I noticed recurring topics about how API keys with a static IP were limiting the possibility to start developing as well as the testing of applications.
So we decided to tackle this problem and come out with a solution for you! 💪 Today's update includes a new feature called Wildcard API Key that offers the possibility to get a special API key that accepts any IP. The new feature comes included with bunq Premium.
That being said, this post is not just about announcing the feature but rather also about our reasoning behind it and the attached risks.
APIs are the brick and mortar of today’s connected society, thanks to them tons of services can communicate and interact with each other. But as one of the first European banks with a public API we have a responsibility to make it safe, as well as easy to use.
That's why the other API keys are bound to a singular IP address: it gives it an extra layer of security. The Wildcard API Keys are less safe. If someone gets their hands on your key they will have full access to your account. Which is something we want to prevent at all costs.
We want to protect our users but at the same time give a better use of our API. It is for this reason the new Wildcard API Key comes with a clear warning.
I would be very happy to hear your feedback on this matter. Thank you all! 🌈