sandbox-user-company
to generate a business user):
curl https://public-api.sandbox.bunq.com/v1/sandbox-user-person -X POST --header "Content-Type: application/json" --header "Cache-Control: none" --header "User-Agent: curl-request" --header "X-Bunq-Client-Request-Id: $(date)randomId" --header "X-Bunq-Language: nl_NL" --header "X-Bunq-Region: nl_NL" --header "X-Bunq-Geolocation: 0 0 0 0 000"
sandbox_
prefix while production keys do not have any noticeable prefixes.Authorization
header if you are working in the sandbox environment. X-Bunq-Client-Authentication
or X-Bunq-Client-Signature
headers in the POST /installation
call.\n
for newlines in your public key.Authentication
header to register a DeviceServer
and to start a SessionServer
. Use server_public_key to verify the responses you will receive from the bunq API.POST /device-server
registers your current device and the IP address(es) it uses to connect to the bunq API.X-Bunq-Client-Authentication
header of the response to POST /installation
. X-Bunq-Client-Signature
header.POST /device-server
within 4 hours before it becomes invalid. As soon as you start using your API key, it will remain valid until the next sandbox reset./installation
and /device-server
, you need to open a session.X-Bunq-Client-Authentication
header of the response to POST /installation
. X-Bunq-Client-Signature
header.POST /session-server
to authenticate your calls in this session. Pass this session Token in the X-Bunq-Client-Authentication
header with every call you make in this session.