Rabobank Link for direct connectors User Guide

Rabobank Link for direct connectors

Specifications

• Product Name: Rabo Banking Link for Direct Connectors
• Version: 1.0 | August 2023

Product Information

• Business Account Insight (BAI): Allows business customers to retrieve transaction and balance information from a Rabobank payment or savings account.
• Business Payment Initiation (BPI): Enables initiating bulk and single payments via APIs on behalf of your organization from a Rabobank business payment account.
• Business Instant Payout (BIP): Provides a fully automated payment solution for corporate businesses with trigger-based instant payouts for partners, customers, and employees.
• Business Direct Debit (BDD): Allows delivering batches of direct debit orders at the request of the business account holder with a Rabobank account.
• Payment Request (PR): Enables requesting payment links from Rabobank using your application as part of the billing process.

Product Usage Instructions

Preconditions for Use
Before starting to use Rabo Banking Link services, ensure the following preconditions are met

• The services should be available within your organization.
• Be aware that additional conditions may be imposed by Rabobank or changes to existing conditions may occur.

Setting up Rabo Banking Link
To set up Rabo Banking Link, follow these steps

1. Visit the Rabobank developer portal to access information about the APIs included in Rabo Banking Link.
2. Create an account on the Rabobank developer portal.
3. Follow the provided steps for making a connection, which can be found at https://developer.rabobank.nl/get-started.

FAQ
Q: What should I do if I encounter issues during the setup process?
If you face any challenges during the setup of Rabo Banking Link, please reach out to our support team for assistance.

Introduction

With our Rabo Banking Link services you can initiate and process, retrieve account information or create payment links. In this manual we give your practical information, so you can setup the Rabo Banking Link services as good as possible.
The Rabo Banking Link contains the following API services:

Preconditions for use

The following preconditions are important before you can start using our Rabo Banking Link services. Please take this into account when opting for this product.

• You have a high degree of automation;
• You have a professional IT environment and good infrastructure;
• There is professional ICT (security) expertise permanently available within your organisation.

We may also impose other conditions on the use of our Rabo Banking Link services, or amend these conditions.

Setting up Rabo Banking Link

On the Rabobank developer portal you will find information about the APIs that are part of Rabo Banking Link and how to make a connection. In order to use the APIs, you will first have to create an account on Rabobank developer portal and follow a few steps. These steps can be found at https://developer.rabobank.nl/get-started.

After you have followed these steps, you will have:

1. An account on the Rabobank developer portal
2. Your organisation registered
3. Your application registered
4. Access to the Sandbox environment
5. A subscription to the API you are interested in

Register organisation and application name
When registering your application, you will be asked for your application name. The following rules apply to these names:

1. Organisation name: the legal name or registered trade name of your organisation as known at the Chamber of Commerce.
2.  Application name: Name of your application for which you are going to use one or more API’s. This name must be recognisable by Rabobank.

Testing in Sandbox
In the Rabobank developer portal Sandbox you can set up your connection with an API in a safe environment and then test it before moving to production (‘Go Live’).
You will find the (technical) information required to start a connection on Rabobank developer portal.
Below are a few tips for setting up and testing the APIs in general:

• Always follow Rabobank’s technical guidelines. These technical guidelines can be found in the technical documentation.
• When submitting a payment instruction and requesting the status of the payment instruction, a status code will always follow. The technical documentation on Rabobank developer portal shows which status codes are possible.
• In the specified parameters of the technical documentation you will find examples for the POST and GET endpoints and corresponding response messages for the API. You must use these to set up your API in your system.
• If you have any questions, please refer to our FAQs. If you cannot find the answer to your question, please contact our support team (see Chapter 5 for contact details).

OAuth implementation
The use of the Rabo Banking Link services referred to in chapter
1 requires explicit consent from the account holder. The consent granted by the account holder or their legal representative is continuous and has no end date. In a secure Rabobank environment, the account holder chooses the account(s) that may be used for the API and you invoke this secure Rabobank environment via a ‘redirect’ from your application. You can find how to set up OAuth 2.0 on Rabobank developer portal.

The customer journey is as follows:

1. Account holder is redirected from your application to a secure Rabobank environment. If you are the account holder yourself, you invoke the redirect for your own use.
2. Account holder selects the account(s) that may be used for selected API.
3.  The account holder will be returned from the Rabobank environment to your own application.
4. You will receive an authorization code that allows you to request tokens connected to the consent. You use these tokens to retrieve the account holder’s details, for example.

If the account holder wishes to add an account, the account holder must go through all steps specified in 3.3. In case of removing consent for an account this can be done in Rabo Business Banking.
Only the authorized users of the organisation can give consent. The requirements are:

1. Within Rabo Business Banking (Pro) you have the role of ‘Owner’ with an owner pass.
2. You have the ‘AdministratorPlus’ role within Rabo Business Banking (Pro) with authorization to access the accounts.

When the authorized user who has given consent is removed from the Rabobank agreement, the consent must be given again by another authorized user of the organisation. The existing consent should be revoked by the new authorized user in Rabo Business Banking.
For Business Instant Payout the selected accounts must correspond with the accounts specified in the agreement and setup form.

Consent details service
The consent details service enables you to request the status ‘and content’ of the consent.

Certificates
Certificates are required for both the Sandbox and the Production environment. The difference is that a self-signed certificate is sufficient for the Sandbox. You can find the self-signed certificate here. This means that you do not have to purchase the Sandbox certificate from a Certificate Authority. A self- signed certificate is not permitted in the production environment.
This requires EV certificates issued by a certificate authority mentioned on the Mozilla list.
You need two certificates for the production environment:

1. An EV SSL certificate for securing the transport (Mutual TLS)
2. An EV SSL certificate for signing messages

You must upload the Mutual TLS certificate to the Rabobank developer portal. You can find more information about how the Mutual TLS certificate should be used here.
For Business Instant Payout and Payment Request, you are asked to share the certificate you are going to use for the purpose of signing API messages with Rabobank (in txt.) via your contact person at Rabobank.

Both certificates may be a duplicate of one another. The certificates must meet the following requirements:

• EV SSL certificates from the certificate issuers listed in the Mozilla CA Certificate report
• X.509 format
• RSA: key length should be at least 2048-bit
• Certificate should be valid for a maximum of one year

Applying for an EV certificate can take several weeks. It is important to request the certificate on time.
Please bear in mind that the application for the certificate is subject to costs and that you must regularly renew the certificate.
Take adequate steps to prevent and limit fraud and unauthorised use of Business Instant Payout. Rabobank strongly advises a Hardware Security Module (HSM) for the storage of certificates.

Go Live request

Once you have completed the implementation of your API in Sandbox successfully, you can apply for ‘Go Live’ using the following link: Contact | Rabobank Developer Portal.

The request process is as follows

1. You have performed a successful test in Sandbox; fill out the form for Go live via Contact | Rabobank Developer Portal. Your contact person from Rabobank provides a set-up form and draws up the contract.
2.  You receive the contract, the set-up form and the product terms and conditions from your contact person within the bank.
3. You sign the contract and set-up form and send it to your contact person at Rabobank.
4.  You receive a production account for the requested API(s).

Rabobank cannot guarantee that results achieved in the Sandbox environment are representative for operation in the production environment. No rights or obligations can be derived from this. That is why we advise you to also perform a number of penny tests in the production environment after you have tested in the Sandbox environment.

Set-up form
In the Set-up form of Rabo Banking Link you can request the API services and how you want to set up your account. This includes:

• API(s) you want to request
• Which Rabobank account we can use for invoicing

For Business Instant Payout (BIP) we need additional information:

• Which Rabobank accounts you want to use for BIP
• The maximum amount per transaction for BIP

The set-up form can be provided by your contact person at Rabobank as soon as you submit the application for ‘Go Live’. This set-up form needs to be signed by the right authorized persons for the account name that is given.

Terms and conditions
You can download the terms and conditions for Rabo Banking Link on Rabobank developer portal.

Amending or terminating the contract
You can also amend the contract using the Set-up Form. You can indicate there that you wish to communicate a change and you can then record this change in the form. It is also possible to terminate the contract using this form. The set-up form clearly explains how to notify a change or termination. Please read this first if you are unsure.

Support

Contact information and support
If you have any questions or problems, please contact our Rabobank developer support team. You can send your question via a contact form on Rabo developer portal. You will receive a response within 5 working days.

• Support Desk: Rabobank developer support,
• Open: Monday to Friday from 8:00 to 17:30
• Email: openbanking@rabobank.nl
• Website: Contact | Rabobank developer portal

Communication about maintenance
Rabobank will inform you about maintenance, changes in functionality and downtime of the API(s). We will try to inform you as early as possible of any forthcoming changes, so that you have sufficient time to prepare for them. The mail address you have entered in the Rabobank developer portal and the email address of the technical contact person you have filled out in the setup form is used for communication purposes.

Status of the availability of our API services can be found here.

Misuse and fraud
You should contact Rabobank developer support immediately in the event of fraud/misuse or if you suspect fraud/misuse. From your production account, you can use the contact form to report an urgent problem relating to a data breach or availability of the API or to freeze your account/app immediately. Figure 1 provides an image of the contact form.

If you make the notification during office hours, the notification will be sent to Rabobank developer support. An emergency procedure applies outside Rabobank developer support’s opening hours.

Based on your notification, Rabobank may decide to freeze your account, app and/or your certificate with immediate effect. We will also contact you to discuss whether and how we can restore the link in a safe manner. If the notification is made at night or in
the weekend, you will be called back in the morning of the next working day.

Figure 1: Urgent Problem Contact Form Developer Portal

Change Log
Title: Rabo Banking Link Manual
Version: 1.0
Date: August 2023

Date| Version| Type of Change| Reason for change
---|---|---|---
August 2023| 1.0| Product introduction| –

Manual Rabo Banking Link for direct connectors

References

• developer.rabobank.com/status
• developer.rabobank.nl/contact
• Get started | Rabobank Developer Portal
• How to use mutual TLS | Rabobank Developer Portal
• CA/Included Certificates - MozillaWiki

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>