{% hint style="info" %} OAuth 2.0 is a protocol that will let your app connect to bunq users in a safe and easy way. Please be aware that if you will gain access to account information of other bunq users or initiate a payment for them, you require a PSD2 permit. {% endhint %}
The permissions OAuth allows are the following:
- read Monetary Accounts;
- read Payments & Transactions;
- create Payments, however you can only transfer money between Monetary Accounts of the same user;
- create Draft-Payments;
- assign a Monetary account to a Card;
- read Request-Inquiries and Request-Responses.
Follow these steps to get started with OAuth:
- Register an OAuth Client in the bunq app. You can find the OAuth menu by going Profile → Security & Settings → Developers → OAuth.
- Add one or more redirect URLs.
- Get your Client ID and Client Secret from the bunq app.
- Redirect your users to the OAuth authorization URL as described here.
- If the user accepts the authorization request, they will be redirected to the previously specified
redirect_uriwith an authorization Code parameter. - Use the token endpoint to exchange the authorization Code for an Access Token.
- Use the Access Token as a normal API Key. Open a session or use our SDKs to get started.
Your web or mobile app must redirect users https://oauth.bunq.com/auth using the following parameters:
response_type- bunq supports the authorization code grant. Providecodeas a parameter (required);client_id- your Client ID that you can get from the bunq app (required);redirect_uri- the URL you wish the user to be redirected to after the authorization is complete (required);state- a unique string to be passed back upon completion (optional).
https://oauth.bunq.com/auth?response_type=code
&client_id=1cc540b6e7a4fa3a862620d0751771500ed453b0bef89cd60e36b7db6260f813
&redirect_uri=https://www.bunq.com
&state=594f5548-6dfb-4b02-8620-08e03a9469e6
https://www.bunq.com/?code=7d272be434a75933f40c13d56aef6c31496005b653074f7d6ac57029d9995d30
&state=594f5548-6dfb-4b02-8620-08e03a9469e6
If the authorization request is accepted by the user, you get the authorization Code. Exchange it for an Access Token.
Make a POST call to https://api.oauth.bunq.com/v1/token Pass the following parameters as GET variables:
grant_type- the grant type used, useauthorization_codefor now (required)code- the authorization Code you received after the authorization request was accepted (required)redirect_uri- the same redirect URL you used with the authorization request (required)client_id- your Client ID (required)client_secret- your Client Secret (required)
Token request example:
https://api.oauth.bunq.com/v1/token?grant_type=authorization_code
&code=7d272be434a75933f40c13d56aef6c31496005b653074f7d6ac57029d9995d30
&redirect_uri=https://www.bunq.com/
&client_id=1cc540b6e7a4fa3a862620d0751771500ed453b0bef89cd60e36b7db6260f813
&client_secret=184f969765f6f74f53bf563ae3e9f891aec9179157601d25221d57f2f1151fd5
{% hint style="info" %} The request only contains URL parameters. {% endhint %}
Example of a successful response:
{
"access_token": "8baec0ac1aafca3345d5b811042feecfe0272514c5d09a69b5fbc84cb1c06029",
"token_type": "bearer",
"state": "594f5548-6dfb-4b02-8620-08e03a9469e6"
}
Example of an error response:
{
"error": "invalid_grant",
"error_description": "The authorization code is invalid or expired."
}
{% hint style="info" %}
The access_token you've received can be used as a normal API key. Use it to create an authorized session with the user account.
{% endhint %}
Ready to connect to bunq users to your application? Do it with a Connect to bunq button. Feel free to use our style guide and prebuilt design assets.