# Credential Password IP

These endpoints allow you to update and manage the list of allowed IP addresses for your password-based credentials.&#x20;

This IP whitelisting is a crucial security feature that safeguards which devices or servers can make authenticated API calls on your behalf. For more information refer to [Whitelisting and Updating IP addresses](/basics/whitelisting-and-updating-ip-addresses.md)

Ask ChatGPT

## GET /user/{userID}/credential-password-ip/{itemId}

> Create a credential of a user for server authentication, or delete the credential of a user for server authentication.

```json
{"openapi":"3.0.0","info":{"title":"bunq API","version":"1.0"},"tags":[{"name":"credential-password-ip","description":""}],"servers":[{"url":"https://public-api.sandbox.bunq.com/{basePath}","description":"Sandbox server","variables":{"basePath":{"default":"v1"}}},{"url":"https://api.bunq.com/{basePath}","description":"Production server","variables":{"basePath":{"default":"v1"}}}],"paths":{"/user/{userID}/credential-password-ip/{itemId}":{"get":{"tags":["credential-password-ip"],"summary":"","operationId":"READ_CredentialPasswordIp_for_User","description":"Create a credential of a user for server authentication, or delete the credential of a user for server authentication.","parameters":[{"in":"path","name":"userID","description":"","required":true,"schema":{"type":"integer"}},{"in":"path","name":"itemId","description":"","required":true,"schema":{"type":"integer"}},{"$ref":"#/components/parameters/Cache-Control"},{"$ref":"#/components/parameters/User-Agent"},{"$ref":"#/components/parameters/X-Bunq-Language"},{"$ref":"#/components/parameters/X-Bunq-Region"},{"$ref":"#/components/parameters/X-Bunq-Client-Request-Id"},{"$ref":"#/components/parameters/X-Bunq-Geolocation"},{"$ref":"#/components/parameters/X-Bunq-Client-Authentication"}],"responses":{"200":{"description":"Create a credential of a user for server authentication, or delete the credential of a user for server authentication.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserCredentialPasswordIpRead"}}},"headers":{"X-Bunq-Client-Response-Id":{"$ref":"#/components/headers/X-Bunq-Client-Response-Id"},"X-Bunq-Client-Request-Id":{"$ref":"#/components/headers/X-Bunq-Client-Request-Id"},"X-Bunq-Server-Signature":{"$ref":"#/components/headers/X-Bunq-Server-Signature"}}},"400":{"$ref":"#/components/responses/GenericError"}}}}},"components":{"parameters":{"Cache-Control":{"description":"The standard HTTP Cache-Control header is required for all signed requests.","schema":{"type":"string"},"required":false,"in":"header","name":"Cache-Control"},"User-Agent":{"description":"The User-Agent header field should contain information about the user agent originating the request. There are no restrictions on the value of this header.","schema":{"type":"string"},"required":true,"in":"header","name":"User-Agent"},"X-Bunq-Language":{"description":"The X-Bunq-Language header must contain a preferred language indication. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore. Currently only the languages en_US and nl_NL are supported. Anything else will default to en_US.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Language"},"X-Bunq-Region":{"description":"The X-Bunq-Region header must contain the region (country) of the client device. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Region"},"X-Bunq-Client-Request-Id":{"description":"This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Client-Request-Id"},"X-Bunq-Geolocation":{"description":"This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Geolocation"},"X-Bunq-Client-Authentication":{"description":"The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call","schema":{"type":"string"},"required":true,"in":"header","name":"X-Bunq-Client-Authentication"}},"schemas":{"UserCredentialPasswordIpRead":{"type":"object","properties":{"id":{"type":"integer","description":"The id of the credential.","readOnly":true,"writeOnly":false},"created":{"type":"string","description":"The timestamp of the credential object's creation.","readOnly":true,"writeOnly":false},"updated":{"type":"string","description":"The timestamp of the credential object's last update.","readOnly":true,"writeOnly":false},"status":{"type":"string","description":"The status of the credential.","readOnly":true,"writeOnly":false},"expiry_time":{"type":"string","description":"When the status is PENDING_FIRST_USE: when the credential expires.","readOnly":true,"writeOnly":false},"token_value":{"type":"string","description":"When the status is PENDING_FIRST_USE: the value of the token.","readOnly":true,"writeOnly":false},"permitted_device":{"type":"object","description":"When the status is ACTIVE: the details of the device that may use the credential.","readOnly":true,"writeOnly":false,"$ref":"#/components/schemas/PermittedDevice"}}},"PermittedDevice":{"type":"object","properties":{"description":{"type":"string","description":"The description of the device that may use the credential.","readOnly":true,"writeOnly":false},"ip":{"type":"string","description":"The IP address of the device that may use the credential.","readOnly":true,"writeOnly":false}}},"Error":{"type":"array","items":{"type":"object","properties":{"error_description":{"type":"string","description":"The error description in English."},"error_description_translated":{"type":"string","description":"The error description translated to the user's language."}}}}},"headers":{"X-Bunq-Client-Response-Id":{"description":"A unique ID for the response formatted as a UUID. Clients can use it to add extra protection against replay attacks.","schema":{"type":"string"}},"X-Bunq-Client-Request-Id":{"description":"This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.","schema":{"type":"string"},"required":false},"X-Bunq-Server-Signature":{"description":"The server's signature for this response. See the signing page for details on how to verify this signature.","schema":{"type":"string"}}},"responses":{"GenericError":{"description":"This is how the error response looks like for 4XX response codes","headers":{"X-Bunq-Client-Response-Id":{"$ref":"#/components/headers/X-Bunq-Client-Response-Id"},"X-Bunq-Client-Request-Id":{"$ref":"#/components/headers/X-Bunq-Client-Request-Id"},"X-Bunq-Server-Signature":{"$ref":"#/components/headers/X-Bunq-Server-Signature"}},"content":{"application/json":{"schema":{"type":"object","properties":{"Error":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## GET /user/{userID}/credential-password-ip

> Create a credential of a user for server authentication, or delete the credential of a user for server authentication.

```json
{"openapi":"3.0.0","info":{"title":"bunq API","version":"1.0"},"tags":[{"name":"credential-password-ip","description":""}],"servers":[{"url":"https://public-api.sandbox.bunq.com/{basePath}","description":"Sandbox server","variables":{"basePath":{"default":"v1"}}},{"url":"https://api.bunq.com/{basePath}","description":"Production server","variables":{"basePath":{"default":"v1"}}}],"paths":{"/user/{userID}/credential-password-ip":{"get":{"tags":["credential-password-ip"],"summary":"","operationId":"List_all_CredentialPasswordIp_for_User","description":"Create a credential of a user for server authentication, or delete the credential of a user for server authentication.","parameters":[{"in":"path","name":"userID","description":"","required":true,"schema":{"type":"integer"}},{"$ref":"#/components/parameters/Cache-Control"},{"$ref":"#/components/parameters/User-Agent"},{"$ref":"#/components/parameters/X-Bunq-Language"},{"$ref":"#/components/parameters/X-Bunq-Region"},{"$ref":"#/components/parameters/X-Bunq-Client-Request-Id"},{"$ref":"#/components/parameters/X-Bunq-Geolocation"},{"$ref":"#/components/parameters/X-Bunq-Client-Authentication"}],"responses":{"200":{"description":"Create a credential of a user for server authentication, or delete the credential of a user for server authentication.","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/UserCredentialPasswordIpListing"}}}},"headers":{"X-Bunq-Client-Response-Id":{"$ref":"#/components/headers/X-Bunq-Client-Response-Id"},"X-Bunq-Client-Request-Id":{"$ref":"#/components/headers/X-Bunq-Client-Request-Id"},"X-Bunq-Server-Signature":{"$ref":"#/components/headers/X-Bunq-Server-Signature"}}},"400":{"$ref":"#/components/responses/GenericError"}}}}},"components":{"parameters":{"Cache-Control":{"description":"The standard HTTP Cache-Control header is required for all signed requests.","schema":{"type":"string"},"required":false,"in":"header","name":"Cache-Control"},"User-Agent":{"description":"The User-Agent header field should contain information about the user agent originating the request. There are no restrictions on the value of this header.","schema":{"type":"string"},"required":true,"in":"header","name":"User-Agent"},"X-Bunq-Language":{"description":"The X-Bunq-Language header must contain a preferred language indication. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore. Currently only the languages en_US and nl_NL are supported. Anything else will default to en_US.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Language"},"X-Bunq-Region":{"description":"The X-Bunq-Region header must contain the region (country) of the client device. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Region"},"X-Bunq-Client-Request-Id":{"description":"This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Client-Request-Id"},"X-Bunq-Geolocation":{"description":"This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Geolocation"},"X-Bunq-Client-Authentication":{"description":"The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call","schema":{"type":"string"},"required":true,"in":"header","name":"X-Bunq-Client-Authentication"}},"schemas":{"UserCredentialPasswordIpListing":{"type":"object","properties":{"id":{"type":"integer","description":"The id of the credential.","readOnly":true,"writeOnly":false},"created":{"type":"string","description":"The timestamp of the credential object's creation.","readOnly":true,"writeOnly":false},"updated":{"type":"string","description":"The timestamp of the credential object's last update.","readOnly":true,"writeOnly":false},"status":{"type":"string","description":"The status of the credential.","readOnly":true,"writeOnly":false},"expiry_time":{"type":"string","description":"When the status is PENDING_FIRST_USE: when the credential expires.","readOnly":true,"writeOnly":false},"token_value":{"type":"string","description":"When the status is PENDING_FIRST_USE: the value of the token.","readOnly":true,"writeOnly":false},"permitted_device":{"type":"object","description":"When the status is ACTIVE: the details of the device that may use the credential.","readOnly":true,"writeOnly":false,"$ref":"#/components/schemas/PermittedDevice"}}},"PermittedDevice":{"type":"object","properties":{"description":{"type":"string","description":"The description of the device that may use the credential.","readOnly":true,"writeOnly":false},"ip":{"type":"string","description":"The IP address of the device that may use the credential.","readOnly":true,"writeOnly":false}}},"Error":{"type":"array","items":{"type":"object","properties":{"error_description":{"type":"string","description":"The error description in English."},"error_description_translated":{"type":"string","description":"The error description translated to the user's language."}}}}},"headers":{"X-Bunq-Client-Response-Id":{"description":"A unique ID for the response formatted as a UUID. Clients can use it to add extra protection against replay attacks.","schema":{"type":"string"}},"X-Bunq-Client-Request-Id":{"description":"This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.","schema":{"type":"string"},"required":false},"X-Bunq-Server-Signature":{"description":"The server's signature for this response. See the signing page for details on how to verify this signature.","schema":{"type":"string"}}},"responses":{"GenericError":{"description":"This is how the error response looks like for 4XX response codes","headers":{"X-Bunq-Client-Response-Id":{"$ref":"#/components/headers/X-Bunq-Client-Response-Id"},"X-Bunq-Client-Request-Id":{"$ref":"#/components/headers/X-Bunq-Client-Request-Id"},"X-Bunq-Server-Signature":{"$ref":"#/components/headers/X-Bunq-Server-Signature"}},"content":{"application/json":{"schema":{"type":"object","properties":{"Error":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## GET /user/{userID}/credential-password-ip/{credential-password-ipID}/ip/{itemId}

> Manage the IPs which may be used for a credential of a user for server authentication.

```json
{"openapi":"3.0.0","info":{"title":"bunq API","version":"1.0"},"tags":[{"name":"ip","description":""}],"servers":[{"url":"https://public-api.sandbox.bunq.com/{basePath}","description":"Sandbox server","variables":{"basePath":{"default":"v1"}}},{"url":"https://api.bunq.com/{basePath}","description":"Production server","variables":{"basePath":{"default":"v1"}}}],"paths":{"/user/{userID}/credential-password-ip/{credential-password-ipID}/ip/{itemId}":{"get":{"tags":["ip"],"summary":"","operationId":"READ_Ip_for_User_CredentialPasswordIp","description":"Manage the IPs which may be used for a credential of a user for server authentication.","parameters":[{"in":"path","name":"userID","description":"","required":true,"schema":{"type":"integer"}},{"in":"path","name":"credential-password-ipID","description":"","required":true,"schema":{"type":"integer"}},{"in":"path","name":"itemId","description":"","required":true,"schema":{"type":"integer"}},{"$ref":"#/components/parameters/Cache-Control"},{"$ref":"#/components/parameters/User-Agent"},{"$ref":"#/components/parameters/X-Bunq-Language"},{"$ref":"#/components/parameters/X-Bunq-Region"},{"$ref":"#/components/parameters/X-Bunq-Client-Request-Id"},{"$ref":"#/components/parameters/X-Bunq-Geolocation"},{"$ref":"#/components/parameters/X-Bunq-Client-Authentication"}],"responses":{"200":{"description":"Manage the IPs which may be used for a credential of a user for server authentication.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PermittedIpRead"}}},"headers":{"X-Bunq-Client-Response-Id":{"$ref":"#/components/headers/X-Bunq-Client-Response-Id"},"X-Bunq-Client-Request-Id":{"$ref":"#/components/headers/X-Bunq-Client-Request-Id"},"X-Bunq-Server-Signature":{"$ref":"#/components/headers/X-Bunq-Server-Signature"}}},"400":{"$ref":"#/components/responses/GenericError"}}}}},"components":{"parameters":{"Cache-Control":{"description":"The standard HTTP Cache-Control header is required for all signed requests.","schema":{"type":"string"},"required":false,"in":"header","name":"Cache-Control"},"User-Agent":{"description":"The User-Agent header field should contain information about the user agent originating the request. There are no restrictions on the value of this header.","schema":{"type":"string"},"required":true,"in":"header","name":"User-Agent"},"X-Bunq-Language":{"description":"The X-Bunq-Language header must contain a preferred language indication. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore. Currently only the languages en_US and nl_NL are supported. Anything else will default to en_US.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Language"},"X-Bunq-Region":{"description":"The X-Bunq-Region header must contain the region (country) of the client device. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Region"},"X-Bunq-Client-Request-Id":{"description":"This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Client-Request-Id"},"X-Bunq-Geolocation":{"description":"This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Geolocation"},"X-Bunq-Client-Authentication":{"description":"The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call","schema":{"type":"string"},"required":true,"in":"header","name":"X-Bunq-Client-Authentication"}},"schemas":{"PermittedIpRead":{"type":"object","properties":{"ip":{"type":"string","description":"The IP address.","readOnly":true,"writeOnly":false},"status":{"type":"string","description":"The status of the IP. May be \"ACTIVE\" or \"INACTIVE\". It is only possible to make requests from \"ACTIVE\" IP addresses. Only \"ACTIVE\" IPs will be billed.","readOnly":true,"writeOnly":false}}},"Error":{"type":"array","items":{"type":"object","properties":{"error_description":{"type":"string","description":"The error description in English."},"error_description_translated":{"type":"string","description":"The error description translated to the user's language."}}}}},"headers":{"X-Bunq-Client-Response-Id":{"description":"A unique ID for the response formatted as a UUID. Clients can use it to add extra protection against replay attacks.","schema":{"type":"string"}},"X-Bunq-Client-Request-Id":{"description":"This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.","schema":{"type":"string"},"required":false},"X-Bunq-Server-Signature":{"description":"The server's signature for this response. See the signing page for details on how to verify this signature.","schema":{"type":"string"}}},"responses":{"GenericError":{"description":"This is how the error response looks like for 4XX response codes","headers":{"X-Bunq-Client-Response-Id":{"$ref":"#/components/headers/X-Bunq-Client-Response-Id"},"X-Bunq-Client-Request-Id":{"$ref":"#/components/headers/X-Bunq-Client-Request-Id"},"X-Bunq-Server-Signature":{"$ref":"#/components/headers/X-Bunq-Server-Signature"}},"content":{"application/json":{"schema":{"type":"object","properties":{"Error":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## PUT /user/{userID}/credential-password-ip/{credential-password-ipID}/ip/{itemId}

> Manage the IPs which may be used for a credential of a user for server authentication.

```json
{"openapi":"3.0.0","info":{"title":"bunq API","version":"1.0"},"tags":[{"name":"ip","description":""}],"servers":[{"url":"https://public-api.sandbox.bunq.com/{basePath}","description":"Sandbox server","variables":{"basePath":{"default":"v1"}}},{"url":"https://api.bunq.com/{basePath}","description":"Production server","variables":{"basePath":{"default":"v1"}}}],"paths":{"/user/{userID}/credential-password-ip/{credential-password-ipID}/ip/{itemId}":{"put":{"tags":["ip"],"summary":"","operationId":"UPDATE_Ip_for_User_CredentialPasswordIp","description":"Manage the IPs which may be used for a credential of a user for server authentication.","parameters":[{"in":"path","name":"userID","description":"","required":true,"schema":{"type":"integer"}},{"in":"path","name":"credential-password-ipID","description":"","required":true,"schema":{"type":"integer"}},{"in":"path","name":"itemId","description":"","required":true,"schema":{"type":"integer"}},{"$ref":"#/components/parameters/Cache-Control"},{"$ref":"#/components/parameters/User-Agent"},{"$ref":"#/components/parameters/X-Bunq-Language"},{"$ref":"#/components/parameters/X-Bunq-Region"},{"$ref":"#/components/parameters/X-Bunq-Client-Request-Id"},{"$ref":"#/components/parameters/X-Bunq-Geolocation"},{"$ref":"#/components/parameters/X-Bunq-Client-Authentication"}],"requestBody":{"description":"","required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PermittedIp"}}}},"responses":{"200":{"description":"Manage the IPs which may be used for a credential of a user for server authentication.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PermittedIpUpdate"}}},"headers":{"X-Bunq-Client-Response-Id":{"$ref":"#/components/headers/X-Bunq-Client-Response-Id"},"X-Bunq-Client-Request-Id":{"$ref":"#/components/headers/X-Bunq-Client-Request-Id"},"X-Bunq-Server-Signature":{"$ref":"#/components/headers/X-Bunq-Server-Signature"}}},"400":{"$ref":"#/components/responses/GenericError"}}}}},"components":{"parameters":{"Cache-Control":{"description":"The standard HTTP Cache-Control header is required for all signed requests.","schema":{"type":"string"},"required":false,"in":"header","name":"Cache-Control"},"User-Agent":{"description":"The User-Agent header field should contain information about the user agent originating the request. There are no restrictions on the value of this header.","schema":{"type":"string"},"required":true,"in":"header","name":"User-Agent"},"X-Bunq-Language":{"description":"The X-Bunq-Language header must contain a preferred language indication. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore. Currently only the languages en_US and nl_NL are supported. Anything else will default to en_US.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Language"},"X-Bunq-Region":{"description":"The X-Bunq-Region header must contain the region (country) of the client device. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Region"},"X-Bunq-Client-Request-Id":{"description":"This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Client-Request-Id"},"X-Bunq-Geolocation":{"description":"This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Geolocation"},"X-Bunq-Client-Authentication":{"description":"The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call","schema":{"type":"string"},"required":true,"in":"header","name":"X-Bunq-Client-Authentication"}},"schemas":{"PermittedIp":{"type":"object","properties":{"ip":{"type":"string","description":"The IP address.","readOnly":false,"writeOnly":false},"status":{"type":"string","description":"The status of the IP. May be \"ACTIVE\" or \"INACTIVE\". It is only possible to make requests from \"ACTIVE\" IP addresses. Only \"ACTIVE\" IPs will be billed.","readOnly":false,"writeOnly":false}},"required":["ip"]},"PermittedIpUpdate":{"type":"object","properties":{"Id":{"type":"object","description":"The id of the created item","readOnly":true,"writeOnly":false,"$ref":"#/components/schemas/BunqId"}}},"BunqId":{"type":"object","properties":{"id":{"type":"integer","description":"An integer ID of an object. Unique per object type.","readOnly":false,"writeOnly":false}}},"Error":{"type":"array","items":{"type":"object","properties":{"error_description":{"type":"string","description":"The error description in English."},"error_description_translated":{"type":"string","description":"The error description translated to the user's language."}}}}},"headers":{"X-Bunq-Client-Response-Id":{"description":"A unique ID for the response formatted as a UUID. Clients can use it to add extra protection against replay attacks.","schema":{"type":"string"}},"X-Bunq-Client-Request-Id":{"description":"This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.","schema":{"type":"string"},"required":false},"X-Bunq-Server-Signature":{"description":"The server's signature for this response. See the signing page for details on how to verify this signature.","schema":{"type":"string"}}},"responses":{"GenericError":{"description":"This is how the error response looks like for 4XX response codes","headers":{"X-Bunq-Client-Response-Id":{"$ref":"#/components/headers/X-Bunq-Client-Response-Id"},"X-Bunq-Client-Request-Id":{"$ref":"#/components/headers/X-Bunq-Client-Request-Id"},"X-Bunq-Server-Signature":{"$ref":"#/components/headers/X-Bunq-Server-Signature"}},"content":{"application/json":{"schema":{"type":"object","properties":{"Error":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## POST /user/{userID}/credential-password-ip/{credential-password-ipID}/ip

> Manage the IPs which may be used for a credential of a user for server authentication.

```json
{"openapi":"3.0.0","info":{"title":"bunq API","version":"1.0"},"tags":[{"name":"ip","description":""}],"servers":[{"url":"https://public-api.sandbox.bunq.com/{basePath}","description":"Sandbox server","variables":{"basePath":{"default":"v1"}}},{"url":"https://api.bunq.com/{basePath}","description":"Production server","variables":{"basePath":{"default":"v1"}}}],"paths":{"/user/{userID}/credential-password-ip/{credential-password-ipID}/ip":{"post":{"tags":["ip"],"summary":"","operationId":"CREATE_Ip_for_User_CredentialPasswordIp","description":"Manage the IPs which may be used for a credential of a user for server authentication.","parameters":[{"in":"path","name":"userID","description":"","required":true,"schema":{"type":"integer"}},{"in":"path","name":"credential-password-ipID","description":"","required":true,"schema":{"type":"integer"}},{"$ref":"#/components/parameters/Cache-Control"},{"$ref":"#/components/parameters/User-Agent"},{"$ref":"#/components/parameters/X-Bunq-Language"},{"$ref":"#/components/parameters/X-Bunq-Region"},{"$ref":"#/components/parameters/X-Bunq-Client-Request-Id"},{"$ref":"#/components/parameters/X-Bunq-Geolocation"},{"$ref":"#/components/parameters/X-Bunq-Client-Authentication"}],"requestBody":{"description":"","required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PermittedIp"}}}},"responses":{"200":{"description":"Manage the IPs which may be used for a credential of a user for server authentication.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PermittedIpCreate"}}},"headers":{"X-Bunq-Client-Response-Id":{"$ref":"#/components/headers/X-Bunq-Client-Response-Id"},"X-Bunq-Client-Request-Id":{"$ref":"#/components/headers/X-Bunq-Client-Request-Id"},"X-Bunq-Server-Signature":{"$ref":"#/components/headers/X-Bunq-Server-Signature"}}},"400":{"$ref":"#/components/responses/GenericError"}}}}},"components":{"parameters":{"Cache-Control":{"description":"The standard HTTP Cache-Control header is required for all signed requests.","schema":{"type":"string"},"required":false,"in":"header","name":"Cache-Control"},"User-Agent":{"description":"The User-Agent header field should contain information about the user agent originating the request. There are no restrictions on the value of this header.","schema":{"type":"string"},"required":true,"in":"header","name":"User-Agent"},"X-Bunq-Language":{"description":"The X-Bunq-Language header must contain a preferred language indication. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore. Currently only the languages en_US and nl_NL are supported. Anything else will default to en_US.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Language"},"X-Bunq-Region":{"description":"The X-Bunq-Region header must contain the region (country) of the client device. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Region"},"X-Bunq-Client-Request-Id":{"description":"This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Client-Request-Id"},"X-Bunq-Geolocation":{"description":"This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Geolocation"},"X-Bunq-Client-Authentication":{"description":"The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call","schema":{"type":"string"},"required":true,"in":"header","name":"X-Bunq-Client-Authentication"}},"schemas":{"PermittedIp":{"type":"object","properties":{"ip":{"type":"string","description":"The IP address.","readOnly":false,"writeOnly":false},"status":{"type":"string","description":"The status of the IP. May be \"ACTIVE\" or \"INACTIVE\". It is only possible to make requests from \"ACTIVE\" IP addresses. Only \"ACTIVE\" IPs will be billed.","readOnly":false,"writeOnly":false}},"required":["ip"]},"PermittedIpCreate":{"type":"object","properties":{"Id":{"type":"object","description":"The id of the created item","readOnly":true,"writeOnly":false,"$ref":"#/components/schemas/BunqId"}}},"BunqId":{"type":"object","properties":{"id":{"type":"integer","description":"An integer ID of an object. Unique per object type.","readOnly":false,"writeOnly":false}}},"Error":{"type":"array","items":{"type":"object","properties":{"error_description":{"type":"string","description":"The error description in English."},"error_description_translated":{"type":"string","description":"The error description translated to the user's language."}}}}},"headers":{"X-Bunq-Client-Response-Id":{"description":"A unique ID for the response formatted as a UUID. Clients can use it to add extra protection against replay attacks.","schema":{"type":"string"}},"X-Bunq-Client-Request-Id":{"description":"This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.","schema":{"type":"string"},"required":false},"X-Bunq-Server-Signature":{"description":"The server's signature for this response. See the signing page for details on how to verify this signature.","schema":{"type":"string"}}},"responses":{"GenericError":{"description":"This is how the error response looks like for 4XX response codes","headers":{"X-Bunq-Client-Response-Id":{"$ref":"#/components/headers/X-Bunq-Client-Response-Id"},"X-Bunq-Client-Request-Id":{"$ref":"#/components/headers/X-Bunq-Client-Request-Id"},"X-Bunq-Server-Signature":{"$ref":"#/components/headers/X-Bunq-Server-Signature"}},"content":{"application/json":{"schema":{"type":"object","properties":{"Error":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## GET /user/{userID}/credential-password-ip/{credential-password-ipID}/ip

> Manage the IPs which may be used for a credential of a user for server authentication.

```json
{"openapi":"3.0.0","info":{"title":"bunq API","version":"1.0"},"tags":[{"name":"ip","description":""}],"servers":[{"url":"https://public-api.sandbox.bunq.com/{basePath}","description":"Sandbox server","variables":{"basePath":{"default":"v1"}}},{"url":"https://api.bunq.com/{basePath}","description":"Production server","variables":{"basePath":{"default":"v1"}}}],"paths":{"/user/{userID}/credential-password-ip/{credential-password-ipID}/ip":{"get":{"tags":["ip"],"summary":"","operationId":"List_all_Ip_for_User_CredentialPasswordIp","description":"Manage the IPs which may be used for a credential of a user for server authentication.","parameters":[{"in":"path","name":"userID","description":"","required":true,"schema":{"type":"integer"}},{"in":"path","name":"credential-password-ipID","description":"","required":true,"schema":{"type":"integer"}},{"$ref":"#/components/parameters/Cache-Control"},{"$ref":"#/components/parameters/User-Agent"},{"$ref":"#/components/parameters/X-Bunq-Language"},{"$ref":"#/components/parameters/X-Bunq-Region"},{"$ref":"#/components/parameters/X-Bunq-Client-Request-Id"},{"$ref":"#/components/parameters/X-Bunq-Geolocation"},{"$ref":"#/components/parameters/X-Bunq-Client-Authentication"}],"responses":{"200":{"description":"Manage the IPs which may be used for a credential of a user for server authentication.","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/PermittedIpListing"}}}},"headers":{"X-Bunq-Client-Response-Id":{"$ref":"#/components/headers/X-Bunq-Client-Response-Id"},"X-Bunq-Client-Request-Id":{"$ref":"#/components/headers/X-Bunq-Client-Request-Id"},"X-Bunq-Server-Signature":{"$ref":"#/components/headers/X-Bunq-Server-Signature"}}},"400":{"$ref":"#/components/responses/GenericError"}}}}},"components":{"parameters":{"Cache-Control":{"description":"The standard HTTP Cache-Control header is required for all signed requests.","schema":{"type":"string"},"required":false,"in":"header","name":"Cache-Control"},"User-Agent":{"description":"The User-Agent header field should contain information about the user agent originating the request. There are no restrictions on the value of this header.","schema":{"type":"string"},"required":true,"in":"header","name":"User-Agent"},"X-Bunq-Language":{"description":"The X-Bunq-Language header must contain a preferred language indication. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore. Currently only the languages en_US and nl_NL are supported. Anything else will default to en_US.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Language"},"X-Bunq-Region":{"description":"The X-Bunq-Region header must contain the region (country) of the client device. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Region"},"X-Bunq-Client-Request-Id":{"description":"This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Client-Request-Id"},"X-Bunq-Geolocation":{"description":"This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued.","schema":{"type":"string"},"required":false,"in":"header","name":"X-Bunq-Geolocation"},"X-Bunq-Client-Authentication":{"description":"The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call","schema":{"type":"string"},"required":true,"in":"header","name":"X-Bunq-Client-Authentication"}},"schemas":{"PermittedIpListing":{"type":"object","properties":{"ip":{"type":"string","description":"The IP address.","readOnly":true,"writeOnly":false},"status":{"type":"string","description":"The status of the IP. May be \"ACTIVE\" or \"INACTIVE\". It is only possible to make requests from \"ACTIVE\" IP addresses. Only \"ACTIVE\" IPs will be billed.","readOnly":true,"writeOnly":false}}},"Error":{"type":"array","items":{"type":"object","properties":{"error_description":{"type":"string","description":"The error description in English."},"error_description_translated":{"type":"string","description":"The error description translated to the user's language."}}}}},"headers":{"X-Bunq-Client-Response-Id":{"description":"A unique ID for the response formatted as a UUID. Clients can use it to add extra protection against replay attacks.","schema":{"type":"string"}},"X-Bunq-Client-Request-Id":{"description":"This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.","schema":{"type":"string"},"required":false},"X-Bunq-Server-Signature":{"description":"The server's signature for this response. See the signing page for details on how to verify this signature.","schema":{"type":"string"}}},"responses":{"GenericError":{"description":"This is how the error response looks like for 4XX response codes","headers":{"X-Bunq-Client-Response-Id":{"$ref":"#/components/headers/X-Bunq-Client-Response-Id"},"X-Bunq-Client-Request-Id":{"$ref":"#/components/headers/X-Bunq-Client-Request-Id"},"X-Bunq-Server-Signature":{"$ref":"#/components/headers/X-Bunq-Server-Signature"}},"content":{"application/json":{"schema":{"type":"object","properties":{"Error":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://doc.bunq.com/credential-password-ip.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.