How Rabobank helps TPPs get ahead

How Rabobank helps TPPs get ahead

How Rabobank helps TPPs get ahead

Every third-party provider (TPP) knows: if the foundations aren’t sound, then your app is doomed to fail. That’s why Rabobank’s Third Party Access Control team (TPAC) facilitates problem-free access, stability and testing. TPAC developer Sarkout Mahmoud tells how.


Over the past year, the TPAC team has grown rapidly. “We’re eager to comply with the relevant legislation”, Sarkout explains. “That demands a lot more effort now that a growing number of TPPs are using Rabobank’s APIs to develop applications that are subject to the European PSD2 regulations.” Sarkout and his colleagues use a variety of means to ensure that access to the APIs on Rabobank’s Developer Portal runs smoothly and that they provide a solid foundation for innovative applications.

Quick access

Time is money, so access starts with a smart onboarding API that allows TPPs to quickly take advantage of the APIs that are already available. During the development phase, the API Consent Details Service gives you easy access to the legally required end user’s consent. Sarkout: “When the consent expires, whether via the TPP or the end user, then the API Consent Details Service can quickly trace the cause and enable you to request re-approval to get your application up and running again.”

More stability

Sarkout explains how we’re constantly working to keep applications running smoothly: “We’ve migrated all of the APIs to pivotal cloud foundry (PCF), for example. The benefit of that is the flexibility it offers for fine-tuning software and fixing bugs. We can use Sonar, Fortify and CLM integration to guarantee the quality and security of our code”, he adds. “We can also fix any bugs quickly thanks to CI/CD. And naturally, we ensure that all of the documentation is complete, tested and accurate to support developers. TPPs can rely on us to provide proper documentation for all of the flows.”

Smarter testing

Finally, we also ensure that all software that reaches the end users is completely flawless. “We use canary tests to thoroughly test changes to codes for all end users”, Sarkout explains. “And with blue-green deployment, TPPs and end users don’t experience downtime when we implement new features or bug fixes. TPPs can also use the sandboxes that we’ve created for almost all of our APIs to test their applications. These are just a few of the ways we constantly work to ensure an excellent experience for TPPs and their end users.”