API ACL levels.

Gijs shared this idea 2 months ago

I'm wondering if the API keys allow any kind of access control?

So for example a read only API key that is only able to retreive transactions with a set number of bank accounts associated with a bunq account.

Or for example only being able to retreive balance.

Asking this because I'm trying to orient myself into building a transparancy feature which would publish realtime payment data to a website.

Security wise I would think that bunq side access control would be way preferable over my own or third party programming skills ;)

The docs don't seem to mention anything on the authentication page, and I don't have premium yet to start testing and verifyin on my own.

Comments (6)


Hey there!

At the moment, API keys give access to the entire account. You could try using it with the Connect feature where you can make it read only. 👍


@Koen: could you explain how the Connect feature works from a developer perspective? What API key would you use?


Hi Wessel! if you use connect, then you use your own developer key. Just as you do when using the app, you login with your credentials and via the connect you can see MA details of the other person.

Check out this page to learn how to set up a Connect through our API. Cheers!


I'd call that a bit of an ugly and hacky solution ;)

Switched the topic type from question to idea, perhaps something for on a whishlist? ;)



I am trying to automate things in a WordPress website, but if someone could get code execution, they can in theory transfer money out from the account.

ACL could solve this by not allowing this API key to make payments (for example).


This is so needed Bunq, it is literally the last thing that is keeping our company from switching over from ABN Amro to bunq. I want to be able to give my staff access to make a draft payment, which I then only have to OK. Permissions at API level should make this possible. Please put this higher on your wishlist priority, it would make life so much easier for us.