Redirect Users to Authorize your app

Once you’ve successfully registered your OAuth client ( Register OAuth Client), you will have a client_id and client_secret. These credentials allow your application to request access on behalf of your users.

What we want now is to redirect the end-user to a page where they can give away the access to ther bank account. This is done by redirecting them to the authorization page.

In your app you'll have a button or step in your signup flow where you send your users to this authorization page when they link your app to their bunq account.

Step 1: Redirect Users to the Authorization Page

To begin, redirect your users to bunq’s authorization endpoint where they can grant your app access to their account:

https://oauth.bunq.com/auth?response_type=code&client_id={client_id}&redirect_uri={redirect_uri}&state={state}&scope={scope}

• response_type=code — Indicates that you’re using the authorization code flow.

• client_id — Your OAuth client ID.

• redirect_uri — Must match the URL registered with your OAuth client.

• state — Optional, but highly recommended for CSRF protection.

Example Authorization URL

https://oauth.bunq.com/auth?response_type=code&client_id=abc123xyz&redirect_uri=https://myapp.com/oauth/callback&state=xyz789

What Happens Next?

The user will scan the QR code with their bunq app and grant access to bank accounts. If you want to recreate this step you can use Android Emulatorto get a sandbox version of the bunq app.

Once the user completes the flow, bunq will redirect back to your redirect_uri with a temporary authorization code and the associated state that you sent along:

https://myapp.com/oauth/callback?code=AUTH_CODE&state=xyz789

You will then exchange this code for an access token to make authenticated API requests on the user’s behalf. We'll handle that in the next section