Use the Access Token to get a user session

Once you have received the access_token through the OAuth flow, you must use it to create a session. This session allows your app to perform authenticated API calls on behalf of the user. This is a equal process to the regular Start a Session flow. However what is different is that you use the end-users access token to get the session.

Endpoint

POST /v1/session-server

Purpose

This endpoint creates a new API session using the OAuth access token.

Example `cURL` Request

⚠️ This example assumes you’ve already signed the payload and have the device token ready.

bashCopyEditcurl -X POST https://api.bunq.com/v1/session-server \
  -H "Content-Type: application/json" \
  -H "Cache-Control: no-cache" \
  -H "User-Agent: my-app-name" \
  -H "X-Bunq-Language: en_US" \
  -H "X-Bunq-Region: nl_NL" \
  -H "X-Bunq-Geolocation: 0 0 0 0 000" \
  -H "X-Bunq-Client-Authentication: your_device_token" \
  -H "X-Bunq-Client-Signature: BASE64_SIGNATURE_OF_PAYLOAD" \
  -d '{"secret":"USER_ACCESS_TOKEN"}'

✅ Example Response


{
    "Response": [
        {
            "Id": {
                "id": 25536694
            }
        },
        {
            "Token": {
                "id": 25536694,
                "created": "2025-03-05 16:12:11.918100",
                "updated": "2025-03-05 16:12:11.918100",
                "token": "ce717e3001d979ff5e22bac13508b46e7ad740971d1d75c5371614e546ca8b83"
            }
        },
        {
            "UserPerson": { "id": 1822179,
                            "rest of the user object":...  }
        }
    ]
}

PreviousHandle the Authorization Code NextMaking API calls on behalf of bunq Users

Last updated 7 months ago

Was this helpful?

hashtagEndpoint

hashtagPurpose

hashtagExample cURL Request

hashtag✅ Example Response

Endpoint

Purpose

Example `cURL` Request

✅ Example Response