Hey bunqers 🌈

A new regulated set of laws for banks, also known as PSD2, have been implemented by the EU. PSD2 was created as a way to get banks to open up their systems so that new fin-techs could start using them to build solutions.

If you would like to read about the Revised Payment Service Directive, please check out this article from Evry

At bunq, we've always believed in innovation and transparency. That's why we opened up our API in 2017. This showed great success, but PSD2 has required our API to go through some changes.

We've taken the first step in this update by releasing a new sandbox environment. This lets anyone test and provide feedback for the new way our API will allow Account Information Service Providers (AISP) and Payment Initiation Service Providers (PISP) to interact with bunq accounts.

⚠️Note: PSD2-licensed providers do not have access to the bunq Developer Portal. Instead, you must follow the flow outlined in our official PSD2 documentation. This ensures a secure and compliant onboarding process aligned with regulatory requirements.

What is PSD2?

PSD2 (Second Payment Services Directive) is an EU regulation that makes online payments safer and gives you more control over your financial data. It requires banks to let third-party apps access your account information, with your consent, and introduces strong security measures like two-factor authentication.

Authentication update

One of the major changes incorporated in the sandbox update is the new approach of how banks must authenticate payment service providers, financial business administration solutions, checkout systems, budgeting tools, invoicing software and any other AISP/PISP.

OAuth flows

We will continue following the Dynamic Client Registration specification and the current OAuth flow. The only change is the scope of sandbox operations that are allowed through OAuth (since permissions now depend on the role of the TPP).

AISPs can read account information such as the following:

• legal name
• nationality
• IBAN
• card validity data
• account balance

Transactions PISPs are allowed to do the following:

• read account information
• initiate payments
• confirm whether there are sufficient funds available on the user's account to cover a payment initiated by the TPP.

Connecting to the bunq PSD2-compliant sandbox

By connecting to Sandbox, anyone can start exploring the new bunq API. Just follow the 5 steps below:

1. Create a test PSD2 certificate.
2. Get a PSD2 user by following the PSD2 authentication flow.
3. Register an OAuth application.
4. Create an additional sandbox user that will play the role of an end user.
5. Authenticate the user via OAuth.
6. Start testing!

Need further help?

If you have any questions about the PSD2 API, feel free to email us at apipartners@bunq.com.

Related topics

• bunq API
• How to find bunq API object/field descriptions?
• Zapier integrations: automate your finances and start saving time

Want to learn more? Explore more bunq knowledge here ✨