• Developers

  • Cannot use OAuth authentication on myself

A while ago I built something with your api to transfer 1 euro from my Savings account to my Gadget fund for every kilometer that I run. It's working fine, but because of the very broad permissions of the api, it isn't a nice feeling knowing that if someone would get ahold of my api credentials, my entire account could be plundered.

So when I saw that you are now offering OAuth, I got really excited. Especially because of these reduced permissions that you are offering there:
- Read only access to the Monetary Accounts.
- Read access to Payments & Transactions.
- Create new Payments, but only between Monetary Accounts belonging to the same user. (me: Yay!)
- Create new Draft-Payments.
- Change the primary monetary to which a Card is linked to.
- Read only access to Request-Inquiries and Request-Responses.

I would have loved to grant myself access through OAuth so I could make my script safer. But when I tried to scan the QR code to accept the OAuth request, I was shown:

"You cannot accept this connection request because the client is registered under your bunq account".

Is there any (other?) way I could still profit from reduced permissions when using the api?

    This is actually really silly in my opinion that you're not allowed to use your own client. How are developers supposed to test their oauth apps of they can't use it themselves? šŸ˜…

    Definitely agree with Kees that this is a must have feature

      I also totally agree with you guys! šŸ‘

        @Gregory#25679 Indeed! If I would want to open up my service to other bunq users as well, I would have no way of testing the OAuth authentication first.

          This is also blocking us from changing our accounting integrations šŸ™‚

            5 days later

            Same thing here. Iā€™m waiting for this to be solved, so that I can continue implementing OAuth.

              Can bunq support maybe give an update about the status of this issue?
              How can we, as developers, test OAuth? Now it's only possible when you have two Premium accounts (or Business).

              I get the same warning when scanning the OAuth QR-code:

                Hi all,

                We appreciate your feedback on this. I don't have an update at this time, but I will be sure to follow-up with all of you if I have any new information šŸ‘.

                Thanks!

                  Thanks for your message @Elise-Green-Puma-3805320311#27619 !

                    a month later

                    Hi bunqers,

                    I'm here to bring some good, mid-week news šŸ˜„.

                    This issue has been fixed šŸ™Œ. You can now connect to your own oAuth as a developer, so you no longer need to use two oAuth accounts to develop an app.

                    Enjoy!

                      @Elise-Green-Puma-3805320311#32268 Thanks šŸ™

                        @Xander#32428 You're welcome šŸ˜„šŸ‘

                          5 days later

                          Awesome, thanks bunq!

                            Write a Reply...