The standard HTTP Cache-Control header is required for all signed requests.
User-AgentstringRequired
The User-Agent header field should contain information about the user agent originating the request. There are no restrictions on the value of this header.
X-Bunq-LanguagestringOptional
The X-Bunq-Language header must contain a preferred language indication. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore. Currently only the languages en_US and nl_NL are supported. Anything else will default to en_US.
X-Bunq-RegionstringOptional
The X-Bunq-Region header must contain the region (country) of the client device. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore.
X-Bunq-Client-Request-IdstringOptional
This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.
X-Bunq-GeolocationstringOptional
This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued.
X-Bunq-Client-AuthenticationstringRequired
The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call
Responses
200
Endpoint for retrieving details for the cards the user has access to.
application/json
400
This is how the error response looks like for 4XX response codes
application/json
get
/user/{userID}/card
put
/user/{userID}/card/{itemId}
Update the card details. Allow to change pin code, status, limits, country permissions and the monetary account connected to the card. When the card has been received, it can be also activated through this endpoint.
Path parameters
userIDintegerRequired
itemIdintegerRequired
Header parameters
Cache-ControlstringOptional
The standard HTTP Cache-Control header is required for all signed requests.
User-AgentstringRequired
The User-Agent header field should contain information about the user agent originating the request. There are no restrictions on the value of this header.
X-Bunq-LanguagestringOptional
The X-Bunq-Language header must contain a preferred language indication. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore. Currently only the languages en_US and nl_NL are supported. Anything else will default to en_US.
X-Bunq-RegionstringOptional
The X-Bunq-Region header must contain the region (country) of the client device. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore.
X-Bunq-Client-Request-IdstringOptional
This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.
X-Bunq-GeolocationstringOptional
This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued.
X-Bunq-Client-AuthenticationstringRequired
The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call
Body
pin_codestringWrite-onlyOptional
The plaintext pin code. Requests require encryption to be enabled.
activation_codestringWrite-onlyOptional
DEPRECATED: Activate a card by setting status to ACTIVE when the order_status is ACCEPTED_FOR_PRODUCTION.
statusstringOptional
The status to set for the card. Can be ACTIVE, DEACTIVATED, LOST, STOLEN or CANCELLED, and can only be set to LOST/STOLEN/CANCELLED when order status is ACCEPTED_FOR_PRODUCTION/DELIVERED_TO_CUSTOMER/CARD_UPDATE_REQUESTED/CARD_UPDATE_SENT/CARD_UPDATE_ACCEPTED. Can only be set to DEACTIVATED after initial activation, i.e. order_status is DELIVERED_TO_CUSTOMER/CARD_UPDATE_REQUESTED/CARD_UPDATE_SENT/CARD_UPDATE_ACCEPTED. Mind that all the possible choices (apart from ACTIVE and DEACTIVATED) are permanent and cannot be changed after.
order_statusstringOptional
The order status to set for the card. Set to CARD_REQUEST_PENDING to get a virtual card produced.
monetary_account_id_fallbackintegerOptional
ID of the MA to be used as fallback for this card if insufficient balance. Fallback account is removed if not supplied.
preferred_name_on_cardstringOptional
The user's preferred name as it will be on the card.
second_linestringOptional
The second line of text on the card
cancellation_reasonstringWrite-onlyOptional
The reason for card cancellation.
Responses
200
Endpoint for retrieving details for the cards the user has access to.
application/json
400
This is how the error response looks like for 4XX response codes
application/json
put
/user/{userID}/card/{itemId}
get
/user/{userID}/card/{itemId}
Return the details of a specific card.
Path parameters
userIDintegerRequired
itemIdintegerRequired
Header parameters
Cache-ControlstringOptional
The standard HTTP Cache-Control header is required for all signed requests.
User-AgentstringRequired
The User-Agent header field should contain information about the user agent originating the request. There are no restrictions on the value of this header.
X-Bunq-LanguagestringOptional
The X-Bunq-Language header must contain a preferred language indication. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore. Currently only the languages en_US and nl_NL are supported. Anything else will default to en_US.
X-Bunq-RegionstringOptional
The X-Bunq-Region header must contain the region (country) of the client device. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore.
X-Bunq-Client-Request-IdstringOptional
This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.
X-Bunq-GeolocationstringOptional
This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued.
X-Bunq-Client-AuthenticationstringRequired
The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call
Responses
200
Endpoint for retrieving details for the cards the user has access to.
application/json
400
This is how the error response looks like for 4XX response codes
