bunq API update: PSD2 endpoints + impact on existing integrations
Yess! We are delighted to announce that the updated, now PSD2-compliant bunq API is on production! 🌈✨
What’s new
We accept eIDAS certificates
Registered PSD2-licensed service providers can access live bunq accounts. Not without the permission of the account owner, of course. ;)
Use or test them with our SDKs
OAuth roles and permissions
OAuth is the only authentication method available for PSD2-regulated use of the API. We encourage you to implement it in your applications.
The permissions that you can request via OAuth as a PSD2 service provider are determined by your role. The bunq API supports 3 types of PSD2 user accounts.
As an Account Information Service Provider (AISP), you can do the following:
- Read balance
- Read cards
- Read notes
- Read new transactions
- Read past transactions
- Read payment requests
As a Payment Initiation Service Provider (PISP), you can do the following:
- Initiate card payments
- Initiate draft payments
- Initiate payments
As a Card Based Payment Instrument Issuer (CBPII), you can do the following:
- Initiate card payments
- Read cards
- Manage cards
About the bunq account authentication methods and when to use them
Monetary account selection
When reviewing an authorization request, bunq users can choose which monetary accounts they allow the PSD2-licensed service provider to access.
You can get the IBANs of the monetary accounts you are allowed to interact with by listing the available accounts via /user/{userID}/monetary-account.
Confirmation of funds
The new /user/{userID}/confirmation-of-funds endpoint is meant to help CBPIIs verify the funds available on the user’s account are sufficient to cover the to-be-initiated payment.
Draft scheduled or recurring payments
It is possible to initiate draft scheduled payments by specifying the scheduled date and in the schedule field of /user/{userID}/monetary-account/{monetary-accountID}/draft-payment.
You can also create recurring draft scheduled payments by setting the recurring field TRUE.
Everything else
Impact on live integrations
All the 200+ endpoints that you have integrated your apps with are remaining available. As a PSD2 party that has a working integration with the bunq API and is seeking to switch to the PSD2-compliant version of it, all you need to do is just the following:
- Register your eIDAS certificate and get a new API that associates with your certificate.
- Implement OAuth.
Stay up to date with our API updates and developments. Subscribe to bunq Developers’ Corner and never miss a story of ours! ❤