Bulk
A guide for developers to try code examples and test Rabobank’s Business Payment Initiation APIs.
The Rabobank Sandbox uses stubs.
- End‑to‑end flows cannot be tested—only simulated responses.
- Certificates are not validated against requirements.
Authentication in Sandbox
We provide a key and certificate for mTLS authentication and request signing:
mTLS
Signing
Base URL
All sandbox API endpoints start with:
https://api-sandbox.rabobank.nl/openapi/sandbox/payments
Available Endpoints
Payment Initiation
Bulk payment initation: POST /bulk/credit-transfers
Bulk STP payment initiation: POST /bulk-stp/credit-transfers
Payment Status
Status retrieval bulk payment: GET /bulk/credit-transfers/{paymentId}/status
Status retrieval bulk STP payment: GET /bulk-stp/credit-transfers/{paymentId}/status
Example requests and responses
Initiate a bulk payment
Endpoints:
POST https://api-sandbox.rabobank.nl/openapi/sandbox/payments/bulk/credit-transfers
POST https://api-sandbox.rabobank.nl/openapi/sandbox/payments/bulk-stp/credit-transfers
Request
X-Request-ID: d65d4172-03fe-41f7-afd5-6f4ae50f73c4
PSU-IP-Address: 102.81.214.149
Digest: sha-512=j36brqM2uQlpXw7CvhiTiefid4MV9hWTJ8iD9L8XF3CoOG6pp5dhZOAybZOdXvildAfX0yzvlcTzeJc/MK3Xhg==
Signature: keyId="474941545142452678797059264714336600071935444114",algorithm="rsa-sha512",headers="date digest x-request-id",signature="NDNE0WFictyXYHSeBOGhDZl0MKfmUhoozi2DdwgjwfeBLh7VdV8uip2ydf52ZHXXcdojHSeCQ77EL1MW8xr9LeKE0ESFvoX1VVNb07MUaMa9+H4X0epV9oeDCO2pyLUGj1JMs0G1uwGnxGBpFwBZdeX903IbgquTk99Yo7BzK54yxwWsLVQ7FMrXTNwL2jOv3b5LdQemLuqfBnXPYF8OkAXzaGl37LyGJz5rewCQICJrngaiDb8fHOGzMTf7JdG94AtJTk8BeRb0lzRlEBKbIJhPCLi9Va1KGHWRPMSdcfDRpaxgdEK2rWl9AMqkjY/d3Nx8pI+IRDD4SLIAVNLCKQ=="
Signature-Certificate: MIID9DCCAtygAwIBAgIUUzEdjjbjLOePU7NeZfai6bv9RJIwDQYJKoZIhvcNAQELBQAweDEyMDAGA1UEAwwpUmFib2JhbmsgZGV2ZWxvcGVyIHBvcnRhbCBTYW5kYm94IHRlc3RpbmcxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MREwDwYDVQQKDAhSYWJvYmFuazAgFw0yNTExMTIxNTQ3MzRaGA8yMTAwMTAyNTE1NDczNFoweDEyMDAGA1UEAwwpUmFib2JhbmsgZGV2ZWxvcGVyIHBvcnRhbCBTYW5kYm94IHRlc3RpbmcxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MREwDwYDVQQKDAhSYWJvYmFuazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALGoQqBxfADuEAHs/k1UoKkqn1XrK3ocV/rItsnCU3ynW9gahC8Ggj4UtcjNcXh8fBieV+6oeFcMRXofY6PiS6IM3YxofwMUM0JqTC/JZcoVhnEButAbg+DVJJfR7jxEDFUR2LL2RTLHYugtJdbg92kuUy7bXjayj6/Ef2R3s+cI7rHiI7oAftce61k4sVmQxGtxAVt+jrSB8eX/hVqdzfNb1MSzRbfII56rLgeaSbWm7gkYcJimyWjPuabqxY0cIvwkum5BRJ87x+QRdxzJuXYuwZsUMaY4ETYiiwUv7Q2vOZ066a6zBs++JSdgCUypvqm9YvRn3vCxB3+me+jvhdUCAwEAAaN0MHIwHQYDVR0OBBYEFHr3mI71/GxAJ/nDhNTZL+XEX6cZMB8GA1UdIwQYMBaAFHr3mI71/GxAJ/nDhNTZL+XEX6cZMA4GA1UdDwEB/wQEAwIFoDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAEZod53U0IhIQZSVo4mVSn/bWT53uaeAcSwtRi+hyb8K2nDmT8wWdb6xewghd6EXIpWwetG8+odqvCaatdwPa4XjxE9XEecZC+EAYucY7joEk+maDjgJdgNNCwmWGQvOi9Fav9o2bbSGC3Y615K34aMmSNfuCGJHTw88RciLhPUdLMQF3gUTcQjlRcmE0oBZilZ0BF8Q1BIaJiFZZ7nNb4FGYB3ouySsmz/aPTz+VENZp2geCGjxW+SUIVpKiWA6NN2iJkp4Zywe39FxCca0Fw+QHl0vuMhh5fxyFA3eJLZREsZdgqwXnvIwNIM6/Yd1lxUIEyHL1J/m/vcJv/X0ZY4=
Date: Fri, 30 Jul 2021 10:30:00 GMT
Content-Type: multipart/form-data; boundary=WebKitFormBoundaryOEFsgWLJCyxInJHO
Accept: application/xml
Body: --WebKitFormBoundaryOEFsgWLJCyxInJHO\r\n
Content-Disposition: form-data; name="xml_sct"; filename="SampleFile.xml"\r\n
Content-Type: application/xml\r\n
\r\n
<-content of SampleFile.xml->\r\n
--WebKitFormBoundaryOEFsgWLJCyxInJHO--\r\nResponse
<?xml version="1.0" encoding="UTF-8"?>
<InitiatedTransactionResponse>
<_links>
<status>
<href>/payments/bulk/credit-transfers/123e4567-e89b-42d3-a456-556642444321/status</href>
</status>
</_links>
<paymentId>123e4567-e89b-42d3-a456-556642444321</paymentId>
<transactionStatus>RCVD</transactionStatus>
</InitiatedTransactionResponse>Retrieve Bulk Payment Status
Endpoints:
GET https://api-sandbox.rabobank.nl/openapi/sandbox/payments/bulk/credit-transfers/123e4567-e89b-42d3-a456-556642444321/statusGET https://api-sandbox.rabobank.nl/openapi/sandbox/payments/bulk-stp/credit-transfers/123e4567-e89b-42d3-a456-556642444321/status
Request
X-Request-ID: d65d4172-03fe-41f7-afd5-6f4ae50f73c4
Digest: sha-512=z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==
Signature: keyId="474941545142452678797059264714336600071935444114",algorithm="rsa-sha512",headers="date digest x-request-id",signature="jMwa3CLiFNLurpmODUIsEIlNNNzzufPuFiL1QZx5attDRASwu7fEljPvCVHAL/8ANVoogCK0xCG3pAsU99b+ZlcimHhtHHVcGMJ3yTunOBJMp/5HTmFu7o4/C3S9zThkbPCgJXvoOxerQBRsY+LdZElbOkipwFljglHqUN/hfJTh+PZBum/7bBiJm+WeOlwT5wfMda0jB/VWsTkHqmA1lcYMQzWhIeI5hz6AFT1BY1ONNgGBUVX5JyQLbM40rVb1FDB/DAY+9w8yGEOxLl3lqXtM7sBP+xtvRECk7jm8u6iUPkk1pTHbHHI2Jjq3SRb/B2GDqUb+tgSfPndLUsXzcg=="
Signature-Certificate: MIID9DCCAtygAwIBAgIUUzEdjjbjLOePU7NeZfai6bv9RJIwDQYJKoZIhvcNAQELBQAweDEyMDAGA1UEAwwpUmFib2JhbmsgZGV2ZWxvcGVyIHBvcnRhbCBTYW5kYm94IHRlc3RpbmcxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MREwDwYDVQQKDAhSYWJvYmFuazAgFw0yNTExMTIxNTQ3MzRaGA8yMTAwMTAyNTE1NDczNFoweDEyMDAGA1UEAwwpUmFib2JhbmsgZGV2ZWxvcGVyIHBvcnRhbCBTYW5kYm94IHRlc3RpbmcxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MREwDwYDVQQKDAhSYWJvYmFuazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALGoQqBxfADuEAHs/k1UoKkqn1XrK3ocV/rItsnCU3ynW9gahC8Ggj4UtcjNcXh8fBieV+6oeFcMRXofY6PiS6IM3YxofwMUM0JqTC/JZcoVhnEButAbg+DVJJfR7jxEDFUR2LL2RTLHYugtJdbg92kuUy7bXjayj6/Ef2R3s+cI7rHiI7oAftce61k4sVmQxGtxAVt+jrSB8eX/hVqdzfNb1MSzRbfII56rLgeaSbWm7gkYcJimyWjPuabqxY0cIvwkum5BRJ87x+QRdxzJuXYuwZsUMaY4ETYiiwUv7Q2vOZ066a6zBs++JSdgCUypvqm9YvRn3vCxB3+me+jvhdUCAwEAAaN0MHIwHQYDVR0OBBYEFHr3mI71/GxAJ/nDhNTZL+XEX6cZMB8GA1UdIwQYMBaAFHr3mI71/GxAJ/nDhNTZL+XEX6cZMA4GA1UdDwEB/wQEAwIFoDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAEZod53U0IhIQZSVo4mVSn/bWT53uaeAcSwtRi+hyb8K2nDmT8wWdb6xewghd6EXIpWwetG8+odqvCaatdwPa4XjxE9XEecZC+EAYucY7joEk+maDjgJdgNNCwmWGQvOi9Fav9o2bbSGC3Y615K34aMmSNfuCGJHTw88RciLhPUdLMQF3gUTcQjlRcmE0oBZilZ0BF8Q1BIaJiFZZ7nNb4FGYB3ouySsmz/aPTz+VENZp2geCGjxW+SUIVpKiWA6NN2iJkp4Zywe39FxCca0Fw+QHl0vuMhh5fxyFA3eJLZREsZdgqwXnvIwNIM6/Yd1lxUIEyHL1J/m/vcJv/X0ZY4=
Date: Fri, 30 Jul 2021 10:30:00 GMT
Accept: application/xml
Body:Response
<?xml version="1.0" encoding="UTF-8"?>
<transactionStatus>RCVD</transactionStatus>Test Scenarios
We offer predefined scenarios to test happy flows, errors, and edge cases.
POST /credit-transfers Scenario's
| Request Scenario | Response | Remark |
|---|---|---|
| Valid Request with valid PAIN001 xml file | 201 CREATED | multipart/form-data with payload variable name as xml_sct |
| Send Request with required header missing | 400 BAD REQUEST | Make a request without a header such as PSU-IP-Address |
| Large PAIN001 xml file | 400 BAD REQUEST | Make a request with PAIN001 xml file larger than 64MB and valid digest |
| PAIN001 xml file is missing * | 400 BAD REQUEST | Make a request without the PAIN001 xml file |
| PAIN001 xml file is empty * | 400 BAD REQUEST | Make a request with and empty PAIN001 xml file |
| Send Request with invalid signature | 401 Unauthorised - Invalid Signature | Make a request with an invalid signature |
| Send Request with invalid certificate | 401 Unauthorised - Invalid Certificate | Make a request with an invalid certificate |
| Send Request with invalid digest | 401 Unauthorised - Invalid digest | Make a request with an invalid digest |
| If there is no consent for the used accounts | 401 Unauthorised - No permissions found | Make a request with an account that has no permissions for this product type |
| Server issue with the account consent | 500 Internal server error | Internal Server Error, Permissions for this product type cannot be accessed |
| Use PUT instead of POST method | 405 Method Not Allowed | Use an incorrect HTTP method when making the request |
Note: These codes are for Sandbox only.
*) For these test scenario's use the following values for the Digest and Signature header:
| Scenario | Digest + Signature |
|---|---|
| 400 Bad Request, PAIN001 missing |
|
| 400 Bad Request, PAIN001 empty |
|
GET /status Scenario's
Some scenarios, as mentioned below, require specific paymentId(s) in the URL.
| Response | Scenario | Payment-id | Remark |
|---|---|---|---|
| PAIN002 file | 200 OK | 123e4567-e89b-42d3-a456-556642440001 | All statuses are returned as a part of a PAIN002 file after the payment is processed. |
| RCVD | 200 OK | 123e4567-e89b-42d3-a456-556642440007 | This is an initial status indicating that a payment initiation is received but not yet processed by Rabobank's order manager. |
| RJCT | 200 OK | 123e4567-e89b-42d3-a456-556642440008 | The payment initiation is rejected |
| 503 Service Unavailable | 123e4567-e89b-42d3-a456-556642444324 | Resource Unknown. Internal Server Error. An error occurred during the processing of the request. | |
| 404 NOT_FOUND | 123e4567-e89b-42d3-a456-556642440005 | Payment Id not found | |
| 400 BAD REQUEST | <any paymentId> | The request contains invalid or missing data. For example the X-RequestId is missing in the header. | |
| 401 Unauthorised | <any paymentId> | Make a request with an invalid digest or signature or certificate |
