Amazing news! We have updated all our SDKs to catch up with the new, simplified signing mechanism:
- only sign the body of requests automagically;
- verify bunq response signatures, no matter whether the whole response or only the body is signed.
Once upgraded to the latest version, you are ready for our upcoming switch to only signing the response body.
Jump to the latest release in one click:
If you are not using our SDKs, you can test out the new response validation in sandbox:
- send a request with only the body signed, and you will get a response with only the body signed too;
- unsigned requests (those that don’t need to be signed anymore 🙌) will get responses with only the body signed;
- fully signed requests will get fully signed responses.
If you validate full requests, remove the status code, headers, and separators from the data-to-sign constant in your integration.
We are signing entire requests till April 28, 2020 09:59 UTC. On that day, we will start signing the request body only at 10:00 UTC.