API Reference
Start typing to search…

Questions about API usage

I have lost my client secret. How do I reset it?

To reset your client secret click 'My Apps' in the main menu, click on the application in question and then click the 'Reset' link in the 'Client Secret' section. Your new secret will be displayed.

Can I have two QSeal certificates active at the same time?

A QSeal certificate is sent with a request, we do not store your certificate.

It therefore is possible to have two valid QSeal certificates active at the same time, if your own system allows.

For more information, feel free to contact us.

I want to change my QSeal certificate, how can I do this?

When you have a new QSeal certificate you don’t have to change anything on our developer portal.

A QSeal certificate is sent with the request, so you need to make sure you change the certificate in your own systems.

Can I have two TLS certificates active at the same time?

It is not possible to have two TLS certificates active at the same time because currently you can only upload one TLS certificate (PEM format) to your application in the Rabobank developer portal.

We are working on the requirement to add two certificates for the future.

How do I change my TLS certificate?

To change your TLS certificate:

  1. Log in to the Developer Dashboard.
  2. Go to your application and select the app for which you want to change the TLS certificate.
  3. Click Edit and upload your TLS certificate in PEM format.
  4. Click Save.

How do I configure multiple OAuth redirect URLs for my application?

When creating or editing your application, you can provide multiple OAuth URLs in the "OAuth Redirect URI" field. Separate them with a comma like so:

https://your-app.com,https://your-app.nl

When you supply multiple URLs, you need to specify which one we should use when you redirect the user to the authorization URL.

What is the difference between a SEPA EU credit transfer and a Cross Border credit transfer?

All payments in EUR to countries in the SEPA region are SEPA EU payments. Payments in EUR outside the SEPA region and all non-EUR payments are Cross Border credit transfers. To initiate these payments you need to use a different endpoint then for the SEPA EU payments. Please check the API documentation.

How can we use the "In-app" consent flow to make it possible for the user to give consent without having the need for a Rabo-scanner?

We support both the Web and In-app consent flow. For the Web flow, the Rabo scanner is mandatory and for the In-app flow consent can be given using the Rabo Bankieren App.

Prerequisites:

  • The Rabobank Bankieren app should be installed on and registered to the device being used to give consent. Available in versions:
    • iOS use Bankieren app version >= 6.7,
    • Android use Bankieren app >= 5.14.1
  • The URL is picked up from the device, the OAuth2 /authorize call should be executed on the device. If this is not available, the web flow is initiated.

How do I subscribe my application?

  1. Log in to the Developer Dashboard.
  2. Go to your application and create or select the app you want to subscribe.
  3. Under the details tab you can find your active subscriptions and a button "Add subscription".
  4. Select the API product you want to subscribe to and confirm your choice.

Where can I find OAuth 2.0 scopes?

Each API product has a detailed overview that also includes information about the relevant scopes. For example: Business Account Insight

I am getting a 429 (too many requests) HTTP status code. What went wrong?

The 429 HTTP status code indicates that your application exceeded the rate limit. Check the plan of the product you subscribed your application to for more information on rate limits.

I am getting a 401 (unauthorized) HTTP status code. What went wrong?

The possible reasons for a 401 HTTP status code:

  • The required client id or client secret has not been successfully provided.
  • Your application is not subscribed to the correct product.
  • The TLS certificate for your application was not provided in the developer portal.
  • The TLS certificate was not added to the API call.
  • The TLS certificate added to the API call does not match the one provided in the developer portal.

How can I migrate to a different version of the same product?

When migrating to a new version of a product you first need to unsubscribe your application from the current product. Now you can subscribe your application again to the desired version of the product.

How to use mutual TLS

Read all about mutual TLS in our guide on How to use Mutual TLS

API calls in production fail while the same request works fine in sandbox.

There can be multiple reasons why requests are failing. Most error responses are self-explanatory. However, your request could be failing because it doesn't contain the "user-agent" header. Make sure you provide a user agent header in your request.

How to use OAuth 2.0?

Rabobank secured APIs use OAuth2 for authentication and authorization. When you successfully pass the OAuth flow you receive a access token.

A detailed description on how to use OAuth2 can be found with the APIs it applies to: