As an inspiration, I really like the Bittrex api: https://support.bittrex.com/hc/en-us/articles/115003723911-Developer-s-Guide-API


It has 3 levels, public (no authentication, public data), then a level that is basically read only. Then 1 that can change stuff within an account. And finally a very high risk key that can transfer money away from your account. I never created that key so I m pretty safe.

    9 months later
    Sander unlocked the discussion.
      13 days later

      API key permissions is a must have. It would be nice to be able to specify permissions per bank account.

        Requested almost 2 years ago and still nothing, is this going to be implemented Bunq?

        I have my administrative staff paying our bills with full access of my bank account, but I want to limit it. And the newest 'limited connect' feature you released a few weeks ago doesn't work for our purpose, since they cannot pay iDeal payments when using limited connect. They can only do manual transfers.

        So I really hope this will be implemented, because with PSD2 coming up I will probably will have to head back over to a bigger bank with my business, if it's not implemented on the side of Bunq.

          2 months later

          @jvdz#97210 no updates here Joris. bunq never discloses what they are working on. Unfortunately we just have to wait and see whether this is build or not. When it's here bunq will announce is of course. 🙂👍

            a year later

            First off, i greatly appreciate the effort to make an API available for Bunq. For me it can really add to the value of being a BUNQ customer.

            Now, in my opinion authorization scoping is a must have for an API with banking powers. I just connected a simple balance reader component to the API. I was absolutely shocked to learn that the API key was pre-authorized to do absolutely anything it wants with any of my accounts.

            BUNQ API documentation has plenty of mentions of the hoops that they/consumers have to go through because of legal obligations. Now please implement the laws of common sense as well. Thanks!

            Obviously i'm ending my API experiment right now as these shortcomings put my accounts at grave unnecessary risk.

            PS: it looks like my use case, which is displaying the balance of a joint groceries account, isn't supported anyway. Only personal accounts seem to be listed.

              6 months later
              a year later

              I've just began a 30 day Bunq trial, because of the API feature. I want to create a budgeting app to get insights in my spendings (yes, I know, Bunq provides this feature, but I have my own opinions and ideas about it). Bunq seemed to be the way to go if you don't want to rely on 3rd party PSD2 providers like Nodigen. But man, the implementation is shocking. No scoping on a banking API?! No way of limiting which accounts are exposed? No, thank you! I want my app to only be able to list transactions from a specific account, not perform payments or whatever else the API is capable of. It's hard enough to keep servers secure these days. I'm not going to have a file sit on the filesystem that allows anyone who gains access to it to drain my bank account. An IP whitelist does offer some protection, but by far not enough.

              No Bunq account for me. I will be deleting my account before the end of the trial.

                7 months later

                +1, we need this

                  While the original request here is something definitely still needed in my opinion for certain apps, for anyone stumbling upon this thread after 6 years now please make sure you take a look at the OAuth implementation that has been added in the meantime. It offers read-only access that is restricted to only sub-accounts of your choice. This earlier request by @New-Mango-Armadillo-1615839181#264617 for example has been more or less possible since 2018 by just using OAuth:

                  I want my app to only be able to list transactions from a specific account, not perform payments or whatever else the API is capable of. It's hard enough to keep servers secure these days. I'm not going to have a file sit on the filesystem that allows anyone who gains access to it to drain my bank account.

                  That being said, if you want read/write-access, as in sending payments without the user having to manually accept them, or if you want to order new card automatically etc., then there's no alternative to the API key. And there it would be very nice to be able to set some additional limits like max. transfer amount per day or max. card orders per month etc.

                    10 months later

                    Need to be able to limit API access to specific sub accounts. The current God mode is nice for developers, but a potential drama in serious production applications.

                      3 months later

                      @Jakob-Y#276705 Kan je de OAuth flow ook gebruiken voor persoonlijk gebruik en zonder psd2 licentie?

                        @New-Raspberry-Ewe-798223292#292542 Je kunt voor vragen over de API het beste contact opnemen met apipartner@bunq.com!

                          Write a Reply...