search
Postman Collection

API Keys

bunq uses a secure, multi-layered authentication system to protect API access. This includes API key authentication, device registration, session management, and OAuth support. Below is an overview of

triangle-exclamation

Guard your API key carefully, as it provides access to sensitive financial information similar to actual banking details. Make sure not to commit it to your source control. If you end up doing so you can always revoke the key from your bunq app.

hashtag
API Key Authentication

The easiest way to authenticate with the bunq API is by using an API key. This key acts as a secret credential that identifies your application.

To use an API key, you must:

  1. Obtain an API Key – Generate one from the bunq app or request a sandbox API key via POST /sandbox-user. Or grab one from your bunq app in production.

  2. Register Your Device and starting a session – Before making API calls, your device must be registered with POST /device-server. This binds the API key to your device and its IP address. We dedicated a whole page on registering your installation, your device and starting a session here

hashtag
Session Management

  • Auto Logout: The auto-logout time set in the bunq app applies to all sessions, including API sessions.

  • Session Extension: If a request is made within 30 minutes of expiration, the session is automatically extended.

hashtag
Get your sandbox API Key

circle-check

Our tutorial Your first payment walks you through setting up API keys step by step, and also shows you how to do the subsequent steps.

You can get your API key for the sandbox through a Curl command or the developer portal. The Production API key can be taken from our App.

hashtag
Curl call to obtain API key

To create a user and obtain an API key you can just run 1 command from your terminal:

Run this command to obtain a user person. It will return just a API key, but in the background we generated a dummy user for you to play around with in the sandbox. 

curl --location --request POST 'https://public-api.sandbox.bunq.com/v1/sandbox-user-person'

Run this command to obtain a business user

curl --location --request POST 'https://public-api.sandbox.bunq.com/v1/sandbox-user-company'

This request will create a new user in the system. The response will give you the API key that belongs to this user. Store it somewhere safe.


{
    "Response": [
        {
            "ApiKey": {
                "api_key": "sandbox_a918ac413524f2bf56ceb740595e01839dd7f0321ca08e4c4ea93349"
            }
        }
    ]
}

PreviousAuthenticationNextOAuth

Last updated

Was this helpful?