Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
40 lines (23 sloc) 2.5 KB

Connect as a PSD2 service provider

As a service provider, either an Account Information Service Provider (AISP) or Payment Initiation Service Provider (PISP), you have obtained or are planning to obtain a licence from your local supervisor. You will need your unique eIDAS certificate number to start using the PSD2-compliant bunq API on production.

We accept pseudo certificates in the sandbox environment so you could test the flow. You can generate a test certificate using this command:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj '/CN=My App PISP AISP/C=NL'

{% page-ref page="../../basics/sandbox/" %}

Register as a service provider

Before you can read information on bunq users or initiate payments, you need to register a PSD2 account and receive credentials that will enable you to access the bunq user accounts.

  1. Execute POST v1/installation and get your installation Token with a unique random key pair.
  2. Use the installation Token and your unique PSD2 certificate to call POST v1/payment-service-provider-credential. This will register your software.
  3. Receive your API key in return. It will identify you as a PSD2 bunq API user. You will use it to start an OAuth flow. The session will last 90 days. After it closes, start a new session using the same API key.
  4. Register a device by using POST v1/device-server using the API key for the secret and passing the installation Token in the X-Bunq-Client-Authentication header.
  5. Create your first session by executing POST v1/session-server. Provide the installation Token in the X-Bunq-Client-Authentication header. You will receive a session Token. Use it in any following request in the X-Bunq-Client-Authentication header.

{% hint style="info" %} The first session will last 1 hour. Start a new session within 60 minutes. {% endhint %}

Register your application

Before you can start authenticating on behalf of a bunq user, you need to get Client ID and Client Secret, which will identify you in requests to the user accounts.

  1. Call POST /v1/user/{userID}/oauth-client
  2. Call GET /v1/user/{userID}/oauth-client/{oauth-clientID}. We will return your Client ID and Client Secret.
  3. Call POST /v1/user/{userID}/oauth-client/{oauth-clientID}/callback-url. Include the OAuth callback URL of your application.
  4. You are ready to initiate authorization requests.

You can’t perform that action at this time.