FAQ

What do I need to integrate bunq's API?

To integrate with bunq's API, you'll need:

• An API key, which you can generate from the bunq app.

• A public/private key pair to securely sign requests.

• To complete the installation, device, and session setup process to authenticate your API calls.

The API uses standard REST principles and communicates via JSON. You can find setup guides and examples here:

Getting Started

What is PSD2?

PSD2 (Payment Services Directive 2) is an EU regulation designed to make electronic payments more secure and to encourage innovation in financial services. It allows licensed third-party providers (TPPs)—such as fintech apps or financial aggregators—to access bank account information and initiate payments on behalf of users, with their explicit consent.

In the context of the bunq API, PSD2 is especially relevant if you plan to:

• Access user account information (AIS — Account Information Services)

• Initiate payments on a user’s behalf (PIS — Payment Initiation Services)

If you are a licensed TPP operating under PSD2, you can integrate with bunq using a PSD2 certificate. This grants you direct access to user accounts in a regulated and compliant way.

Alternatively, if you're not a licensed TPP, but still want users to connect their bunq accounts to your app (for example, to show their balance or history), keep in mind that you might need a certification for those operations.

How can I get support?

You can always get in touch via the support button in the app or sending an email to apipartner@bunq.com

What certificate types does bunq accept?

We accept QSEAL certificates.

How do I get an API key as a PSD2 user?

You’ll receive a token in return to passing your QSEAL certificate. You’ll then be able to use it as an API key.

What do I need to register my QSEAL certificate?

You need to send a POST /payment-service-provider-credential request passing your QSEAL certificate, QSEAL certificate chain, and a signature of the device registration key with the QSEAL private key. Check the full authentication flow here.

How does the PSD2 API request signing work?

The request signature requirement is the same for all types of API users. You can read more about it here.

How do I get an OAuth client as a PSD2 user?

You can create an OAuth Client using POST /user/userId/oauth-client and read it using its id (GET /user/userId/oauth-client/oauth-clientId). Once you have it, you can add a redirect url using POST /user/{userID}/oauth-client/{oauth-clientID}/callback-url. From there, you can move to creating an authorization request and token exchange.

Check more about it here:

OAuth

Where do I find the AISP, PISP and CBPIII API reference?

bunq offers one API to both our users and companies with PSD2 permit: https://doc.bunq.com/. As a PSD2 party, you can only access the endpoints that correspond with your permit level.

Are the AISP, PISP and CBPIII APIs the same API as I use as a bunq user?

Yes, the only thing that differs is the authentication flow. Everything else is the same.

I need help with the PSD2 API. How do I get support?

will help you get started. If you need dedicated guidance or troubleshooting for a problem you are experiencing, you can purchase a . You can request this service at .