As an AISP, you are allowed to authenticate in a user’s account with the following permissions:

  • access account information (read):

    1. legal name

    2. IBAN

    3. nationality

    4. card validity data

    5. transaction history

    6. account balance

Once a bunq user has confirmed they want to connect their account via your application, you can initiate the authorization flow.

  1. Open a session on the bunq server.

  2. Initiate an authorization request. If your identity is validated, we send you a confirmation upon its creation. Pass the following parameters with the request:

    • response_type

    • client_id (here response_type=code&client_id)

    • *redirect_uri

    • *state

  3. If the bunq user confirms their will to let your application connect to their account, we return you a Code.

  4. Exchange the Code for an Access Token. Make a POST call to passing the following parameters:

    • code (at this stage, grant_type=authorization_code&code)

    • redirect_uri

    • client_id

    • client_secret

  5. We return the Access Token. Use it every time you interact with the bunq user’s account. You can use it to start a session to interact with the monetary accounts the user allows you to access.