Guides

Error codes

This page explains the error codes that can be returned by the API.

Error codes, their meaning and how to resolve them

OAuth2.0 / Authorisation Services

400 Bad request

  • invalid_grant - Invalid, expired, or already used authorisation code sent.

    Resolution

    To solve this issue:

    • Pass the correct authorisation code within the expiration time of 5 minutes.
    • Use an authorisation code one time only, do not call the token endpoint multiple times with the same authorisation code.
    👍

    We recommend you to add a slight delay of 1000 milliseconds before calling this endpoint. This delay ensures the authorisation codes are synchronised across our servers.

  • invalid_request - No grant_type or wrong grant_type provided.

    Resolution

    To solve this issue:

    • Pass the correct value in the ‘grant_type’ parameter.
      • To request an authorization code the ‘grant_type’ should be ‘authorization_code’
      • To request a refresh token the ‘grant_type’ should be ‘refresh_token’.

401 Unauthorized

  • invalid_grant - Invalid refresh token used.

    Resolution

    To solve this issue:

    • Pass a valid refresh token.
      👍

      A refresh token can only be used once and has an expiry, check the validity before making a request.

OAuth Error

  • invalid_request – invalid redirect_uri - Redirect URL provided in the request does not match the redirect URL provided in the application.

    Resolution

    To solve this issue:

    • Make sure that the redirect URL present in the request matches the redirect URL in your application.

General

400 Bad request

  • Format error, The value for 'Date' is not a valid 'LocalDateTime' - Invalid date formatting.

    Resolution

    To solve this issue:

    • Make sure the date is in the correct RFC format: Tue, 18 Sep 2018 09:51:01 GMT

401 Unauthorized

  • This server could not verify that you are authorized to access the URL - Expired or invalid access token used.

    Resolution

    To solve this issue:

    • Check the expiry time associated with the access token. Keep in mind that an access token is only valid for a limited time, If the access token has expired you should use the refresh token to get a new access token.

    If you are unable to get a new access token using the refresh token, the it may be that the consent of the user has expired or revoked by the user. This can be validated through the Consent Details Service API.

    If this is the case, you must renew the consent flow.

  • Not registered to plan - Trying to access an unsubscribed API.

    Resolution

    To solve this issue:

    • Make sure you are subscribed to the correct API.

  • Client ID or secret missing or invalid - Client ID in the token and client ID in the request that do not match.

    Resolution

    To solve this issue:

    • Make sure that both the client ID in the token and the client ID in your request match the client ID of your application.

  • The CA was not found in the trust - Certificate not found in trust store.

    Resolution

    To solve this issue:

    • Contact Rabobank Developer Support.

  • Invalid client certificate is provided - Certificate mismatch between app and request.

    Resolution

    To solve this issue:

    • Use the same mTLS certificate as configured in the application.

  • Application is not registered with mutual TLS - No mTLS certificate is connected to the app or the client ID does not exist.

    Resolution

    To solve this issue:

    • Go to the Dashboard and link a certificate to your app OR make sure you are using the correct client ID.

  • Client id in wrong location - header X-IBM-Client-Id has no content.

    Resolution

    To solve this issue:

    • Add the client ID to the X-IBM-Client-Id header.

403 Forbidden

  • Forbidden - No valid consent available or Required permission not found.

    Resolution

    To solve this issue:

    • Check the status of the consent. You can do this using the Consent Detail Service API.
      • If the status of the consent is valid, check if the scope of the API you are calling is present in the consent as well as the account number.
      • If the status of the consent is expired then the consent is indeed inactive and a new consent needs to be signed by the user.

404 Not Found

  • Not Found - The URL that you are looking for does not exist or You are requesting the status of a transaction too fast after posting it or A timeout occured between one or multiple applications.

    Resolution

    To solve this issue:

    • Check the URL for any errors or typos.
    • Build in at least a few miliseconds delay between a POST request and the subsequent GET request.
    • Try the request again later.

    If the issue still persists, contact Rabobank Developer Support.

404 Method not allowed

  • Method not allowed - Trying to make a POST request to endpoint that only accepts GET requests and vice versa.

    Resolution

    To solve this issue:

    • Double check that you are making the correct type of request. Most endpoints support only one specific type of request.

429 Access_Exceeded

  • Rate limit exceeded - Maximum number of calls exceeded.

    Resolution

    To solve this issue:

    • Make sure to stay within API rate limits.

500 Internal Server Error

  • Internal Server Error - Something went wrong on a network level. Either on our side, your side, or somewhere in between.

    Resolution

    To solve this issue:

    • Try the request again at a later time, if the issue persists contact Rabobank Developer Support.

503 Service Unavailable

Service Unavailable - One or more Rabobank services unavailable.

Resolution

To solve this issue:

  • Try the request again at a later time, if the issue persists contact Rabobank Developer Support.