Update, regarding the create-payment also add a limit to the amoud of money you can send with the api.

And/or restrict the bank account(s) you can use with the api, so you can only send money from and/or to, selected accounts would be a lot safer. One use of the api for me is to send money to my savings account, that is always the same iban number so limit the payment to only a selected set of ibans would be nice, if you send to a new numer just popup a message in the app so you can allow/block te payment or allow all accounts in your favorites list for example

The api is now way to open and risky the wild card option is nice but not withoud some restriction options.

Hi Xander, thanks for bringing up again this topic, I want to ask your opinion on bunq Connect: some of our accounting partners are using it to connect monetary accounts to accounting softwares and create payments, requests or simply view transaction.

Would the current Connect, or an enhanced version of it, be a more user friendly substitute to the API key for many use-cases?

+1, I would love to have more control over what an API key can and cannot do.

Hey Xander,

Here is some information regarding the connect feature: https://together.bunq.com/topic/what-is-connect-and-why-should-i-use-it

Regarding the API, this will allow you to use the connected account as of it is one of your own accounts and therefore you are able to make payments, view transactions ect all from your own API key. You can easily play around with it in the sandbox environment to get a better understanding of it.

perhaps the scopes granted to an api-key should be defined in the account?

So an account would have a property "scopes" : { "apiKeys" : { "_some_key_" : { "_some_ip_" : { "transactions" : [ "read" ] , "payments" : [ "read-key-only" , "create" ] } } } }

Up, would be way safer!

Completely agree.

For example, I wrote a script to upload transacitons to ynab (github.com/wesselt/bunq2ynab). But even if there was another BUNQ user who also uses YNAB, I can't imagine they would trust my code with their API key. The call to create a session token returns my driver's license number, birthdate, city of birth ....!?! Why doesn't the API support tokens for a limited set of accounts and with read rights?

For app creation to be really interesting this needs to be implemented! Does someone from Bunq know if this is on the wishlist at least?

Hi Nevil,

Thanks for following-up! I went ahead and made sure this is now added to the Wishlist 👍

We appreciate your contribution and if we ever have any updated information we will be sure to update this topic.

Keep sharing your awesome suggestions and enjoy your weekend 🙂

Just want to throw in my two cents as well. The GitHub API has a very nice overview of the permissions you can give an API token/key. I added a screenshot of it to this post. Having a settings page like this would be great for the bunq API. This way you can really fine tune what you are and are not allowed to do with an API key.

But again: A significant first step would be to have read-only API keys.

Yeah, nice! This is a must have! 👍

As an inspiration, I really like the Bittrex api: https://support.bittrex.com/hc/en-us/articles/115003723911-Developer-s-Guide-API

It has 3 levels, public (no authentication, public data), then a level that is basically read only. Then 1 that can change stuff within an account. And finally a very high risk key that can transfer money away from your account. I never created that key so I m pretty safe.

API key permissions is a must have. It would be nice to be able to specify permissions per bank account.

Requested almost 2 years ago and still nothing, is this going to be implemented Bunq?

I have my administrative staff paying our bills with full access of my bank account, but I want to limit it. And the newest 'limited connect' feature you released a few weeks ago doesn't work for our purpose, since they cannot pay iDeal payments when using limited connect. They can only do manual transfers.

So I really hope this will be implemented, because with PSD2 coming up I will probably will have to head back over to a bigger bank with my business, if it's not implemented on the side of Bunq.

Any update?

@jvdz#97210 no updates here Joris. bunq never discloses what they are working on. Unfortunately we just have to wait and see whether this is build or not. When it's here bunq will announce is of course. 🙂👍