• Developers

  • Role based API - read-only API key

Like any cloud storage & compute providers, I would expect that the Bunq API has an IAM option, where you could for example create read-only API keys (on a specific bank-account).

It can be used to provide read-only access to my account to let API developers build services that would only analyse my data and provide suggestions.

The current setup can change payments (not paying outside the account, I know), but IAM (Identity Access Management) is really a fundamental need when you provide a public API.

Hope you can add this, while I expect people will appreciate the clearity to add other developers to their bank accounts.

👍

    @Joey-Violet-Eagle#46588 The OAuth setup gives you read only access. Have you checked that out? It might be sufficient for your needs already. 😁

      @Sander#46595 Yes but it also provides ability to send money between your own accounts, right? A bug from a external service shoukd never be able to do this, right?

        @Joey-Violet-Eagle#46671
        OAuth will enable you to:

        • Have read only access to monetary accounts (e.g. developer can't create MAs, but can get a list of the MAs that you have).
        • Have read only access to payments (e.g. developer can't make payments, but can read view the transactions that you made).
        • Have read and write access to Draft-Payments (e.g. developer CAN create draft payments that need to be approved by the user).
        • Make payments between monetary accounts belonging to the same user (without need for the user to approve them).
        • Change the account to which a card is linked to. It is not possible to order cards, or add/edit a secondary/backup account for a card.
        • Read/list request inquiries.
        • Read/list request responses.

          @Bastiaan#46675 Thanks, did not read the docs well but this indeed answers my question

            I asked the Grip team from ABN AMRO if their app couldn’t work with OAuth because of this topic. Right now they need API access which seems a bit excessive 🤔

              5 months later

              I also have a use case for API keys with special privileges and limitations. I want a family member to only access one of my monetary accounts. It would be GREAT if I can open the API keys section, select one key and then (de-)select accounts and actions (view transactions, make payments, ...).

                @ms-jansen#89630 I still support the idea of having more permissions but your use case sounds like it could be done by a basic Connect request right? Unless they don't have a bunq account themselves ofcourse

                  @Gregory#89635 In our case, his contract does not include API keys. But I also want to limit the privileges that I give an application (e.g. not accessing my savings account).

                    @ms-jansen#89637 As Gregory already mentioned, that sounds exactly like what a Connect is for; access to a single account. 🙂

                      @Sander#89655 Het zou alleen wel fijn zijn als je de API toestemmingen beter kan beheren. Het is nu alles of niets. Je kan niet alleen toegang geven tot rekening X of alleen rekening Y. Als je toegang wil geven dan moet je toegang geven tot X+Y.

                        Hier wacht ik al 2 jaar op, please bunq! We need this.

                          2 years later

                          Bunq, pretty please 🙏🤷‍♂️

                            3 years later

                            I want this too, because I want to make a simple UI to view transactions real-time, so I can safely share it with my employee(s)/accountant without having to worry about security issues. Of course, the connect feature allows this to, but it requires the employee to create a BUNQ user without creating your own account, and the flow to create one is unintuitive, to say the least.

                              Write a Reply...