of POST method              405 Method Not Allowed                 Use an incorrect HTTP method when making the request                        

Note: These codes are for Sandbox only.

    *) For these test scenario's use the following values for the Digest and Signature header:

Scenario                         Digest + Signature                  
400 Bad Request, PAIN001 missing
  • digest: sha-512=5M97vlronVu+1jz6CIVqWr1ESjsnqffi94KAIv+gMj/ORJezFZAhU8T3wNhB5iP58TFttF/JD3x0sra/bEw09w==
  • signature: keyId="474941545142452678797059264714336600071935444114",algorithm="rsa-sha512",headers="date digest x-request-id",signature="j1Z/ZRuQAxo6Y1ZeYjxk0//C7rAHR1wfO6QT37kcLJty/G4sNfFOgqbseVwUBkn9phYZRqW2MHl1KeJFcDCI+14M2rfSDTR9Ccss233sj0Y6UUhAxTELBMG6AN2PRKpfT6sp/JGaXYfgpJnHN5dOG4+tPDgTZuyGypCOxa5qbi4M4znTGClLAHxC/CnPUXLx+xCj645imfabFht1xa+lS2FBpIZ6JPelv/cF1zSyIqBpSwB9xz8HgNO95VtTnFmhKW6v2CZr+P1ptoXi7GP0cZxs7YdZ1CFkehVaQdk5oSmjmBBvMY4aDDaw6W2FczWdzPtXZNtRs/PM1i66zgxTaw=="
 
400 Bad Request, PAIN001 empty  
  • digest: sha-512=5lKRU9FPGFN0tUYBL2YekGApQEwIbaLVesrtP8vm5MapnraP/NWv9LxjyLJpFb2LzqrCimDnmX58Y8//QjLI0Q==
  • signature: keyId="474941545142452678797059264714336600071935444114",algorithm="rsa-sha512",headers="date digest x-request-id",signature="b1Rzk1q5JUYXcEd3/J8v+xWssnQ77/TsHQvRpVeT7SQwgGWQYCR3LBuspFtbZuvOvIRmeYPCvFEEkW892Vydsu9/ovd5ETgUKOnvodyUi3BR1Qc0mYQfpE8Z9QZnLxQCFAMntCvIm4W8Wyfe/Dyha5xg6DfoJHbqJ6OY2uEl0RyCijRizRnQg+GyGtv/fQ3acZkIGe+8p9ksWjqMZ+4LWfN6SHLO7u2sm1lPHw3jF3LKbSY49ZSdGUwp9fs5mW6OLv1SCR3lv6C0kDH7oD3byTR5O+7rExAw0/KcXijcm7tRntRnVVmNyFQJ+Abd6MacNnibKxZKlPtyVne5zvwWSw=="
 

GET /status Scenario's

Some scenarios, as mentioned below, require specific paymentId(s) in the URL.

Response       Scenario                  Payment-id                            Remark                                                                                                                          
PAIN002 file   200 OK                    123e4567-e89b-42d3-a456-556642440001  All statuses are returned as a part of a PAIN002 file after the payment is processed.                                          
RCVD           200 OK                    123e4567-e89b-42d3-a456-556642440007  This is an initial status indicating that a payment initiation is received but not yet processed by Rabobank's order manager.  
RJCT           200 OK                    123e4567-e89b-42d3-a456-556642440008  The payment initiation is rejected                                                                                             
                503 Service Unavailable   123e4567-e89b-42d3-a456-556642444324  Resource Unknown. Internal Server Error. An error occurred during the processing of the request.                               
                404 NOT_FOUND             123e4567-e89b-42d3-a456-556642440005  Payment Id not found                                                                                                           
                400 BAD REQUEST          <any paymentId>                       The request contains invalid or missing data. For example the X-RequestId is missing in the header.                            
                401 Unauthorised          <any paymentId>                       Make a request with an invalid digest or signature or certificate