As an AISP, you are allowed to authenticate in a user’s account with the following permissions:
access account information (read):
card validity data
Once a bunq user has confirmed they want to connect their account via your application, you can initiate the authorization flow.
Open a session on the bunq server.
Initiate an authorization request. If your identity is validated, we send you a confirmation upon its creation. Pass the following parameters with the request:
client_id (here response_type=code&client_id)
If the bunq user confirms their will to let your application connect to their account, we return you a Code.
Exchange the Code for an Access Token. Make a
POST call to
https://api.oauth.bunq.com/v1/token passing the following parameters:
code (at this stage, grant_type=authorization_code&code)
We return the Access Token. Use it every time you interact with the bunq user’s account. You can use it to start a session to interact with the monetary accounts the user allows you to access.