Changelog

Stay up-to-date with the bunq API updates! Subscribe to our API newsletter!

Upcoming changes

June 10, 2020

  1. We are removing /sandbox-user on June 10, 2020. You can use the following endpoints instead:

    • /sandbox-user-company

    • /sandbox-user-person

  2. We are removing the following ShareDraftInquiry endpoints on June 10, 2020:

    • /user/{userID}/draft-share-invite-bank/

    • /user/{userID}/draft-share-invite-bank/{itemId}

    • /user/{userID}/draft-share-invite-bank/{draft-share-invite-bankID}/qr-code-content

If your application is using Connect as an authentication method, please switch to OAuth by June 10, 2020.

April 28, 2020

  1. Requests with full request signatures will stop being validated on April 28, 2020. Please switch to signing the body solely by that date.

  2. We are switching to only signing the response body on April 28, 2020.

April 8, 2020

Due to internal backend changes, all active device-server installations created before April 9, 2019, will stop being validated on April 8, 2020 (previously announced date: January 15, 2019). To communicate with the bunq API again, create a new API context.

Released

March 25, 2020

  1. We have deprecated the ShareDraftInquiry object. The following endpoints will be removed on June 10, 2020:

    • /user/{userID}/draft-share-invite-bank/

    • /user/{userID}/draft-share-invite-bank/{itemId}

    • /user/{userID}/draft-share-invite-bank/{draft-share-invite-bankID}/qr-code-content

  2. We have deprecated the /sandbox-user endpoint and will remove it on June 10, 2020. You can use the following endpoints instead:

    • /sandbox-user-company

    • /sandbox-user-person

  3. We have added the following endpoints for creating international payments in 39 currencies:

    • /user/{userID}/transferwise-currency

    • /user/{userID}/transferwise-quote-temporary

    • /user/{userID}/transferwise-quote-temporary/{transferwise-quote-temporaryID}

    • /user/{userID}/transferwise-user

    • /user/{userID}/transferwise-quote

    • /user/{userID}/transferwise-quote/(transferwise-quoteID)

    • /user/{userID}/transferwise-quote/{transferwise-quoteID}/transferwise-recipient

    • /user/{userID}/transferwise-quote/{transferwise-quoteID}/transferwise-recipient-requirement

    • /user/{userID}/transferwise-quote/{transferwise-quoteID}/transferwise-transfer-requirement

    • /user/{userID}/monetary-account/{monetary-accountID}/transferwise-quote/{transferwise-quoteID}/transferwise-transfer

Follow this sequence of steps to make your first non-euro payment.

January 28, 2020 (bunq Update 13 edition)

Changes

  1. Request signing has become mandatory only for creating a session and creating a payment. The use of signing for other API requests is optional.

  2. We have introduced request body signing. URL and headers do not need to be signed. Body signing will completely replace entire request signing on April 28, 2020.

  3. The following headers are now optional:

    1. X-Bunq-Geolocation;

    2. X-Bunq-Language (en_US is the default language setting for responses and error descriptions);

    3. X-Bunq-Region (en_US is the default region for currency formatting);

    4. X-Bunq-Request-Id.

  4. We have extended the OAuth scopes with the following permissions:

    1. create payment requests using the request-inquiry API resource;

    2. create monetary accounts (bank, savings, and joint ones);

    3. order cards;

    4. manage cards.

Deprecations

  1. We have deprecated the signing of the entire API request (the URL, headers and body). Requests with full request signatures will stop being validated on April 28, 2020. Please switch to signing the body solely by that date.

  2. We are switching to only signing the response body on April 28, 2020.

  3. We have deprecated additional encryption.

January 15, 2020

We removed the limit_card_debit_replacement field from /v1/user/{user_id}/limit and replaced it with limit_card_replacement.

December 17, 2019

It’s now possible to retrieve the tree planting progress of the user via the /user/{userID}/tree-progress endpoint.

December 11, 2019

  1. It’s now possible to order Green and Travel cards via the /user/{userID}/card-credit endpoint.

  2. We have changed the default SMS verification code for the sandbox app from 123456 to 992266.

October 9, 2019

We have replaced primary_account_numbers_virtual and primary_account_number_four_digit from the card resource with primary_account_numbers. The field returns the same string for primary_account_numbers and the same field + canceled cards for primary_account_numbers_virtual.

October 8, 2019

We have removed creating push notifications through updating notification_filters in the User and MonetaryAccount objects.

Instead, we introduced separate endpoints for the callbacks and notifications.

  • /v1/user/{userID}/notification-filter-push

  • /v1/user/{userID}/notification-filter-url

  • /v1/user/{userID}/monetary-account/{monetary-accountID}/notification-filter-push

  • /v1/user/{userID}/monetary-account/{monetary-accountID}/notification-filter-url

NOTE: When used via OAuth, the created push notifications expire in 90 days.

August 29, 2019

We have added the support of callbacks to OAuth.

July 9, 2019

We have removed the following share-invite-bank endpoints:

  • /user/{userID}/monetary-account/{monetary-accountID}/share-invite-bank-inquiry

  • /user/{userID}/monetary-account/{monetary-accountID}/share-invite-bank-inquiry/{itemId}

  • /user/{userID}/monetary-account/{monetary-accountID}/share-invite-bank-inquiry/{share-invite-bank-inquiryID}/amount-used/{itemId}

  • /user/{userID}/share-invite-bank-response

  • /user/{userID}/share-invite-bank-response/{itemId}

You can use the following endpoints instead:

  • /user/{userID}/monetary-account/{monetary-accountID}/share-invite-monetary-account-inquiry

  • /user/{userID}/monetary-account/{monetary-accountID}/share-invite-monetary-account-inquiry/{itemId}

  • /user/{userID}/monetary-account/{monetary-accountID}/share-invite-monetary-account-inquiry/{share-invite-monetary-account-inquiryID}/amount-used/{itemId}

  • /user/{userID}/share-invite-monetary-account-response

  • /user/{userID}/share-invite-monetary-account-response/{itemId}

July 2, 2019

  1. The type field has become mandatory for card-debit.

  2. We have deprecated the applied_limit field from the mastercard_action responses.

  3. We have removed the activation_code field from CardUpdate. Instead of using the field, set the status ACTIVE when the card has been ACCEPTED_FOR_PRODUCTION.

April 18, 2019

The old card limit fields in the card and card-batch objects have been deprecated and replaced with new ones. The default limit of €1,000 is now applied to all new cards.