Try it Out (Sandbox)

A guide for developers to try code examples and test Rabobank’s Business Instant Payout APIs.

📘
The Rabobank Sandbox uses stubs.

End‑to‑end flows cannot be tested—only simulated responses.

Certificates are not validated against requirements.

Authentication in Sandbox

We provide a key and certificate for mTLS authentication and request signing:

mTLS

Signing

Base URL

All sandbox API endpoints start with:

https://api-sandbox.rabobank.nl/openapi/sandbox/bip

Available Endpoints

Payment Initiation

Payment initiation (SEPA / Domestic): POST /v3/payments/single-credit-transfers
Cross-border payment initiation: POST /v3/payments/cross-border-credit-transfers

Payment Status

Status retrieval (SEPA / Domestic): GET /v3/payments/single-credit-transfers/{paymentId}/status
Cross-border status retrieval: GET /v3/payments/cross-border-transfer/{paymentId}/status

Example request and responses

Create a SEPA Instant Payment Order

Endpoint: https://api-sandbox.rabobank.nl/openapi/sandbox/bip/v3/payments/single-credit-transfers

Request

Date: Thu, 18 Mar 2021 15:10:46 GMT
Digest: sha-512=GgFgvLMTWxSq6IhpjL9KqbqHKSE+DZKXGOEJ98rR6nDEmHOm8r5kCujZtu3dvbCR/drMq+22cIyudBtqc4Drgg==
X-Request-ID: e9c96b7e-8470-410a-937c-396fe9512fea
Signature: keyId="474941545142452678797059264714336600071935444114",algorithm="rsa-sha512",headers="date digest x-request-id",signature="Q5qc/ET5CqH9Wx1aANdMGXq+mS0F2bvx8LFzvAxsPDfR68c39GkjYqhWXGhwmOIqOWFKsCFMXkfpnz61VtCOrR9em47sYvZpApc3DHwxFB813bE/aLyJ/rmca91Had5Qdd6VMPmdi0UMlgZLiU6YoW0Z3QIM0SNWRMYtpOsRyLkoEicGg4mP0M2KqM98Baf2lf0UOzOqYQXig87+dmBckzw3pPtHQglkookaEQydrPCSdSPQpK81THFPiCqcRGTs66Edden0etvTMaYNultfrU48xsIoClUqtjyP3cRhywqfEeaMkImoxB6qtV8ttQTU3me6eIcTS1Dj4gNfNijEsw=="
Signature-Certificate: MIID9DCCAtygAwIBAgIUUzEdjjbjLOePU7NeZfai6bv9RJIwDQYJKoZIhvcNAQELBQAweDEyMDAGA1UEAwwpUmFib2JhbmsgZGV2ZWxvcGVyIHBvcnRhbCBTYW5kYm94IHRlc3RpbmcxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MREwDwYDVQQKDAhSYWJvYmFuazAgFw0yNTExMTIxNTQ3MzRaGA8yMTAwMTAyNTE1NDczNFoweDEyMDAGA1UEAwwpUmFib2JhbmsgZGV2ZWxvcGVyIHBvcnRhbCBTYW5kYm94IHRlc3RpbmcxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MREwDwYDVQQKDAhSYWJvYmFuazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALGoQqBxfADuEAHs/k1UoKkqn1XrK3ocV/rItsnCU3ynW9gahC8Ggj4UtcjNcXh8fBieV+6oeFcMRXofY6PiS6IM3YxofwMUM0JqTC/JZcoVhnEButAbg+DVJJfR7jxEDFUR2LL2RTLHYugtJdbg92kuUy7bXjayj6/Ef2R3s+cI7rHiI7oAftce61k4sVmQxGtxAVt+jrSB8eX/hVqdzfNb1MSzRbfII56rLgeaSbWm7gkYcJimyWjPuabqxY0cIvwkum5BRJ87x+QRdxzJuXYuwZsUMaY4ETYiiwUv7Q2vOZ066a6zBs++JSdgCUypvqm9YvRn3vCxB3+me+jvhdUCAwEAAaN0MHIwHQYDVR0OBBYEFHr3mI71/GxAJ/nDhNTZL+XEX6cZMB8GA1UdIwQYMBaAFHr3mI71/GxAJ/nDhNTZL+XEX6cZMA4GA1UdDwEB/wQEAwIFoDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAEZod53U0IhIQZSVo4mVSn/bWT53uaeAcSwtRi+hyb8K2nDmT8wWdb6xewghd6EXIpWwetG8+odqvCaatdwPa4XjxE9XEecZC+EAYucY7joEk+maDjgJdgNNCwmWGQvOi9Fav9o2bbSGC3Y615K34aMmSNfuCGJHTw88RciLhPUdLMQF3gUTcQjlRcmE0oBZilZ0BF8Q1BIaJiFZZ7nNb4FGYB3ouySsmz/aPTz+VENZp2geCGjxW+SUIVpKiWA6NN2iJkp4Zywe39FxCca0Fw+QHl0vuMhh5fxyFA3eJLZREsZdgqwXnvIwNIM6/Yd1lxUIEyHL1J/m/vcJv/X0ZY4=
Content-Type: application/json
PSU-IP-Adress: 192.68.1.1
Body: {"creditorAccount":{"currency":"EUR","iban":"NL40RABO8933084452"},"creditorAddress":{"buildingNumber":"8","country":"NL","postcode":"2456RL","streetName":"Utrechtstraat","townName":"Utrecht"},"creditorAgent":"RABONL2U","creditorName":"Company","debtorAccount":{"currency":"EUR","iban":"NL43RABO9012918502"},"debtorAgent":"RABONL2U","debtorName":"Allen Martin","endToEndIdentification":"PI-123456789","instructedAmount":{"content":"10.25","currency":"EUR"},"remittanceInformationStructured":{"reference":"Ref 2021-03-24","referenceIssuer":"CUR"},"uniqueRequestorReference":"0744f57f-d777-5369-b33e-d01641527faf"}

Response

{
    "paymentId": "123e4567-e89b-42d3-a456-084452918502",
    "psuMessage": "Payment successfully created.",
    "transactionStatus": "RCVD"
}

Retrieve a SEPA Payment Order Status

Endpoint: https://api-sandbox.rabobank.nl/openapi/sandbox/bip/v3/payments/single-credit-transfers/\{paymentId}/status

Request

Date: Thu, 18 Mar 2021 15:10:46 GMT
Digest: sha-512=z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==
X-Request-ID: e9c96b7e-8470-410a-937c-396fe9512fea
Signature: keyId="474941545142452678797059264714336600071935444114",algorithm="rsa-sha512",headers="date digest x-request-id",signature="g6cXDUTg6UZYEtA8sQRot7b2SnMtWh9zqoDK4vdMLQPpIvzgzlPdT3+tUYa2lnxMF3kInRC0E0ygmWsrJ9STbo2w6W1RiI07u1Uh3rTky//oPZNCmMUFOwtNXzd5z7XVzRomgAcNeeJxxCX2EIqId6tac/OR48zwoDEavtqUp6uDWivXfAFmvxGsGxPBJIvRHTk2mgIrxE57w9LHkP4Ox0ZX/pemkB2UCEd1+QBEB3IqghXroTgJ98yFHjmx5FByhWo8iKpn30gJe5cWMEWs6F9gWEt8l54TSMmnD/iwPA20SFqvT/C4PtWFEQzunASQHh0f+CbJbufhAQwvv/xU7g=="
Signature-Certificate: MIID9DCCAtygAwIBAgIUUzEdjjbjLOePU7NeZfai6bv9RJIwDQYJKoZIhvcNAQELBQAweDEyMDAGA1UEAwwpUmFib2JhbmsgZGV2ZWxvcGVyIHBvcnRhbCBTYW5kYm94IHRlc3RpbmcxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MREwDwYDVQQKDAhSYWJvYmFuazAgFw0yNTExMTIxNTQ3MzRaGA8yMTAwMTAyNTE1NDczNFoweDEyMDAGA1UEAwwpUmFib2JhbmsgZGV2ZWxvcGVyIHBvcnRhbCBTYW5kYm94IHRlc3RpbmcxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MREwDwYDVQQKDAhSYWJvYmFuazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALGoQqBxfADuEAHs/k1UoKkqn1XrK3ocV/rItsnCU3ynW9gahC8Ggj4UtcjNcXh8fBieV+6oeFcMRXofY6PiS6IM3YxofwMUM0JqTC/JZcoVhnEButAbg+DVJJfR7jxEDFUR2LL2RTLHYugtJdbg92kuUy7bXjayj6/Ef2R3s+cI7rHiI7oAftce61k4sVmQxGtxAVt+jrSB8eX/hVqdzfNb1MSzRbfII56rLgeaSbWm7gkYcJimyWjPuabqxY0cIvwkum5BRJ87x+QRdxzJuXYuwZsUMaY4ETYiiwUv7Q2vOZ066a6zBs++JSdgCUypvqm9YvRn3vCxB3+me+jvhdUCAwEAAaN0MHIwHQYDVR0OBBYEFHr3mI71/GxAJ/nDhNTZL+XEX6cZMB8GA1UdIwQYMBaAFHr3mI71/GxAJ/nDhNTZL+XEX6cZMA4GA1UdDwEB/wQEAwIFoDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAEZod53U0IhIQZSVo4mVSn/bWT53uaeAcSwtRi+hyb8K2nDmT8wWdb6xewghd6EXIpWwetG8+odqvCaatdwPa4XjxE9XEecZC+EAYucY7joEk+maDjgJdgNNCwmWGQvOi9Fav9o2bbSGC3Y615K34aMmSNfuCGJHTw88RciLhPUdLMQF3gUTcQjlRcmE0oBZilZ0BF8Q1BIaJiFZZ7nNb4FGYB3ouySsmz/aPTz+VENZp2geCGjxW+SUIVpKiWA6NN2iJkp4Zywe39FxCca0Fw+QHl0vuMhh5fxyFA3eJLZREsZdgqwXnvIwNIM6/Yd1lxUIEyHL1J/m/vcJv/X0ZY4=
Body:

Response

{
    "transactionStatus": "RCVD"
}

Test scenarios

We offer predefined scenarios to test happy flows, errors, and edge cases.

`POST /single-credit-transfers Scenarios`

Scenario	uniqueRequestorReference	endToEndId	amt.currency	amt.content	creditorName	credAc.iban	credAc.currency	dbtrAc.iban	dbtrAc.currency	remStrIssuer	remStrReference	Remarks
201 CREATED *	0744f57f-d777-5369-b33e-d01641527faf	PI-123456789	EUR	10.25	Company	NL40RABO8933084452	EUR	NL43RABO9012918502	EUR	CUR	Ref 2021-03-24
400 Bad Request *	0744f57f-d777-5369-b33e-d01641527faf	PI-123456789	EUR	10.25	Company		EUR		EUR	CUR	Ref 2021-03-24	Send a transfer leaving one of the fields empty, for example IBAN
401 Unauthorised		CERTIFICATE_INVALID										Use the value invalid for the header: Signature-Certificate
401 Unauthorised		CERTIFICATE_MISSING										Use the value missing for the header: Signature-Certificate
401 Unauthorised		CERTIFICATE_EXPIRED										Use the value expired for the header: Signature-Certificate
401 Unauthorised		CERTIFICATE_BLOCKED										Use the value blocked for the header: Signature-Certificate
401 Unauthorised		CERTIFICATE_REVOKED										Use the value revoked for the header: Signature-Certificate
404 Not Found												Change the URL to `/v3/pymt/credit-transfers`
405 Method Not Allowed												Use GET instead of POST
422 Duplicate payment *	5e22db01-6962-4941-b70f-5a06a9a88f81	Duplicate payment
503 Service Unavailable		serviceUnavailable

*) For these test scenarios use the following values for the Digest and Signature header:

Scenario	Digest + Signature
201 Created	digest: sha-512=GgFgvLMTWxSq6IhpjL9KqbqHKSE+DZKXGOEJ98rR6nDEmHOm8r5kCujZtu3dvbCR/drMq+22cIyudBtqc4Drgg==`\<br>`signature: keyId="474941545142452678797059264714336600071935444114",algorithm="rsa-sha512",headers="date digest x-request-id",signature="Q5qc/ET5CqH9Wx1aANdMGXq+mS0F2bvx8LFzvAxsPDfR68c39GkjYqhWXGhwmOIqOWFKsCFMXkfpnz61VtCOrR9em47sYvZpApc3DHwxFB813bE/aLyJ/rmca91Had5Qdd6VMPmdi0UMlgZLiU6YoW0Z3QIM0SNWRMYtpOsRyLkoEicGg4mP0M2KqM98Baf2lf0UOzOqYQXig87+dmBckzw3pPtHQglkookaEQydrPCSdSPQpK81THFPiCqcRGTs66Edden0etvTMaYNultfrU48xsIoClUqtjyP3cRhywqfEeaMkImoxB6qtV8ttQTU3me6eIcTS1Dj4gNfNijEsw=="
400 Bad Request, IBAN missing	digest: sha-512=la4YCtT+L4IoEF/W/UsKtdQjf+MaHmvEILr1wRxU0ZkCyJ8Ti0R97kE4EJOG3FjAf3clstAAxZmibcBXhXiFTw==`\<br>`signature: keyId="474941545142452678797059264714336600071935444114",algorithm="rsa-sha512",headers="date digest x-request-id",signature="qYyu/Q7l2/IPsjJPRGM9UxVkjk6AF3og48uLxFHw0+3/7g6LKqs6XLIAL0YmILNoDq/UoQuKTSLxYRKitr+MS/ptxscAPbq7YmcvC3xGEj51dHHDt7YmqyXU0I/7i5XGUykrcFWdc4ZmBOlva40nETua3heAZ+jBS1UjtgQwI0i38UhfNG5RXLqf/uAxa2ha4YKgBPCYH/vHFvHYqgKNOE8AO7OWdvSq98UveF37N/rVcx7mLZ4TXvFwouQEmksY7ApswS/cvV9yD4hdF18B+9B3mWwst4Xv4OowRyVl1nBzxqH6RiWK7bJXmCWT7WnXhp/7o4v3MPEucmWFRmINTg=="
422 Duplicate payment	digest: sha-512=2ha1Pd/+6Q7sH+9iOsk3+TYLs4CrwFTWGe3nFlWG8IX7HzVpAT386EIQsc6s059UKuD/s31FxwYG+NOK2FW+Sg==`\<br>`signature: keyId="474941545142452678797059264714336600071935444114",algorithm="rsa-sha512",headers="date digest x-request-id",signature="nrXJYEjNS3YtjQoc9nGE+p9Nb5erLXa9CUSu5mLzh5zmzAb+CfgVOaddTGzJQ2eeIPCgYyagOO6ViVZ+dn3nvX07Pt1KhVKsDmYILq0ZKFo/arJkunCRKb2K29ZPjszQ/0Nzpl2eMwqNI+Hq8D7iceXdgRvkSW6UQB49L+oQd6U/01F9AYs8XSJpNhZgkOpViK07dW+sUnrCOd8bWS+7aC07II0XRutO3z8ogNxHTKYtFO9HMtj/zSBwkCpCzNE5jbMPkKJK1YaMaQZm5LqD4JexmDIGc75CI8CK9vGLSUpjmP1CwLUn2ybv8Fio7xvTucxfQuACH2mUOVQq3HjIAQ=="

`GET /single-credit-transfers/{paymentId}/status Scenarios`

Some scenarios, as mentioned below, require specific paymentId(s) in the URL.

Scenario	responseStatus	paymentId	remark
200 OK	RCVD	123e4567-e89b-42d3-a456-556642440000
200 OK	ACSP	123e4567-e89b-42d3-a456-556642440003
200 OK	RJCT	123e4567-e89b-42d3-a456-556642440004
200 OK	ACSC	123e4567-e89b-42d3-a456-556642440005
200 OK	ACCC	123e4567-e89b-42d3-a456-556642440006
400 BAD REQUEST		123e4567-556642440007	PaymentId is not a valid UUID.
400 BAD REQUEST *		123e4567-e89b-42d3-a456-556642440008	Header: X-Request-ID (123e4567) is not UUID.
401 Unauthorised	CERTIFICATE_INVALID		Use the value invalid for the header: Signature-Certificate.
401 Unauthorised	CERTIFICATE_MISSING		Use the value missing for the header: Signature-Certificate.
401 Unauthorised	CERTIFICATE_EXPIRED		Use the value expired for the header: Signature-Certificate.
401 Unauthorised	CERTIFICATE_BLOCKED		Use the value blocked for the header: Signature-Certificate.
401 Unauthorised	CERTIFICATE_REVOKED		Use the value revoked for the header: Signature-Certificate.
404 NOT_FOUND		123e4567-e89b-42d3-a456-556642440009	Forced status not found.
405 Method Not Allowed			Use POST instead of GET
503 SERVICE_UNAVAILABLE		123e4567-e89b-42d3-a456-556642440010	Forced service unavailable.

🚧
These codes are for Sandbox only.

*) For this test scenario use the following values for the Digest and Signature header:

Scenario Digest + Signature

400 Bad Request - X-Request-ID digest: sha-512=z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==\<br>signature: keyId="474941545142452678797059264714336600071935444114",algorithm="rsa-sha512",headers="date digest x-request-id",signature="Mtu/epOf8Rs+9MX0SWu9y7lWUcY3ZcwpyPgPrs99moOzaUaMTbqrHzGcFe5rfLQSq4pOqj8dTpyM2Kz4Wz/O3fVEfQKaHjxNpa0OGanTuHhWyUKXKIm/ZAHLJMRlghXY9LBoYL1EH/7L359K/HgxLc5d8XuwyavRFbMo2qge7EkrVRG5XUorg1dDXkjXtQrBnzBHXzYmqk5b0uKiYnkRZK7GHRJSwiLKraIVzWwrqUN47a06/I4NnpBpQrlfitEcFRh2/9Io/ybhs8DaDSmv7Q0hnPVp6UzVF90MbBLKkRW96eI4YhT+JYmP2g9NwPc0pZPmWc08j56lgnUUrbXcWw=="

Scenario	Digest + Signature
400 Bad Request - X-Request-ID	digest: sha-512=z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==`\<br>`signature: keyId="474941545142452678797059264714336600071935444114",algorithm="rsa-sha512",headers="date digest x-request-id",signature="Mtu/epOf8Rs+9MX0SWu9y7lWUcY3ZcwpyPgPrs99moOzaUaMTbqrHzGcFe5rfLQSq4pOqj8dTpyM2Kz4Wz/O3fVEfQKaHjxNpa0OGanTuHhWyUKXKIm/ZAHLJMRlghXY9LBoYL1EH/7L359K/HgxLc5d8XuwyavRFbMo2qge7EkrVRG5XUorg1dDXkjXtQrBnzBHXzYmqk5b0uKiYnkRZK7GHRJSwiLKraIVzWwrqUN47a06/I4NnpBpQrlfitEcFRh2/9Io/ybhs8DaDSmv7Q0hnPVp6UzVF90MbBLKkRW96eI4YhT+JYmP2g9NwPc0pZPmWc08j56lgnUUrbXcWw=="