Stay up-to-date with the bunq API updates! Subscribe to our API newsletter!

Upcoming changes

Near future

  1. Due to internal backend changes, all active device-server installations created before April 9, 2019, will stop being validated (previously announced dates: January 15, 2020; April 8, 2020). To communicate with the bunq API again, create a new API context.

November 4, 2020

  1. The ShareInviteBankInquiry object is changing its name to ShareInviteMonetaryAccountInquiry on November 4th, 2020. Please plan on changing the ShareInviteBankResponse field to ShareInviteMonetaryAccountResponse in your integration on that date.

  2. We are removing the following ShareDraftInquiry endpoints on November 4, 2020 (previously announced date: August 26, 2020)

    • /user/{userID}/draft-share-invite-bank/

    • /user/{userID}/draft-share-invite-bank/{itemId}

    • /user/{userID}/draft-share-invite-bank/{draft-share-invite-bankID}/qr-code-content

If your application is using Connect as an authentication method, please switch to OAuth by November 4, 2020.


September 10, 2020

We removed the /sandbox-user endpoint. You can use the following endpoints instead:

  • /sandbox-user-company

  • /sandbox-user-person

July 1, 2020

  1. It is now possible to get a tracking link for the ordered card via the card_shipment_tracking_url field.

  2. You can read how much money the card saved the user via the amount_saved_zero_fx field.

  3. You can provide a more accurate card tracking experience via the updated list of possible card order statuses:














May 27, 2020

Requests with full request signatures stopped being validated on May 27, 2020 (previously announced date: April 28, 2020).

If you are still signing full requests, please switch to signing the body solely.

April 28, 2020

We switched to only signing the response body.

April 24, 2020

  1. We introduced an OAUTH callback category. Use it to receive notifications on revoked OAuth connections.

  2. We added the following resources for Slice group management:

March 25, 2020

  1. We deprecated the ShareDraftInquiry object. The following endpoints will be removed on June 10, 2020:

    • /user/{userID}/draft-share-invite-bank/

    • /user/{userID}/draft-share-invite-bank/{itemId}

    • /user/{userID}/draft-share-invite-bank/{draft-share-invite-bankID}/qr-code-content

  2. We have deprecated the /sandbox-user endpoint and will remove it on June 10, 2020. You can use the following endpoints instead:

    • /sandbox-user-company

    • /sandbox-user-person

  3. We have added the following endpoints for creating international payments in 39 currencies:

    • /user/{userID}/transferwise-currency

    • /user/{userID}/transferwise-quote-temporary

    • /user/{userID}/transferwise-quote-temporary/{transferwise-quote-temporaryID}

    • /user/{userID}/transferwise-user

    • /user/{userID}/transferwise-quote

    • /user/{userID}/transferwise-quote/(transferwise-quoteID)

    • /user/{userID}/transferwise-quote/{transferwise-quoteID}/transferwise-recipient

    • /user/{userID}/transferwise-quote/{transferwise-quoteID}/transferwise-recipient-requirement

    • /user/{userID}/transferwise-quote/{transferwise-quoteID}/transferwise-transfer-requirement

    • /user/{userID}/monetary-account/{monetary-accountID}/transferwise-quote/{transferwise-quoteID}/transferwise-transfer

Follow this sequence of steps to make your first non-euro payment.

January 28, 2020 (bunq Update 13 edition)


  1. Request signing became mandatory only for creating a session and creating a payment. The use of signing for other API requests is optional.

  2. We introduced request body signing. URL and headers do not need to be signed. Body signing completely replaced entire request signing on May 27, 2020 (previously announced date: April 28, 2020).

  3. The following headers are now optional:

    1. X-Bunq-Geolocation;

    2. X-Bunq-Language (en_US is the default language setting for responses and error descriptions);

    3. X-Bunq-Region (en_US is the default region for currency formatting);

    4. X-Bunq-Request-Id.

  4. We extended the OAuth scopes with the following permissions:

    1. create payment requests using the request-inquiry API resource;

    2. create monetary accounts (bank, savings, and joint ones);

    3. order cards;

    4. manage cards.


  1. We have deprecated the signing of the entire API request (the URL, headers and body). Requests with full request signatures will stop being validated on April 28, 2020. Please switch to signing the body solely by that date.

  2. We are switching to only signing the response body on April 28, 2020.

  3. We have deprecated additional encryption.

January 15, 2020

We removed the limit_card_debit_replacement field from /v1/user/{user_id}/limit and replaced it with limit_card_replacement.

December 17, 2019

It’s now possible to retrieve the tree planting progress of the user via the /user/{userID}/tree-progress endpoint.

December 11, 2019

  1. It’s now possible to order Green and Travel cards via the /user/{userID}/card-credit endpoint.

  2. We have changed the default SMS verification code for the sandbox app from 123456 to 992266.

October 9, 2019

We have replaced primary_account_numbers_virtual and primary_account_number_four_digit from the card resource with primary_account_numbers. The field returns the same string for primary_account_numbers and the same field + canceled cards for primary_account_numbers_virtual.

October 8, 2019

We have removed creating push notifications through updating notification_filters in the User and MonetaryAccount objects.

Instead, we introduced separate endpoints for the callbacks and notifications.

  • /v1/user/{userID}/notification-filter-push

  • /v1/user/{userID}/notification-filter-url

  • /v1/user/{userID}/monetary-account/{monetary-accountID}/notification-filter-push

  • /v1/user/{userID}/monetary-account/{monetary-accountID}/notification-filter-url

NOTE: When used via OAuth, the created push notifications expire in 90 days.

August 29, 2019

We have added the support of callbacks to OAuth.

July 9, 2019

We have removed the following share-invite-bank endpoints:

  • /user/{userID}/monetary-account/{monetary-accountID}/share-invite-bank-inquiry

  • /user/{userID}/monetary-account/{monetary-accountID}/share-invite-bank-inquiry/{itemId}

  • /user/{userID}/monetary-account/{monetary-accountID}/share-invite-bank-inquiry/{share-invite-bank-inquiryID}/amount-used/{itemId}

  • /user/{userID}/share-invite-bank-response

  • /user/{userID}/share-invite-bank-response/{itemId}

You can use the following endpoints instead:

  • /user/{userID}/monetary-account/{monetary-accountID}/share-invite-monetary-account-inquiry

  • /user/{userID}/monetary-account/{monetary-accountID}/share-invite-monetary-account-inquiry/{itemId}

  • /user/{userID}/monetary-account/{monetary-accountID}/share-invite-monetary-account-inquiry/{share-invite-monetary-account-inquiryID}/amount-used/{itemId}

  • /user/{userID}/share-invite-monetary-account-response

  • /user/{userID}/share-invite-monetary-account-response/{itemId}

July 2, 2019

  1. The type field has become mandatory for card-debit.

  2. We have deprecated the applied_limit field from the mastercard_action responses.

  3. We have removed the activation_code field from CardUpdate. Instead of using the field, set the status ACTIVE when the card has been ACCEPTED_FOR_PRODUCTION.

April 18, 2019

The old card limit fields in the card and card-batch objects have been deprecated and replaced with new ones. The default limit of €1,000 is now applied to all new cards.

Last updated