Product Overview

With the Business Direct Debit API, you can initiate Bulk Direct Debit files directly or on behalf of your users with a Rabobank business payment account and retrieve the status of an initiated file.

Business Direct Debit (BDD) is a part of Rabo BoekhoudKoppeling and Rabo Banking Link and supports all third parties and direct customers. This API allows you or your clients (with a Rabobank business account) to process bulk direct debits through your application.

Using BDD, you can optimize the customer journey in your web service.

We offer two variations of the BDD API:

  • Business Direct Debit:
    • With signing for the Rabobank creditor in Rabo Business Banking
  • Business Direct Debit – STP:
    • Straight Through Processing (STP), without signing for the Rabobank creditor
    • Only available for Direct Connectors

To know more read the manual that connects to your use case:

Prerequisites

To ensure a smooth start with the Business Direct Debit API, your business should meet the following conditions:

  • High degree of automation.
  • Professional IT environment and good infrastructure.
  • Permanently available security expertise to use Accounts & Payments APIs and safeguarding its security.
  • An EV SSL certificate for transport .
  • An EV SSL signing certificate for signing messages.
  • An active Rabobank business account.

How to connect with the Business Direct Debit API

📘

The API can be used in two ways, depending on your use case.

The options below explain each approach:

  • If you execute API requests from your own account, then you are a Direct Connector (DC).
  • If you execute API requests on behalf of your customers (Rabo account holders), then you are a Third Party (TP).

If you decide to use both options of this API (Direct Connector AND Third Party), you must create separate Apps. One app with a subscription on the DC product and the other app with a subscription on the TP product.

More information: Rabo Banking Link manual for third parties, Rabo Banking Link manual for direct connectors

Business Direct Debit:

  • Subscribe your application to Business Direct Debit.
  • Use the OAuth scope: bdd.payments.write.

Business Direct Debit – STP

  • Subscribe your application to Business Direct Debit – STP.
  • Use the OAuth scope: bdd.stp-directdebit.read-write.
📘

Direct Debit file limits

Direct Debit files containing multiple batches can be sent to the bank using BDD or BDD-STP, with a maximum of 3,000 batches per file. To ensure smooth processing, do not exceed 25,000 direct debit orders in a one direct debit file. Larger files—up to 100,000 direct debit orders—can be processed if compressed using Gzip.

Authentication & Authorization

The APIs use token-based authentication, which consists of 2 things:

  1. Consent granted by the account holder.
  2. Access token, with the integrated consent.

To set this up use the Authorization Services API.

With the /authorize endpoint the account holder is requested to give consent for a certain API (scope). After consent, an authorization code is returned. This authorization code should be used in the /token call to retrieve an access token. This access token is a Bearer token that you use in the Authorization header of each request.

Read more Oauth PSD2 and Premium.

Relevant scope for oauth2 access code flow

Scope nameDescription
bdd.payments.writeSend direct debit files, signing in RBB required
bdd.stp-directdebit.read-writeSend direct debit batch files using straight through processing (already signed, will be executed directly) for Direct Connectors

Consent required for Third Parties and Direct Connectors:

  • Third Party
    • Performing actions on behalf of your customers (Rabo account holders)
    • The account holder must provide consent to the third party to Rabobank on behalf of their organisation for the specified account(s) and scopes (provide access to specific actions). This consent is continuous.
  • Direct Connector
    • Performing actions on/from your own account
    • You must provide consent for technical reasons for the specified account(s) and scopes (provide access to specific actions). This is a one time action.
📘

Make sure that you use the Authorization and Token URL as provided by the Authorization Services.

Rate Limiting

A default rate limit plan is set for all APIs. The rate limit can be shared or defined per operation. The table below describes the rate limiting for the Business Direct Debit product.

OperationTypeLimit (API calls / s)Counts towards shared limit
POST /bulk/direct-debitsIndividual5No
GET /bulk/direct-debits/{paymentId}/statusIndividual10No
All (premium) Oauth callsShared10Yes

The table below describes the rate limiting for the Business Direct Debit STP product.

OperationTypeLimit (API calls / s)Counts towards shared limit
POST /bulk-stp/direct-debitsIndividual5No
GET /bulk-stp/direct-debits/{paymentId}/statusIndividual10No
All (premium) Oauth callsShared6Yes