Start a Session
Sessions provide temporary authentication, meaning that even if a session token is exposed, it will automatically expire after a set period. This balances security with usability—developers don’t need to constantly re-authenticate, but access remains limited to prevent long-term misuse. The session timeout can be adjusted in the bunq app, giving users control over their security settings. This session-based approach is common in high-security environments, ensuring that access is time-limited and reducing persistent threats.
Once you have a session we'll return you the user object. So you have all details of your user.
The response of the session API call is a object with a session token, this is the token we'll use in subsequent requests to authenticate requests. There is also a userid in this response. Which we will use in the next calls.
{
"Response": [
{
"Id": {
"id": 25536694
}
},
{
"Token": {
"id": 25536694,
"created": "2025-03-05 16:12:11.918100",
"updated": "2025-03-05 16:12:11.918100",
"token": "ce717e3001d979ff5e22bac13508b46e7ad740971d1d75c5371614e546ca8b83"
}
},
{
"UserPerson": { "id": 1822179,
"rest of the user object":... }
}
]
}
post
Create a new session for a DeviceServer. Provide the Installation token in the "X-Bunq-Client-Authentication" header. And don't forget to create the "X-Bunq-Client-Signature" header. The response contains a Session token that should be used for as the "X-Bunq-Client-Authentication" header for all future API calls. The ip address making this call needs to match the ip address bound to your API key.
Header parameters
Cache-ControlstringOptional
The standard HTTP Cache-Control header is required for all signed requests.
User-AgentstringRequired
The User-Agent header field should contain information about the user agent originating the request. There are no restrictions on the value of this header.
X-Bunq-LanguagestringOptional
The X-Bunq-Language header must contain a preferred language indication. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore. Currently only the languages en_US and nl_NL are supported. Anything else will default to en_US.
X-Bunq-RegionstringOptional
The X-Bunq-Region header must contain the region (country) of the client device. The value of this header is formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, separated by an underscore.
X-Bunq-Client-Request-IdstringOptional
This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.
X-Bunq-GeolocationstringOptional
This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued.
X-Bunq-Client-AuthenticationstringRequired
The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call
Body
secretstringWrite-onlyRequired
The API key of the user you want to login. If your API key has not been used before, it will be bound to the ip address of this DeviceServer.
Responses
200
Once you have created an Installation and a DeviceServer with that Installation, then you are ready to start a session! A session expires after the same amount of time you have set for Auto Logout in your user account. By default this is 1 week. If a request is made 30 seconds before a session expires, it will be extended from that moment by your auto logout time, but never by more than 5 minutes.
application/json
400
This is how the error response looks like for 4XX response codes
application/json
post
POST /v1/session-server HTTP/1.1
Host: public-api.sandbox.bunq.com
User-Agent: text
X-Bunq-Client-Authentication: text
Content-Type: application/json
Accept: */*
Content-Length: 17
{
"secret": "text"
}{
"Id": {
"id": 1
},
"Token": {
"id": 1,
"token": "text"
},
"UserCompany": {
"name": "text",
"public_nick_name": "text",
"address_main": {
"street": "text",
"house_number": "text",
"po_box": "text",
"postal_code": "text",
"city": "text",
"country": "text",
"extra": "text",
"mailbox_name": "text",
"province": "text",
"is_user_address_updated": true
},
"address_postal": {
"street": "text",
"house_number": "text",
"po_box": "text",
"postal_code": "text",
"city": "text",
"country": "text",
"extra": "text",
"mailbox_name": "text",
"province": "text",
"is_user_address_updated": true
},
"language": "text",
"region": "text",
"country": "text",
"ubo": [
{
"name": "text",
"date_of_birth": "text",
"nationality": "text"
}
],
"chamber_of_commerce_number": "text",
"legal_form": "text",
"status": "text",
"sub_status": "text",
"session_timeout": 1,
"daily_limit_without_confirmation_login": {
"value": "text",
"currency": "text"
},
"id": 1,
"created": "text",
"updated": "text",
"public_uuid": "text",
"display_name": "text",
"alias": [
{
"type": "text",
"value": "text",
"name": "text"
}
],
"type_of_business_entity": "text",
"sector_of_industry": "text",
"counter_bank_iban": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"version_terms_of_service": "text",
"directors": [
{
"uuid": "text",
"display_name": "text",
"country": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"public_nick_name": "text"
}
],
"notification_filters": [
{
"notification_delivery_method": "text",
"notification_target": "text",
"category": "text"
}
],
"customer": {
"billing_account_id": "text",
"invoice_notification_preference": "text",
"id": 1,
"created": "text",
"updated": "text"
},
"customer_limit": {
"limit_monetary_account": 1,
"limit_monetary_account_remaining": 1,
"limit_card_debit_maestro": 1,
"limit_card_debit_mastercard": 1,
"limit_card_debit_wildcard": 1,
"limit_card_wildcard": 1,
"limit_card_replacement": 1,
"limit_amount_monthly": {
"value": "text",
"currency": "text"
},
"spent_amount_monthly": {
"value": "text",
"currency": "text"
}
},
"billing_contract": [
{
"subscription_type": "text",
"id": 1,
"created": "text",
"updated": "text",
"contract_date_start": "text",
"contract_date_end": "text",
"contract_version": 1,
"subscription_type_downgrade": "text",
"status": "text",
"sub_status": "text"
}
],
"deny_reason": "text",
"relations": [
{
"user_id": "text",
"counter_user_id": "text",
"label_user": {
"uuid": "text",
"display_name": "text",
"country": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"public_nick_name": "text"
},
"counter_label_user": {
"uuid": "text",
"display_name": "text",
"country": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"public_nick_name": "text"
},
"relationship": "text",
"status": "text",
"user_status": "text",
"counter_user_status": "text"
}
],
"tax_resident": [
{
"country": "text",
"tax_number": "text",
"status": "text",
"id": 1
}
]
},
"UserPerson": {
"first_name": "text",
"middle_name": "text",
"last_name": "text",
"public_nick_name": "text",
"address_main": {
"street": "text",
"house_number": "text",
"po_box": "text",
"postal_code": "text",
"city": "text",
"country": "text",
"extra": "text",
"mailbox_name": "text",
"province": "text",
"is_user_address_updated": true
},
"address_postal": {
"street": "text",
"house_number": "text",
"po_box": "text",
"postal_code": "text",
"city": "text",
"country": "text",
"extra": "text",
"mailbox_name": "text",
"province": "text",
"is_user_address_updated": true
},
"tax_resident": [
{
"country": "text",
"tax_number": "text",
"status": "text",
"id": 1
}
],
"date_of_birth": "text",
"nationality": "text",
"all_nationality": [
"text"
],
"language": "text",
"region": "text",
"gender": "text",
"status": "text",
"sub_status": "text",
"session_timeout": 1,
"daily_limit_without_confirmation_login": {
"value": "text",
"currency": "text"
},
"display_name": "text",
"id": 1,
"created": "text",
"updated": "text",
"public_uuid": "text",
"legal_name": "text",
"alias": [
{
"type": "text",
"value": "text",
"name": "text"
}
],
"place_of_birth": "text",
"country_of_birth": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"version_terms_of_service": "text",
"notification_filters": [
{
"notification_delivery_method": "text",
"notification_target": "text",
"category": "text"
}
],
"relations": [
{
"user_id": "text",
"counter_user_id": "text",
"label_user": {
"uuid": "text",
"display_name": "text",
"country": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"public_nick_name": "text"
},
"counter_label_user": {
"uuid": "text",
"display_name": "text",
"country": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"public_nick_name": "text"
},
"relationship": "text",
"status": "text",
"user_status": "text",
"counter_user_status": "text"
}
]
},
"UserApiKey": {
"id": 1,
"created": "text",
"updated": "text",
"requested_by_user": {
"UserPerson": {
"first_name": "text",
"middle_name": "text",
"last_name": "text",
"public_nick_name": "text",
"address_main": {
"street": "text",
"house_number": "text",
"po_box": "text",
"postal_code": "text",
"city": "text",
"country": "text",
"extra": "text",
"mailbox_name": "text",
"province": "text",
"is_user_address_updated": true
},
"address_postal": {
"street": "text",
"house_number": "text",
"po_box": "text",
"postal_code": "text",
"city": "text",
"country": "text",
"extra": "text",
"mailbox_name": "text",
"province": "text",
"is_user_address_updated": true
},
"tax_resident": [
{
"country": "text",
"tax_number": "text",
"status": "text",
"id": 1
}
],
"date_of_birth": "text",
"nationality": "text",
"all_nationality": [
"text"
],
"language": "text",
"region": "text",
"gender": "text",
"status": "text",
"sub_status": "text",
"session_timeout": 1,
"daily_limit_without_confirmation_login": {
"value": "text",
"currency": "text"
},
"display_name": "text",
"id": 1,
"created": "text",
"updated": "text",
"public_uuid": "text",
"legal_name": "text",
"alias": [
{
"type": "text",
"value": "text",
"name": "text"
}
],
"place_of_birth": "text",
"country_of_birth": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"version_terms_of_service": "text",
"notification_filters": [
{
"notification_delivery_method": "text",
"notification_target": "text",
"category": "text"
}
],
"relations": [
{
"user_id": "text",
"counter_user_id": "text",
"label_user": {
"uuid": "text",
"display_name": "text",
"country": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"public_nick_name": "text"
},
"counter_label_user": {
"uuid": "text",
"display_name": "text",
"country": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"public_nick_name": "text"
},
"relationship": "text",
"status": "text",
"user_status": "text",
"counter_user_status": "text"
}
]
},
"UserCompany": {
"name": "text",
"public_nick_name": "text",
"address_main": {
"street": "text",
"house_number": "text",
"po_box": "text",
"postal_code": "text",
"city": "text",
"country": "text",
"extra": "text",
"mailbox_name": "text",
"province": "text",
"is_user_address_updated": true
},
"address_postal": {
"street": "text",
"house_number": "text",
"po_box": "text",
"postal_code": "text",
"city": "text",
"country": "text",
"extra": "text",
"mailbox_name": "text",
"province": "text",
"is_user_address_updated": true
},
"language": "text",
"region": "text",
"country": "text",
"ubo": [
{
"name": "text",
"date_of_birth": "text",
"nationality": "text"
}
],
"chamber_of_commerce_number": "text",
"legal_form": "text",
"status": "text",
"sub_status": "text",
"session_timeout": 1,
"daily_limit_without_confirmation_login": {
"value": "text",
"currency": "text"
},
"id": 1,
"created": "text",
"updated": "text",
"public_uuid": "text",
"display_name": "text",
"alias": [
{
"type": "text",
"value": "text",
"name": "text"
}
],
"type_of_business_entity": "text",
"sector_of_industry": "text",
"counter_bank_iban": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"version_terms_of_service": "text",
"directors": [
{
"uuid": "text",
"display_name": "text",
"country": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"public_nick_name": "text"
}
],
"notification_filters": [
{
"notification_delivery_method": "text",
"notification_target": "text",
"category": "text"
}
],
"customer": {
"billing_account_id": "text",
"invoice_notification_preference": "text",
"id": 1,
"created": "text",
"updated": "text"
},
"customer_limit": {
"limit_monetary_account": 1,
"limit_monetary_account_remaining": 1,
"limit_card_debit_maestro": 1,
"limit_card_debit_mastercard": 1,
"limit_card_debit_wildcard": 1,
"limit_card_wildcard": 1,
"limit_card_replacement": 1,
"limit_amount_monthly": {
"value": "text",
"currency": "text"
},
"spent_amount_monthly": {
"value": "text",
"currency": "text"
}
},
"billing_contract": [
{
"subscription_type": "text",
"id": 1,
"created": "text",
"updated": "text",
"contract_date_start": "text",
"contract_date_end": "text",
"contract_version": 1,
"subscription_type_downgrade": "text",
"status": "text",
"sub_status": "text"
}
],
"deny_reason": "text",
"relations": [
{
"user_id": "text",
"counter_user_id": "text",
"label_user": {
"uuid": "text",
"display_name": "text",
"country": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"public_nick_name": "text"
},
"counter_label_user": {
"uuid": "text",
"display_name": "text",
"country": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"public_nick_name": "text"
},
"relationship": "text",
"status": "text",
"user_status": "text",
"counter_user_status": "text"
}
],
"tax_resident": [
{
"country": "text",
"tax_number": "text",
"status": "text",
"id": 1
}
]
},
"UserPaymentServiceProvider": {
"id": 1,
"created": "text",
"updated": "text",
"certificate_distinguished_name": "text",
"alias": [
{
"type": "text",
"value": "text",
"name": "text"
}
],
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"status": "text",
"sub_status": "text",
"public_uuid": "text",
"display_name": "text",
"public_nick_name": "text",
"language": "text",
"region": "text",
"session_timeout": 1
}
},
"granted_by_user": {
"UserPerson": {
"first_name": "text",
"middle_name": "text",
"last_name": "text",
"public_nick_name": "text",
"address_main": {
"street": "text",
"house_number": "text",
"po_box": "text",
"postal_code": "text",
"city": "text",
"country": "text",
"extra": "text",
"mailbox_name": "text",
"province": "text",
"is_user_address_updated": true
},
"address_postal": {
"street": "text",
"house_number": "text",
"po_box": "text",
"postal_code": "text",
"city": "text",
"country": "text",
"extra": "text",
"mailbox_name": "text",
"province": "text",
"is_user_address_updated": true
},
"tax_resident": [
{
"country": "text",
"tax_number": "text",
"status": "text",
"id": 1
}
],
"date_of_birth": "text",
"nationality": "text",
"all_nationality": [
"text"
],
"language": "text",
"region": "text",
"gender": "text",
"status": "text",
"sub_status": "text",
"session_timeout": 1,
"daily_limit_without_confirmation_login": {
"value": "text",
"currency": "text"
},
"display_name": "text",
"id": 1,
"created": "text",
"updated": "text",
"public_uuid": "text",
"legal_name": "text",
"alias": [
{
"type": "text",
"value": "text",
"name": "text"
}
],
"place_of_birth": "text",
"country_of_birth": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"version_terms_of_service": "text",
"notification_filters": [
{
"notification_delivery_method": "text",
"notification_target": "text",
"category": "text"
}
],
"relations": [
{
"user_id": "text",
"counter_user_id": "text",
"label_user": {
"uuid": "text",
"display_name": "text",
"country": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"public_nick_name": "text"
},
"counter_label_user": {
"uuid": "text",
"display_name": "text",
"country": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"public_nick_name": "text"
},
"relationship": "text",
"status": "text",
"user_status": "text",
"counter_user_status": "text"
}
]
},
"UserCompany": {
"name": "text",
"public_nick_name": "text",
"address_main": {
"street": "text",
"house_number": "text",
"po_box": "text",
"postal_code": "text",
"city": "text",
"country": "text",
"extra": "text",
"mailbox_name": "text",
"province": "text",
"is_user_address_updated": true
},
"address_postal": {
"street": "text",
"house_number": "text",
"po_box": "text",
"postal_code": "text",
"city": "text",
"country": "text",
"extra": "text",
"mailbox_name": "text",
"province": "text",
"is_user_address_updated": true
},
"language": "text",
"region": "text",
"country": "text",
"ubo": [
{
"name": "text",
"date_of_birth": "text",
"nationality": "text"
}
],
"chamber_of_commerce_number": "text",
"legal_form": "text",
"status": "text",
"sub_status": "text",
"session_timeout": 1,
"daily_limit_without_confirmation_login": {
"value": "text",
"currency": "text"
},
"id": 1,
"created": "text",
"updated": "text",
"public_uuid": "text",
"display_name": "text",
"alias": [
{
"type": "text",
"value": "text",
"name": "text"
}
],
"type_of_business_entity": "text",
"sector_of_industry": "text",
"counter_bank_iban": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"version_terms_of_service": "text",
"directors": [
{
"uuid": "text",
"display_name": "text",
"country": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"public_nick_name": "text"
}
],
"notification_filters": [
{
"notification_delivery_method": "text",
"notification_target": "text",
"category": "text"
}
],
"customer": {
"billing_account_id": "text",
"invoice_notification_preference": "text",
"id": 1,
"created": "text",
"updated": "text"
},
"customer_limit": {
"limit_monetary_account": 1,
"limit_monetary_account_remaining": 1,
"limit_card_debit_maestro": 1,
"limit_card_debit_mastercard": 1,
"limit_card_debit_wildcard": 1,
"limit_card_wildcard": 1,
"limit_card_replacement": 1,
"limit_amount_monthly": {
"value": "text",
"currency": "text"
},
"spent_amount_monthly": {
"value": "text",
"currency": "text"
}
},
"billing_contract": [
{
"subscription_type": "text",
"id": 1,
"created": "text",
"updated": "text",
"contract_date_start": "text",
"contract_date_end": "text",
"contract_version": 1,
"subscription_type_downgrade": "text",
"status": "text",
"sub_status": "text"
}
],
"deny_reason": "text",
"relations": [
{
"user_id": "text",
"counter_user_id": "text",
"label_user": {
"uuid": "text",
"display_name": "text",
"country": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"public_nick_name": "text"
},
"counter_label_user": {
"uuid": "text",
"display_name": "text",
"country": "text",
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"public_nick_name": "text"
},
"relationship": "text",
"status": "text",
"user_status": "text",
"counter_user_status": "text"
}
],
"tax_resident": [
{
"country": "text",
"tax_number": "text",
"status": "text",
"id": 1
}
]
},
"UserPaymentServiceProvider": {
"id": 1,
"created": "text",
"updated": "text",
"certificate_distinguished_name": "text",
"alias": [
{
"type": "text",
"value": "text",
"name": "text"
}
],
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"status": "text",
"sub_status": "text",
"public_uuid": "text",
"display_name": "text",
"public_nick_name": "text",
"language": "text",
"region": "text",
"session_timeout": 1
}
}
},
"UserPaymentServiceProvider": {
"id": 1,
"created": "text",
"updated": "text",
"certificate_distinguished_name": "text",
"alias": [
{
"type": "text",
"value": "text",
"name": "text"
}
],
"avatar": {
"uuid": "text",
"anchor_uuid": "text",
"image": [
{
"attachment_public_uuid": "text",
"content_type": "text",
"height": 1,
"width": 1
}
],
"style": "text"
},
"status": "text",
"sub_status": "text",
"public_uuid": "text",
"display_name": "text",
"public_nick_name": "text",
"language": "text",
"region": "text",
"session_timeout": 1
}
}What's next:
You'll see that with the session we obtained the details of your user. If you look closely you can see that the User object is also returned with this call. If you're still using Postman it's a good idea to already note the user ID as that is used in many of the subsequent API calls.
Up next we'll set up this user object so that you can use it in your sandbox.
Last updated
Was this helpful?