Product Overview
Business Credit Card Insight will be Rabobank's new Embedded Service to provide real‑time access to credit card data for business customers. It will become available to Third Party Providers and for Direct Connectors (Rabobank customers).
This API allows you or your clients (with Rabobank business payment accounts) to receive credit card information, such as credit card details, actual balances and transaction details through your application.
Provides a list of all of the organization's credit cards with basic details per card, as well the option to retreive further details for a specific credit card.
Provides actual balance information for a specific credit card, such as the outstanding balance, reservations balance and spending Limit.
Provides transaction information for a specific credit card, for a maximum period of 15 months in the past.
Prerequisites
To ensure a smooth start with the Business Credit Card Insight API, your business should meet the following conditions:
- High degree of automation.
- Professional IT environment and good infrastructure.
- Permanently available security expertise to use Accounts & Payments APIs and safeguarding its security.
- An EV SSL certificate for transport .
- An EV SSL signing certificate for signing messages.
- An active Rabobank business account.
Connect with Business Credit Card Insight API
The API can be used in two ways, depending on your use case.
The options below explain each approach:
- If you execute API requests from your own account, then you are a Direct Connector (DC).
- If you execute API requests on behalf of your customers (Rabo account holders), then you are a Third Party (TP).
If you decide to use both options of this API (Direct Connector AND Third Party), you must create separate Apps. One app with a subscription on the DC product and the other app with a subscription on the TP product.
More information: Rabo Banking Link manual for third parties, Rabo Banking Link manual for direct connectors
Authentication & Authorization
The APIs use token-based authentication, which consists of 2 things:
- Consent granted by the account holder.
Consent will have to be set by the business customer prior to authentication. A single consent per payment account covers all current and future credit cards linked to that account. This concerns the payment account which is used for monthly billing of the credit card costs.
- Access token, with the integrated consent.
To set this up use the Authorization Services API.
With the /authorize endpoint the account holder is requested to give consent for a certain API (scope). After consent, an authorization code is returned. This authorization code should be used in the /token call to retrieve an access token. This access token is a Bearer token that you use in the Authorization header of each request.
Read more Oauth PSD2 and Premium.
Relevant scope for oauth2 access code flow
| Scope name | Description |
|---|---|
| bcci.cardsinformation.read | Allow read from Business Credit Card Insight services |
Make sure that you use the Authorization and Token URL as provided by the Authorization Services.
Rate Limiting
Rate limiting specifications are to be determined.
Looking for your feedback!
We want to know your thoughts on this new product. Contact us to share your feedback!
Updated 1 day ago