The Business Instant Payout API (BIP API) is a fully automated payment solution for corporate businesses with a large number of transactions. You can seamlessly integrate trigger-based instant payouts for your partners, customers, and employees without interacting with Rabo Business Banking.
A standard payment order requires authorization in Rabo Business Banking whereas a BIP transaction is processed using certificates, eliminating the need for authorization within the online banking-environment. Using BIP, you can fully automate payment initiation from your own application to instantly process payment orders.
In Sandbox NOW
To further improve the accuracy of your payments and reduce errors, BIP offers an additional optional service: the Payee Account Check. This feature allows you to verify whether the provided beneficiary name matches the IBAN before submitting a payment instruction. It helps prevent failed transactions and enhances confidence in your payout process.
To know more read, Rabo Banking Link manual for direct connectors
Relevant scope for oauth2 access code flow
| Scope name | Description |
|---|---|
| bip.paymentsbiptp.write | Payments from your payment account |
Make sure that you use the Authorization and Token URL as provided by the Authorization Services.
Rate Limiting
A default rate limit plan is set for all APIs. The rate limit can be shared or individual (defined per operation). The table below describes the rate limiting for this product.
| Operation | Type | Limit (API calls / s) | Counts towards shared limit |
|---|---|---|---|
POST /v3/payments/single-credit-transfers | Shared | 12 | No |
POST /v3/payments/cross-border-credit-transfers | Shared | 12 | Yes |
GET /v3/payments/single-credit-transfers/{paymentId}/status | Shared | 12 | Yes |
GET /v3/payments/cross-border-credit-transfers/{paymentId/status | Shared | 12 | Yes |
| All (premium) Oauth calls | Shared | 12 | Yes |
Sepa/Cross Border
Requests
The POST Payment and GET Status requests must contain a digital signature. You can generate a digital signature using the private key of your certificate. For the Sandbox environment, you can use an example certificate available in the Signing documentation.
For detecting a duplicate payment you can use the uniqueRequestorReference field in the body of the request. In case a payment with the exact same uniqueRequestorReference is already present in our order system, the payment just initiated is rejected as duplicate payment.
You can initiate a payment for Business Instant Payout with POST /single-credit-transfers.
POST https://api-sandbox.rabobank.nl/openapi/sandbox/bip/v3/payments/single-credit-transfersYou can retrieve the status of an initiated payment with GET /status.
GET https://api-sandbox.rabobank.nl/openapi/sandbox/bip/v3/payments/single-credit-transfers/123e4567-e89b-42d3-a456-556642440000/status
- Supported characters allowed range from A-Z, a-z, 0-9
- Special characters include ; . / \ +? ( ) , +E(at) - colon.
- No Diacritics letters or characters are allowed.
Response
POST Payment initiation for Business Instant Payout.
You can initiate an Instant Payment credit transfer using a POST payment request.
After receiving the payment, a response of RCVD or RJCT is returned. You can use the status endpoint to get the latest status of the payment.
To view the POST parameters, read the endpoint description for:
POST/v3/payments/single-credit-transfersPOST/v3/payments/cross-border-credit-transfers
Example:
{
"paymentId": "123e4567-e89b-42d3-a456-084452918502",
"psuMessage": "Payment successfully created.",
"transactionStatus": "RCVD"
}Below you can find all supported test scenarios. In order to test these scenarios, call the API by using the examples for the fields provided in the endpoint description for POST/v3/payments/single-credit-transfers.
| Scenario | uniqueRequestorReference | endToEndId | amt.currency | amt.content | creditorName | credAc.iban | credAc.currency | dbtrAc.iban | dbtrAc.currency | remStrIssuer | remStrReference | Remarks |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 201 CREATED * | 0744f57f-d777-5369-b33e-d01641527faf | PI-123456789 | EUR | 10.25 | Company | NL40RABO8933084452 | EUR | NL43RABO9012918502 | EUR | CUR | Ref 2021-03-24 | |
| 400 Bad Request * | 0744f57f-d777-5369-b33e-d01641527faf | PI-123456789 | EUR | 10.25 | Company | EUR | EUR | CUR | Ref 2021-03-24 | Send a transfer leaving one of the fields empty, for example IBAN | ||
| 401 Unauthorised | CERTIFICATE_INVALID | Use the value invalid for the header: Signature-Certificate | ||||||||||
| 401 Unauthorised | CERTIFICATE_MISSING | Use the value missing for the header: Signature-Certificate | ||||||||||
| 401 Unauthorised | CERTIFICATE_EXPIRED | Use the value expired for the header: Signature-Certificate | ||||||||||
| 401 Unauthorised | CERTIFICATE_BLOCKED | Use the value blocked for the header: Signature-Certificate | ||||||||||
| 401 Unauthorised | CERTIFICATE_REVOKED | Use the value revoked for the header: Signature-Certificate | ||||||||||
| 404 Not Found | Change the URL to /v3/pymt/credit-transfers | |||||||||||
| 405 Method Not Allowed | Use GET instead of POST | |||||||||||
| 422 Duplicate payment * | 5e22db01-6962-4941-b70f-5a06a9a88f81 | Duplicate payment | ||||||||||
| 503 Service Unavailable | serviceUnavailable |
Note: These codes are for Sandbox only.
*) For these test scenarios use the following values for the Digest and Signature header:
| Scenario | Digest + Signature |
|---|---|
| 201 Created | digest: sha-512=ZEmBwCCDcSOeoP8y4k5ZtHWA4/j0cLhwuXL551wyJgHCa9exEQCCi1kvSkU8NaW3lNDWqHRrMgkt4j0MGzApBQ==\<br>signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="UkZ0iS8ReKTvZJgOhGZv6QetJFKWGJDUZxHjglmEeg1AKjtpxDAMbIGid1fgT4dola6HZbnvFO9SjyPfAKtz/dnBqdKcWDAdL+PStY/EyFvXeshwmkIE1FZLpomvXoUTWZmsFqW2fdO3PgciQXwv/gHUCAp1A0ZEVR2W1KifcXSMeotzTaog3gw2XTfQU+LmDdWx1sbXQJDmgcBnRpYlMRIX5R2GP1pQ61rDFydMJqpwv4RUsUyB+dQoHLd13rU4jlbNKvankVxJnij2xyQrFh1wkJVQG0+ECrtxW4B7SECwh4I7meQqGlPeXpWGDS2mg2NmWRTfI0+m3isUwblQcw==" |
| 400 Bad Request, IBAN missing | digest: sha-512=gTYJbmdTyDEQkoSBBJZhtfoznqF6aMFAOWWJuP09/aMj73+n10pGRPVXGP8l9YYHpmM/6+0dNDobBYZafBKpEg==\<br>signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="ovg5o54OgIb0Ib7LBtQEzhnL0aSrxQPvGFxh0rKNzxwyCYY68nn8ihCwGQ4DrosHeQIhW0fkq1KzKaYmaQjyDkJxGQgX2MhQ55npWQjs7orajtDsIihJaHqpnio4w6t82hUlGO+paSGS2Q2JSVWybAewb1c2E5eJOKCH5QuoVF7WD2PbvVPjb0JJIuTgFgARx6RJueU4Wg81Ak9/D2fDgBRM3a+DojbUGN/92d/qZTwrcIlQPIOeWJ7ydKudlmkiEMMfha/UWueOVycsDeNDoFte5S/RZt6sA7qRHZgYRjJOUwscNU7hTtP6InGtdl6G4XDmcnHERN42CH3uMvZ+NA==" |
| 422 Duplicate payment | digest: sha-512=ZEmBwCCDcSOeoP8y4k5ZtHWA4/j0cLhwuXL551wyJgHCa9exEQCCi1kvSkU8NaW3lNDWqHRrMgkt4j0MGzApBQ==\<br>signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="UkZ0iS8ReKTvZJgOhGZv6QetJFKWGJDUZxHjglmEeg1AKjtpxDAMbIGid1fgT4dola6HZbnvFO9SjyPfAKtz/dnBqdKcWDAdL+PStY/EyFvXeshwmkIE1FZLpomvXoUTWZmsFqW2fdO3PgciQXwv/gHUCAp1A0ZEVR2W1KifcXSMeotzTaog3gw2XTfQU+LmDdWx1sbXQJDmgcBnRpYlMRIX5R2GP1pQ61rDFydMJqpwv4RUsUyB+dQoHLd13rU4jlbNKvankVxJnij2xyQrFh1wkJVQG0+ECrtxW4B7SECwh4I7meQqGlPeXpWGDS2mg2NmWRTfI0+m3isUwblQcw==" |
GET Payment Status for Business Instant Payout.
You can retrieve the status information for a payment initiation using a GET status request.
To view the GET parameters, read the endpoint description for:
GET/v3/payments/single-credit-transfers/{paymentId}/statusGET/v3/payments/cross-border-transfer/{paymentId}/status
{
"transactionStatus": "RCVD"
}Some scenarios, as mentioned below, require specific paymentId(s) in the URL, example: GET /v3/payments/single-credit-transfers/{paymentId}/status to get the mentioned responses.
Scenarios are mentioned here:
| Scenario | responseStatus | paymentId | remark |
|---|---|---|---|
| 200 OK | RCVD | 123e4567-e89b-42d3-a456-556642440000 | |
| 200 OK | ACSP | 123e4567-e89b-42d3-a456-556642440003 | |
| 200 OK | RJCT | 123e4567-e89b-42d3-a456-556642440004 | |
| 200 OK | ACSC | 123e4567-e89b-42d3-a456-556642440005 | |
| 200 OK | ACCC | 123e4567-e89b-42d3-a456-556642440006 | |
| 400 BAD REQUEST | 123e4567-556642440007 | PaymentId is not a valid UUID. | |
| 400 BAD REQUEST * | 123e4567-e89b-42d3-a456-556642440008 | Header: X-Request-ID (123e4567) is not UUID. | |
| 401 Unauthorised | CERTIFICATE_INVALID | Use the value invalid for the header: Signature-Certificate. | |
| 401 Unauthorised | CERTIFICATE_MISSING | Use the value missing for the header: Signature-Certificate. | |
| 401 Unauthorised | CERTIFICATE_EXPIRED | Use the value expired for the header: Signature-Certificate. | |
| 401 Unauthorised | CERTIFICATE_BLOCKED | Use the value blocked for the header: Signature-Certificate. | |
| 401 Unauthorised | CERTIFICATE_REVOKED | Use the value revoked for the header: Signature-Certificate. | |
| 404 NOT_FOUND | 123e4567-e89b-42d3-a456-556642440009 | Forced status not found. | |
| 405 Method Not Allowed | Use POST instead of GET | ||
| 503 SERVICE_UNAVAILABLE | 123e4567-e89b-42d3-a456-556642440010 | Forced service unavailable. |
Note: These codes are for Sandbox only.
*) For this test scenario use the following values for the Digest and Signature header:
| Scenario | Digest + Signature |
|---|---|
| 400 Bad Request - X-Request-ID | digest: sha-512=z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==\<br>signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="BGsRPeGwhH0FZX1QMgWC92ekr1u/GRIJjlgvAK9qn3YUvShn6hyr6J+jb/2S5TAdNq3pen3pUwbn8qXbO3uhHFekL/HhJaj8XwSj/ZUtL/ekIB9iwboo8LRak3Jw0NQMWgwiSyXDTrMQTMgnfvOoCCQ3ktQl0THs6efDa3GyzqtwJboCi6TXLvEPhaIMRNjSscwREsJe7RaGEzPTtmbdcdaYkE+JfgFy7TIZcLgq2uYu6Cn+FF0cYOxOsINQD28JAZbjk+wL0rptXbkkgNR6MsdctyGMr7qiWRP3+uakYVFKU93v2wfl3TMtKG4Oi389ErJOe83ieCqaCyqxyvDsag==" |
Response statuses
Here is a description of the expected response statuses:
RCVD: Payment initiation has been received by the receiving agent. Technical validation has started.ACSP: All preceding checks were successful. The payment initiation has been accepted for execution but is not yet completed. The payment execution is still in progress.ACSC: Settlement on the debtor’s account has been completed.ACCC: Settlement on the creditor's account has been completed.RJCT: Payment initiation has been rejected.