The Business Instant Payout for Third Parties API (BIP-TP API) is a fully automated payment solution designed for businesses that handle high transaction volumes.
As a third-party software provider, you can seamlessly integrate instant payouts for partners, users, and employees by having your users pre authorising the payments. While standard payment orders require authorization within the Rabo Business Banking, a BIP transaction is processed using certificates, eliminating this need.
BIP allows you to fully automate payment initiation from your application, enabling instant processing of payment orders.
To know more, read Rabo Banking Link for third parties
The account holder should set up a dedicated current account for use with this integration only, read more about it here.
Relevant scope for oauth2 access code flow
| Scope name | Description |
|---|---|
| bip.payments.write | Payments from your payment account |
Make sure that you use the Authorization and Token URL as provided by the Authorization Services.
Rate Limiting
A default rate limit plan is set for all APIs. The rate limit can be shared or individual (defined per operation). The table below describes the rate limiting for this product.
| Operation | Type | Limit (API calls / s) | Counts towards shared limit |
|---|---|---|---|
POST /v3/payments/single-credit-transfers | Shared | 12 | No |
POST /v3/payments/cross-border-credit-transfers | Shared | 12 | Yes |
GET /v3/payments/single-credit-transfers/{paymentId}/status | Shared | 12 | Yes |
GET /v3/payments/cross-border-credit-transfers/{paymentId/status | Shared | 12 | Yes |
| All (premium) Oauth calls | Shared | 12 | Yes |
Requests
The POST Payment and GET Status requests must contain a digital signature. You can generate a digital signature using the private key of your certificate. For the Sandbox environment, you can use an example certificate available in the Signing documentation.
For detecting a duplicate payment you can use the uniqueRequestorReference field in the body of the request. In case a payment with the exact same uniqueRequestorReference is already present in our order system, the payment just initiated is rejected as duplicate payment.
You can initiate a payment for Business Instant Payout - TP with POST /single-credit-transfers.
POST https://api-sandbox.rabobank.nl/openapi/sandbox/bip/v3/payments/single-credit-transfersYou can retrieve the status of an initiated payment with GET /status.
GET https://api-sandbox.rabobank.nl/openapi/sandbox/bip/v3/payments/single-credit-transfers/123e4567-e89b-42d3-a456-556642440000/status
- Supported characters allowed range from A-Z, a-z, 0-9
- Special characters include ; . / \ +? ( ) , +E(at) - colon
- No Diacritics letters or characters are allowed
Response
POST Payment initiation for Business Instant Payout - TP
You can initiate an Instant Payment credit transfer using a POST payment request.
After receiving the payment, a response of RCVD or RJCT is returned. You can use the status endpoint to get the latest status of the payment.
To view the POST parameters, read the endpoint description for:
POST/v3/payments/single-credit-transfersPOST/v3/payments/cross-border-credit-transfers
{
"paymentId": "123e4567-e89b-42d3-a456-084452918502",
"psuMessage": "Payment successfully created.",
"transactionStatus": "RCVD"
}Below you can find all supported test scenarios. In order to test these scenarios, call the API by using the examples for the fields provided in the endpoint description for POST/v3/payments/single-credit-transfers.
| Scenario | uniqueRequestorReference | endToEndId | amt.currency | amt.content | creditorName | credAc.iban | credAc.currency | dbtrAc.iban | dbtrAc.currency | remStrIssuer | remStrReference | Remarks |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 201 CREATED * | 0744f57f-d777-5369-b33e-d01641527faf | PI-123456789 | EUR | 10.25 | Company | NL40RABO8933084452 | EUR | NL43RABO9012918502 | EUR | CUR | Ref 2021-03-24 | |
| 400 Bad Request * | 0744f57f-d777-5369-b33e-d01641527faf | PI-123456789 | EUR | 10.25 | Company | EUR | EUR | CUR | Ref 2021-03-24 | Send a transfer leaving one of the fields empty, e.g. IBAN | ||
| 401 Unauthorised | CERTIFICATE_INVALID | Use value invalid for header: Signature-Certificate | ||||||||||
| 401 Unauthorised | CERTIFICATE_MISSING | Use value missing for header: Signature-Certificate | ||||||||||
| 401 Unauthorised | CERTIFICATE_EXPIRED | Use value expired for header: Signature-Certificate | ||||||||||
| 401 Unauthorised | CERTIFICATE_BLOCKED | Use value blocked for header: Signature-Certificate | ||||||||||
| 401 Unauthorised | CERTIFICATE_REVOKED | Use value revoked for header: Signature-Certificate | ||||||||||
| 404 Not Found | Change the URL to /v3/pymt/credit-transfers | |||||||||||
| 405 Method Not Allowed | Use GET instead of POST | |||||||||||
| 422 Duplicate payment * | 5e22db01-6962-4941-b70f-5a06a9a88f81 | Duplicate payment | ||||||||||
| 503 Service Unavailable | serviceUnavailable |
Note: These codes are for Sandbox only.
*) For these test scenarios use the following values for the Digest and Signature header:
| Scenario | Digest + Signature |
|---|---|
| 201 Created | digest: sha-512=ZEmBwCCDcSOeoP8y4k5ZtHWA4/j0cLhwuXL551wyJgHCa9exEQCCi1kvSkU8NaW3lNDWqHRrMgkt4j0MGzApBQ==\<br>signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="UkZ0iS8ReKTvZJgOhGZv6QetJFKWGJDUZxHjglmEeg1AKjtpxDAMbIGid1fgT4dola6HZbnvFO9SjyPfAKtz/dnBqdKcWDAdL+PStY/EyFvXeshwmkIE1FZLpomvXoUTWZmsFqW2fdO3PgciQXwv/gHUCAp1A0ZEVR2W1KifcXSMeotzTaog3gw2XTfQU+LmDdWx1sbXQJDmgcBnRpYlMRIX5R2GP1pQ61rDFydMJqpwv4RUsUyB+dQoHLd13rU4jlbNKvankVxJnij2xyQrFh1wkJVQG0+ECrtxW4B7SECwh4I7meQqGlPeXpWGDS2mg2NmWRTfI0+m3isUwblQcw==" |
| 400 Bad Request, IBAN missing | digest: sha-512=gTYJbmdTyDEQkoSBBJZhtfoznqF6aMFAOWWJuP09/aMj73+n10pGRPVXGP8l9YYHpmM/6+0dNDobBYZafBKpEg==\<br>signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="ovg5o54OgIb0Ib7LBtQEzhnL0aSrxQPvGFxh0rKNzxwyCYY68nn8ihCwGQ4DrosHeQIhW0fkq1KzKaYmaQjyDkJxGQgX2MhQ55npWQjs7orajtDsIihJaHqpnio4w6t82hUlGO+paSGS2Q2JSVWybAewb1c2E5eJOKCH5QuoVF7WD2PbvVPjb0JJIuTgFgARx6RJueU4Wg81Ak9/D2fDgBRM3a+DojbUGN/92d/qZTwrcIlQPIOeWJ7ydKudlmkiEMMfha/UWueOVycsDeNDoFte5S/RZt6sA7qRHZgYRjJOUwscNU7hTtP6InGtdl6G4XDmcnHERN42CH3uMvZ+NA==" |
| 422 Duplicate payment | digest: sha-512=ZEmBwCCDcSOeoP8y4k5ZtHWA4/j0cLhwuXL551wyJgHCa9exEQCCi1kvSkU8NaW3lNDWqHRrMgkt4j0MGzApBQ==\<br>signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="UkZ0iS8ReKTvZJgOhGZv6QetJFKWGJDUZxHjglmEeg1AKjtpxDAMbIGid1fgT4dola6HZbnvFO9SjyPfAKtz/dnBqdKcWDAdL+PStY/EyFvXeshwmkIE1FZLpomvXoUTWZmsFqW2fdO3PgciQXwv/gHUCAp1A0ZEVR2W1KifcXSMeotzTaog3gw2XTfQU+LmDdWx1sbXQJDmgcBnRpYlMRIX5R2GP1pQ61rDFydMJqpwv4RUsUyB+dQoHLd13rU4jlbNKvankVxJnij2xyQrFh1wkJVQG0+ECrtxW4B7SECwh4I7meQqGlPeXpWGDS2mg2NmWRTfI0+m3isUwblQcw==" |
GET Payment Status for Business Instant Payout - TP
You can retrieve the status information for a payment initiation using a GET status request.
To view the GET parameters, read the endpoint description for:
GET/v3/payments/single-credit-transfers/{paymentId}/statusGET/v3/payments/cross-border-transfer/{paymentId}/status
{
"transactionStatus": "RCVD"
}Some scenarios, as mentioned below, require specific paymentId(s) in the URL, example: (GET /v3/payments/single-credit-transfers/{paymentId}/status) to get the mentioned responses.
| Scenario | responseStatus | paymentId | remark |
|---|---|---|---|
| 200 OK | RCVD | 123e4567-e89b-42d3-a456-556642440000 | |
| 200 OK | ACSP | 123e4567-e89b-42d3-a456-556642440003 | |
| 200 OK | RJCT | 123e4567-e89b-42d3-a456-556642440004 | |
| 200 OK | ACSC | 123e4567-e89b-42d3-a456-556642440005 | |
| 200 OK | ACCC | 123e4567-e89b-42d3-a456-556642440006 | |
| 400 BAD REQUEST | 123e4567-556642440007 | PaymentId is not a valid UUID. | |
| 400 BAD REQUEST * | 123e4567-e89b-42d3-a456-556642440008 | Header: X-Request-ID is not UUID | |
| 401 Unauthorised | CERTIFICATE_INVALID | Use the value invalid for the header: Signature-Certificate. | |
| 401 Unauthorised | CERTIFICATE_MISSING | Use the value missing for the header: Signature-Certificate. | |
| 401 Unauthorised | CERTIFICATE_EXPIRED | Use the value expired for the header: Signature-Certificate. | |
| 401 Unauthorised | CERTIFICATE_BLOCKED | Use the value blocked for the header: Signature-Certificate. | |
| 401 Unauthorised | CERTIFICATE_REVOKED | Use the value revoked for the header: Signature-Certificate. | |
| 404 NOT_FOUND | 123e4567-e89b-42d3-a456-556642440009 | Forced status not found. | |
| 405 Method Not Allowed | Use POST instead of GET | ||
| 503 SERVICE_UNAVAILABLE | 123e4567-e89b-42d3-a456-556642440010 | Forced service unavailable |
Note: These codes are for Sandbox only.
*) For this test scenario use the following values for the Digest and Signature header:
| Scenario | Digest + Signature |
|---|---|
| 400 Bad Request - X-Request-ID | digest: sha-512=z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==\<br>signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="BGsRPeGwhH0FZX1QMgWC92ekr1u/GRIJjlgvAK9qn3YUvShn6hyr6J+jb/2S5TAdNq3pen3pUwbn8qXbO3uhHFekL/HhJaj8XwSj/ZUtL/ekIB9iwboo8LRak3Jw0NQMWgwiSyXDTrMQTMgnfvOoCCQ3ktQl0THs6efDa3GyzqtwJboCi6TXLvEPhaIMRNjSscwREsJe7RaGEzPTtmbdcdaYkE+JfgFy7TIZcLgq2uYu6Cn+FF0cYOxOsINQD28JAZbjk+wL0rptXbkkgNR6MsdctyGMr7qiWRP3+uakYVFKU93v2wfl3TMtKG4Oi389ErJOe83ieCqaCyqxyvDsag==" |
Response statuses
Here is a description of the expected response statuses:
RCVD: Payment initiation has been received by the receiving agent. Technical validation has started.ACSP: All preceding checks were successful. The payment initiation has been accepted for execution but is not yet completed. The payment execution is still in progress.ACSC: Settlement on the debtor’s account has been completed.ACCC: Settlement on the creditor's account has been completed.RJCT: Payment initiation has been rejected.