As an AISP, you are allowed to authenticate in a user’s account and access (read) the following account information:
card validity data
To read the user's information, you need to establish a connection with their bunq account. You can do it using an authorization request. Once a bunq user has confirmed the authorization request and you have done the token exchange, you can activate the Access Token (use it as an API key).
Token activation happens when you create an API context (install it and link your IP adrress and device to it). See the OAuth page for the full flow illustration.