Business Direct Debit is a part of Rabo BoekhoudKoppeling and Rabo Banking Link. This API supports all third parties and direct customers.
This API allows you or your clients (with a Rabobank business account) to process bulk direct debits through your application using Rabobank.
Using BDD, you can optimize the customer journey in your web service.
To know more read the manual that connects to your use case:
Payment files with multiple batches can be sent to the bank using BDD with a maximum of 3,000 batches contained in one payment file at a time. It is also advisable to put a maximum of 25,000 payment orders in one payment file to ensure smooth processing. Larger files with more than 25,000 payment orders can best be split into multiple files.
Relevant scope(s) for oauth2 access code flow
| Scope name | Description |
|---|---|
| bdd.payments.write | Send direct debit files |
Make sure that you use the Authorization and Token URL as provided by the Authorization Services.
Rate Limiting
A default rate limit plan is set for all APIs. The rate limit can be shared or defined per operation. The table below describes the rate limiting for this product.
| Operation | Type | Limit (API calls / s) | Counts towards shared limit |
|---|---|---|---|
POST /direct-debits | Individual | 5 | No |
GET /direct-debits/{paymentId}/status | Individual | 10 | No |
| All (premium) Oauth calls | Shared | 10 | Yes |
Requests
The POST Payment and GET Status requests must contain a digital signature. You can generate this digital signature using the private key of your certificate. For the Sandbox environment, you can use an example certificate available in the Signing documentation .
The POST call requires a PAIN008 file, read more about it here .
You can only use business current accounts as Ordering account/Creditor Account.
Response
POST Payment initiation for Business Direct Debit.
You can initiate a bulk direct debits using a POST payment request.
After receiving the payment, a response of RCVD or RJCT is returned. You can use the status endpoint to get the latest status of the payment.
<?xml version="1.0" encoding="UTF-8"?>
<InitiatedTransactionResponse>
<_links>
<status>
<href>/payments/bulk/direct-debits/123e4567-e89b-42d3-a456-556642440000/status</href>
</status>
</_links>
<paymentId>123e4567-e89b-42d3-a456-556642440000</paymentId>
<transactionStatus>RCVD</transactionStatus>
</InitiatedTransactionResponse>If a required header is not provided or left blank, then the status of the response is always 400 BAD REQUEST and the response contains the missing header name. For example if the header Signature is missing, then the response is:
{
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ErrorResponse>
<errorMessages>
<category>WARNING</category>
<code>FORMAT_ERROR</code>
<text>Required header 'signature' is not present</text>
</errorMessages>
</ErrorResponse>
}Below you can find all supported test scenarios. In order to test these scenarios, call the API by using the examples for the fields provided in the endpoint description for POST/direct-debits.
| Request Scenario | Response | Remark |
|---|---|---|
| Valid Request with valid PAIN008 xml file | 201 CREATED | multipart/form-data with payload variable name as xml_dd |
| Send Request with required header missing | 400 BAD REQUEST | Make a request without a header such as PSU-IP-Address |
| Create payment with invalid multiform | 400 BAD REQUEST | Only for Sandbox |
| Send Request with incorrect header format | 400 BAD REQUEST | Only for Sandbox |
| Large PAIN008 xml file | 400 BAD REQUEST | Make a request with PAIN008 xml file larger than 64MB and valid digest |
| PAIN008 xml file is missing * | 400 BAD REQUEST | Make a request without the PAIN008 xml file |
| PAIN008 xml file is empty * | 400 BAD REQUEST | Make a request with and empty PAIN008 xml file |
| Send Request with invalid signature | 401 Unauthorised - Invalid Signature | Make a request with an invalid signature |
| Send Request with invalid certificate | 401 Unauthorised - Invalid Certificate | Make a request with an invalid certificate |
| Send Request with invalid digest | 401 Unauthorised - Invalid digest | Make a request with an invalid digest |
| If there is no consent for the used accounts | 401 Unauthorised - No permissions found | Make a request with an account that has no permissions for this product type |
| Server issue with the account consent | 500 Internal server error | Internal Server Error, Permissions for this product type cannot be accessed |
| Use PUT instead of POST method | 405 Method Not Allowed | Use an incorrect HTTP method when making the request |
Note: These codes are for Sandbox only.
For test scenarios marked with * use the following values for the Digest and Signature header:
Scenario | Digest + Signature |
|---|---|
400 Bad Request, PAIN001 missing | digest: sha-512=XQ48ASLpmAaHugPp6xxefYxP7rZSDsT3cDjq8Xe9wAVfIoaufLDAP3zpc7O9Lk2pva1xPTSP/a2/yemgVGwnRw== </li><li>signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="d7srUHUwsoN1GJas1dtDmaa5ho9JUgNLX4bKA6GgbB+mxKe3qx6x6RRDPhE+Jo5fz31Jp/ZcjHslQkH1mt1xsalHAr0eJyVe6DYfyW8uJKHCDOWMoauzI2b/TxiI4nS+yYkUr+5wLiBh02lYtq8hDtAJNlpuGJbRVPc9a0T7TErefeh8famvWffRUCmTqWZdU7oxyBColVOYmUoS9ZCMxrBMUi/24txIGciiqVyvfVkrP8yTaKL2CknGLc06G5UWfwm/xnU4qzlRIAOJNT752+ol5JC1mZTZZUdoHJtwPovHcMZrIbmM0S3m0HccZH/NCr8umZyScwy9ic4w3ZVYzg==" |
400 Bad Request, PAIN001 empty | > digest: sha-512=Ee51KhNukKes30kaFD9UZkwFR57ybIIfOwch1d/lPX0q5lhpD/aC44kALU4OYNyh+gHbDA/ly2nFnHZjOXN5gA== </li><li>signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="Pob7hhQM7kyAg0pCXnaWWKMPuZMtVLCYv+fjuozc4HnJ4wDnzx0DsoUlNjtZ3sd9AJV9mR241KgTMn5h4mgstTL/7PvbUaz1JejlA827kjL4mXR12B9okgypC0d5QMraSBzjsUHYu4sCxAvVXnLHK1TZ93qJJChLk9KOydJepRN+O2K123UNORJ/9MHzVbV5gt9XGs4fTMCAQRNAKsqbnLvSqGqbVmVsfawdCmAojj7h3kFwWg9XQzja1CYwxjz2GuE5sgc7jif/XvNstFz8i7KRpDzQiG0jK0910MNmZAkOhhYfSwhmYWKFQfeP1fPZT+oR0WMQp0iTUa3nZPg01w==" |
GET Payment Status for Business Direct Debit.
You can retrieve the status information for a payment initiation using a GET status request.
{
<?xml version="1.0" encoding="UTF-8"?>
<Document xmlns="urn:iso:std:iso:20022:tech:xsd:pain.002.001.03">
<CstmrPmtStsRpt>
<GrpHdr>
<MsgId>RABO-PAIN002-PO-0000000001865274433</MsgId>
<CreDtTm>2021-08-09T15:42:17.252</CreDtTm>
<InitgPty>
<Id>
<OrgId>
<BICOrBEI>RABONL2U</BICOrBEI>
</OrgId>
</Id>
</InitgPty>
</GrpHdr>
<OrgnlGrpInfAndSts>
<OrgnlMsgId>MMMM20211231v1</OrgnlMsgId>
<OrgnlMsgNmId>PAIN.008.001.02</OrgnlMsgNmId>
<OrgnlCreDtTm>2013-07-18T10:00:00.000</OrgnlCreDtTm>
<OrgnlNbOfTxs>1</OrgnlNbOfTxs>
<OrgnlCtrlSum>0.02</OrgnlCtrlSum>
<GrpSts>ACTC</GrpSts>
</OrgnlGrpInfAndSts>
<OrgnlPmtInfAndSts>
<OrgnlPmtInfId>PmtInfId-DD20211231-1</OrgnlPmtInfId>
<OrgnlNbOfTxs>1</OrgnlNbOfTxs>
<OrgnlCtrlSum>0.02</OrgnlCtrlSum>
<PmtInfSts>ACSC</PmtInfSts>
</OrgnlPmtInfAndSts>
</CstmrPmtStsRpt>
</Document>
}Some scenarios, as mentioned below, require specific paymentId(s) in the URL, example: (/payments/bulk/direct-debits/paymentId/status) to get the mentioned responses.
| Response | Scenario | Payment-id | Remark |
|---|---|---|---|
| PAIN002 file | 200 OK | 123e4567-e89b-42d3-a456-556642440000 | All statuses are returned as a part of a PAIN002 file after the payment is processed. |
| RCVD | 200 OK | 123e4567-e89b-42d3-a456-556642440007 | This is an initial status indicating that a payment initiation is received but not yet processed by Rabobank's order manager. |
| RJCT | 200 OK | 123e4567-e89b-42d3-a456-556642440008 | The payment initiation is rejected. |
| 500 Internal Server Error | 123e4567-e89b-42d3-a456-556642444324 | Resource Unknown. An error occurred during the processing of the request. | |
| 500 Internal Server Error | 123e4567-e89b-42d3-a456-556642440005 | Payment Id not found | |
| 400 BAD REQUEST | any paymentId | The request contains invalid or missing data. For example the PSU-IP-Address is missing in the header | |
| 401 Unauthorised | any paymentId | Make a request with an invalid digest or signature or certificate. |
Response Status
Here is a description of the expected response statuses:
Statuses present in the POST response
- RCVD: Payment file received
- RJCT: Payment file rejected
Statuses present in the GET response
Interchange status/group status:
- ACTC: Payment successfully created
- RJCT: Payment rejected.
Batch status:
- RCVD: Payment batch received.
- ACTC: Awaiting authorization.
- ACCP: Payment authorized.
- ACSC: Payment processed.
- RJCT: Payment rejected, expired, or cancelled.
- PDNG: Payment pending.
Transaction status on individual payment in the batch:
- RJCT: Payment rejected.
- ACCP: Payment authorized.
- CANC: Payment withdrawn.
- PDNG: Payment pending.
- ACSC: Payment processed.