Hello Bunq,
As I am currently developing against the BUNQ API, I have a little problem with the fixed IP pollicy per API key. Using the sandbox, and developing from my dev box, I can do calls only from the IP address I did the first API call (registering a "device_server"). Since I travel a lot and I am used to develop in the train, at the office, at home and in some coffee shops. I am stuck as soon as I change my position and thus IP.
It seems possible to add an extra IP, however as I understand it, this can only be done from the first IP address the API key was used. This may be difficult to replicate. Also it is not always possible to predict my future IP addresses.
I tried to use DELETE /v1/device-server after the session was ready to close, in order to restart a new device_server from same API_KEY (secret), that will that be connected to a possible different IP, however the DELETE is not supported in this resource.
In production I face a similar problem, since I use cloud hosted VM, I cannot always predict the used IP addressed either
Any ideas how to handle this kind of problem is welcome.
Can we add a wildcard IP to the whitelist ? Allowing to use a less tight coupling of API key and IP ?
Related to this, what is the reasoning behind are extra incoming IP addresses costing 5 euro / month ? Is this a security thing ? Storing the IP address itself wil not be near that expensive ?