PSD2 Bulk Payment Initiation

With the PSD2 Bulk Payment Initiation API, Certified Payment Initiation Service Providers (PISPs) can create a seamless journey for your users, while providing them full access control throughout the process. You can request the account holder's consent by using our OAuth 2.0 Services API.

You can initiate bulk payments on behalf of your users using a Rabobank payment account. You can also retrieve the status of the initiated bulk payment in a PAIN.002 file format to keep track of the payments.

📘
This API can only be used through your web service.
The API is suited for payment files (PAIN.001), which may contain batches with (urgent) Euro Payments (SEPA), and (urgent) Cross Border Payments (non-SEPA).

For more information, read PSD2 Bulk Payment API flow.

🚧
Payment files containing multiple batches can be sent to the bank using PSD2 Bulk Payment Initiation, with a maximum of 3,000 batches per file. To ensure smooth processing, do not exceed 25,000 payment orders in a single payment file. Larger files—up to 100,000 payment orders—can be processed if compressed using GZIP.

Relevant scope for oauth2 access code flow

Scope name	Description
pi.bulk.read-write	Allows to create bulk payment initiations for the selected account

📘
Make sure that you use the Authorization and Token URL as provided by the oAuth2 Services

Rate Limiting

A default rate limit plan is set for all APIs. The rate limit can be shared or individual (defined per operation). The table below describes the rate limiting for this product.

Operation	Type	Limit (API calls / s)	Counts towards shared limit
`POST /v3/bulk-payments/pain.001-sepa-credit-transfers`	Shared	5	Yes
`GET /v3/bulk-payments/pain.001-sepa-credit-transfers/{PaymentId}/status`	Shared	5	Yes
All (premium) Oauth calls	Shared	5	Yes

Requests

The POST Payment and GET Status requests must contain a digital signature. You can generate this digital signature using the private key of your certificate. For the Sandbox environment, you can use an example certificate available in the Signing documentation.

This call requires a PAIN001 file, read more about it here.

NOTE: Please use the Authorization and Token URL as provided by the oAuth2 Services.

Response

POST BulkPayment transaction for SEPA credit transfer.

You can initiate a bulk credit transfer payment using a POST payment request.

After receiving the payment, a response of RCVD or RJCT is returned. You can use the status endpoint to get the latest status of the payment.


\{
      <?xml version="1.0" encoding="UTF-8"?>
      <InitiatedTransactionResponse>
          <_links>
              <status>
                  <href>/payments/bulk-payment-initiation/buts/v3/bulk-payments/pain.001-sepa-credit-transfers/123e4567-e89b-42d3-a456-556642444321/status</href>
              </status>
              <scaRedirect>
                  <href>https://bankieren-acpt2.rabobank.nl/klanten/bedrijven/internetbankieren/betalensparen/opdrachten_ondertekenen?bulkPaymentInitiationId=123e4567-e89b-42d3-a456-556642444321</href>
              </scaRedirect>
          </_links>
          <paymentId>123e4567-e89b-42d3-a456-556642444321</paymentId>
          <transactionStatus>RCVD</transactionStatus>
      </InitiatedTransactionResponse>

}

If a required header is not provided or blank, then the status of the response will be 400 BAD REQUEST and the response will contain the missing header name. For example if the header 'Signature' is missing, then the response will be:

`       \<?xml version="1.0" encoding="UTF-8" standalone="yes"?>  
       <ErrorResponse>
         <errorMessages>
           <category>WARNING</category>
           <code>FORMAT_ERROR</code>
           <text>Required header 'signature' is not present</text>
         </errorMessages>
       </ErrorResponse>
      `

Below you can find all supported test scenarios. In order to use these scenarios, call the API by using the examples for the fields provided in the endpoint description for POST/sepa-credit-transfers.

Scenario	Request	Remark
201 CREATED *	Valid Request with valid PAIN001 XML	multipart/form-data with payload variable name should be xml_sct
400 BAD REQUEST *	Send Request with required header missing	Request without X-Request_ID(blank) or No-DIGEST
400 BAD REQUEST *	PAIN001 is missing
400 BAD REQUEST *	PAIN001 is empty
401 Unauthorised	Send Request with invalid signature
401 Unauthorised	Send Request with invalid certificate
401 Unauthorised	Send Request with invalid digest
401 Unauthorised	If there is no consent for the used accounts	No permissions found for this product type
500 Internal server error	Server issue with the account consent	Internal Server Error, Permissions for this product type cannot be accessed
405 Method Not Allowed	Use PUT instead of POST method

Note: These codes are for Sandbox only.

For these test scenario's use the following values for the Digest and Signature header:

Scenario	Digest + Signature
201 CREATED	digest: sha-512=CwpW0kD24czZzJkjcqBTZnADBlOUdDxQpH5dhdCPMHZTd1W+HbmUQPbKYpguvgmvZosvSEUI4taIJeujn3Npig== signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id tpp-redirect-uri",signature="Q+deIM5k+OPvy0+eIdh7ZvRmvB9cu/TW88Ni1C3jfIk2C+y9QkNuKP7olkCNALY5XexTkfYLJlpbcZWkQ0OipT05Mb7LNbbN91bl3bRTjEHIlJ0XCJzORHRlYWpY/HsaKrF8PfuQBM/i6xkbH1eGWaiRxV/lMChsXYRcw9ncVieRMLP1QGfyBKgF/ZbvSuXdjwvcD3BewL7U3O60mL/1BxqJRoXZRlvMPpO34/Tl8XDRccaW7hAA7+X46f57Ath1wqo6PxJZ4CTauAVWeUjJMGaGXcIyviYXWE4wFKZEaTFd28Jq7E5ZhOPrLYRDY+7fajOkQGg7TAeenIKnQ7oT5w=="
400 Bad Request, X-Request-ID	digest: sha-512=CwpW0kD24czZzJkjcqBTZnADBlOUdDxQpH5dhdCPMHZTd1W+HbmUQPbKYpguvgmvZosvSEUI4taIJeujn3Npig== signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id tpp-redirect-uri",signature="N5UMuKbJupWzG3fjTG2iAnJmcGIK8ID5d6E/K7jMJ7Ci694tb0fWme6bVilFq8RF5UmZHIgbtAKD4kj1Vkq0LG/YLzYu+WZMdqo83Gv3Rl0psnYcKjcUC8i2DjWTAvUb9BTHt44+Eux2RH5AQuBHu1L3n1ggvzcs1TuQYkagTnX0hnxdbVCx/nMvQCM0kXCmKxB9GM3wv7oicAUAXpvmuTfUULLyzn6+fgCm6CSOePy4d5hMUapCZjXUkPianH+XxVBvu1SfkD+823QCRvvh72xctznx3ifPXtvmOahSkA58xp8eS6XWOXmfkOzYKkbpNEQfC3Os4LGzCiH+ATt24A=="
400 Bad Request, PAIN001 missing	digest: sha-512=5M97vlronVu+1jz6CIVqWr1ESjsnqffi94KAIv+gMj/ORJezFZAhU8T3wNhB5iP58TFttF/JD3x0sra/bEw09w== signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id tpp-redirect-uri",signature="D5xn7gHwQI45nj9W66XgV6WIaQy5dIt1Z5/OPYR3s7OJEUxQJofrJE2NTKzihBimGDmquoo6Jbzc8IKP/y8sW+bXbIK+h9jDUPVP6m3yKqho+u8LXMmIixS/i3Fd1sL/v1LGXat22a7EkcmIzmRZV2T+Fpz/67ORVp0oU43pELDeP+bVny1C1URVGXwZLdJ8M9WuleqUucncz6Sdd8aHyHb1yPZirU7nZjxAtvVo53DTNE0qZzKZNVGPDiqv840YWDUjFaH9ptDSrht5hAc8073kDoNC5gK5BbQbT2a2ZEMylRGkVk9wvgpLhQx6dXzvVA4KL3zfFpCgzBP/sy/FCQ=="
400 Bad Request, PAIN001 empty	digest: sha-512=BytS21SrvDD1vE+98gfCtcYTaTCDq3iZ82W7qxHANrkkVI3O4MvFebBK+neirmEFQfEJtXFahMq7vtfzegWeiQ== signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id tpp-redirect-uri",signature="PEs/TJ5ogXsBDKbdE54Jz7W4x/IyGwMfas05xOJ0ZN+0Y/6/kSOxgl5Ilubh1ruVpIBhGmltD46Ca2+blKKuNjtlLEXMlMUbGozhpth4nVm79coBBNZY2ROf6qMGKTMqkNonhpfpPRDcWOGY/87ACmGGFMSeJ5AenYCs+I+ZWYtZdQx1nIagwRgKTNylhElZ/Qz87P5F80LfYQxTibiAgtiYDkP6XN+JCK5/h8J2gJbLGCeyaSVmSF92RQQsB+wPQ1qN+9T339JdqVq7Vcgralf1RSHVs0CBmTvzNMrJ/ltvVBEQElEA0mpXyTVlDro9KJ/6j3rsnWoH9U8u0PSj4A=="

GET Payment Status for Bulk Payment SEPA credit transfer.

You can retrieve the status information for a payment initiation using a GET status request.

`    {  
      <?xml version="1.0" encoding="UTF-8"?>
      <Document xmlns="urn:iso:std:iso:20022:tech:xsd:pain.002.001.03">
          <CstmrPmtStsRpt>
              <GrpHdr>
                  <MsgId>RABO-PAIN002-PO-0000000127720675409</MsgId>
                  <CreDtTm>2019-09-23T14:41:48.459</CreDtTm>
                  <InitgPty>
                      <Id>
                          <OrgId>
                              <BICOrBEI>RABONL2U</BICOrBEI>
                          </OrgId>
                      </Id>
                  </InitgPty>
              </GrpHdr>
              <OrgnlGrpInfAndSts>
                  <OrgnlMsgId>PSD2 23-09-2019 1</OrgnlMsgId>
                  <OrgnlMsgNmId>PAIN.001.001.03</OrgnlMsgNmId>
                  <OrgnlCreDtTm>2019-09-23T12:01:29.123</OrgnlCreDtTm>
                  <OrgnlNbOfTxs>1</OrgnlNbOfTxs>
                  <OrgnlCtrlSum>3.33</OrgnlCtrlSum>
                  <GrpSts>ACTC</GrpSts>
              </OrgnlGrpInfAndSts>
              <OrgnlPmtInfAndSts>
                  <OrgnlPmtInfId>PSD2 23-09-2019 1</OrgnlPmtInfId>
                  <OrgnlNbOfTxs>1</OrgnlNbOfTxs>
                  <OrgnlCtrlSum>3.33</OrgnlCtrlSum>
                  <PmtInfSts>ACTC</PmtInfSts>
              </OrgnlPmtInfAndSts>
          </CstmrPmtStsRpt>
      </Document>
    }
   `

Some scenarios, as mentioned below, require specific paymentId(s) in the URL, example: (/payments/bulk-payment-initiation/buts/v3/bulk-payments/pain.001-sepa-credit-transfers/{paymentId}/status) to get the mentioned responses.

To view the GET parameters, read the endpoint description for GET/pain.001-sepa-credit-transfers/{paymentId}/status

Scenario	response	payment-id	remark
200 OK	PAIN002 file	123e4567-e89b-42d3-a456-556642440015
200 OK	RCVD	123e4567-e89b-42d3-a456-556642440007
200 OK	RJCT	123e4567-e89b-42d3-a456-556642440008
404 NOT FOUND		123e4567-e89b-42d3-a456-556642440005
400 BAD REQUEST *			Header: X-Request-ID which is sent in TPP Request is missing.

Note: These codes are for Sandbox only.

*) For this test scenario use the following values for the Digest and Signature header:

Scenario	Digest + Signature
400 Bad Request - X-Request-ID	digest: sha-512=z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg== signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="kzKJFQIO65xwzQYXMfHVCzB+cPPUNxRnc5oi1qcsYF8MHyhwZvnX7EqzKPc7A9so/jx0+PcE2G9FoTtEGG+xVRUeIdIJMkYnWfLemPw3mJn0JSy5USROKY7tN+pnl5oj0wGxm6GmqgA3bk8NGj8DQ4NCf0yrchJSF/yBf/wMtiDSYU9DODSexpB3rCQUYr+VjstDeKASv1mRMDfj0IWZ9RGE/8rNoifhtf2LS6b4hbufwjhaOzC/SQ+Bbjh+Znph0+9MsRFCDt94xLtsV3hMHoAEv+QjAipSyTiq9S8SGZNIeejhD4xrQkkfbLWzlgLj/lbbJHFoRIJlH/9M52Kr8w=="

Scenario

Digest + Signature

400 Bad Request - X-Request-ID

digest: sha-512=z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==
signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="kzKJFQIO65xwzQYXMfHVCzB+cPPUNxRnc5oi1qcsYF8MHyhwZvnX7EqzKPc7A9so/jx0+PcE2G9FoTtEGG+xVRUeIdIJMkYnWfLemPw3mJn0JSy5USROKY7tN+pnl5oj0wGxm6GmqgA3bk8NGj8DQ4NCf0yrchJSF/yBf/wMtiDSYU9DODSexpB3rCQUYr+VjstDeKASv1mRMDfj0IWZ9RGE/8rNoifhtf2LS6b4hbufwjhaOzC/SQ+Bbjh+Znph0+9MsRFCDt94xLtsV3hMHoAEv+QjAipSyTiq9S8SGZNIeejhD4xrQkkfbLWzlgLj/lbbJHFoRIJlH/9M52Kr8w=="

Here is a description of the expected response statuses:

Statuses present in the POST response

RCVD: Payment file received RJCT: Payment file rejected

Statuses present in the GET response

Interchange status/group status:

ACTC: Payment succesfully created

RJCT: Payment rejected.

Batch status:

RCVD: Payment batch received.

ACTC: Awaiting authorization. ACCP: Payment authorized. ACSC: Payment processed.

RJCT: Payment rejected, expired, or cancelled.

PDNG: Payment pending.

Transaction status on individual payment in the batch:

RJCT: Payment rejected. ACCP: Payment authorized. CANC: Payment withdrawn. PDNG: Payment pending. ACSC: Payment processed.