While screen scraping has been bridging the connection gap between banks and fintech for decades, banks are now starting to deprecate it because of PSD2. On the other hand integration with bunq, a neobank with an open banking API built by a fellow developer has been no problem since February 2017. bunq has managed to build a growing community around its API since then, and it serves as an example for other European banks striving to innovate.
The bunq API supports more than 200 endpoints, which exceeds the functionality of most bank APIs. Unlike other banks with APIs, bunq allows for secure interaction with cards, extended account management and payments beyond their initiation alone. This does not exclude the capabilities required by the PSD2 directive such as bank account data retrieval, payment initiation, and funds availability confirmation.
The best thing about the bunq API is that it allows developers to access their personal bank accounts programmatically.
Apart from providing the obvious benefit of direct API access, bunq has also gone above and beyond just offering SDKs and a sandbox. It has developed a way to connect to the bunq sandbox and switch to the production in seconds!
Let's see what bunq did that made its API one of the best open banking APIs in more detail.
Unique banking data API resources
The bunq API is used by the company itself for its application, which explains the rich range of endpoints it provides. The API allows developers to access most features of the bunq app, which include but are not limited to working with rare peculiar banking API concepts such as cvc2 codes, pin codes, QR-code payments, bank account events, and country permissions.
Here is a short non-all-encompassing list of what you can do with the bunq API paths and operations:
- order, activate and replace bank cards;
- create, update and delete monetary accounts;
- link cards to monetary accounts;
- update pin codes and country permissions;
- retrieve and update cvc2 codes;
- request, initiate and schedule payments;
- read and manage account information;
- download attachments (in the roadmap).
The scope of actions and data available via this open banking API is perfect for building invoicing, accounting, payment, expense, ERP or any other business management system you can think of. You can find some examples of apps and services built using the bunq API at the bunq community forum.
With PSD2 in effect, banks and fintech companies must comply with many rules, which for many has been, and still is, a challenge. The bunq sandbox, however, already supports all the functions that are required by PSD2 such as account information retrieval, payment initiation and confirmation of the availability of funds.
Besides the mandatory functions that APIs need to cover, PSD2 also requires companies to authorize and register themselves. Therefore bunq has built a PSD2 compliant authorization which developers can test with a test eIDAS certificate that they can create by running this command:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj '/CN=My App PISP AISP/C=NL'
The next steps are registering this test certificate and setting up OAuth, which are fully covered in the bunq SDKs. The SDK shortcuts make it possible to connect and authorize as a PSD2 user in 10 minutes.
To switch to the bunq PSD2 API production, companies need to perform the authorization with a real eIDAS certificate.
Open for personal use
You don't have to be a company to use the bunq API. It is accessible to everyone who wants to access their personal bank account programmatically.
Making an account and having it approved takes about 15 minutes. From there, running Tinker (see below) is the easiest way to start using the API in either the sandbox or production environment.
There are currently four official SDKs that help developers connect to the API and send signed requests:
The bunq SDKs support the PSD2 authorization.
Switch between sandbox or production in seconds
Tinker, the fastest way to start with the bunq API
bunq uses its own SDKs to write sample implementations and projects that developers can reuse. Tinker is one of them.
Tinker demonstrates all the basic API endpoint implementations that companies would want to use. The absolute advantages it has over using SDKs or connecting with the sandbox directly are the following:
- the code is highly reusable
- it is connected to the sandbox by default
- It is the easiest way to create test users with fake login credentials that work
- the production is just a "go pro" QR-code scan away
- developers don't need to worry about creating API keys
- running Tinker only takes running a command in the language of choice:
$ bash >(curl -s https://tinker.bunq.com/php/setup.sh)
$ bash >(curl -s https://tinker.bunq.com/python/setup.sh)
$ bash >(curl -s https://tinker.bunq.com/java/setup.sh)
$ bash >(curl -s https://tinker.bunq.com/csharp/setup.sh)
Postman, the easiest way to work with the bunq API
bunq provides 3 JSON files developers can import as a collection into a Postman workspace. The bunq API Postman collection helps to create a session, signs the request and allows to switch between the sandbox and production environments in two clicks.
bunq loves developers
Founded and led by a developer, bunq is extremely friendly to developers. It offers coders a completely open banking API that fits any fintech initiative, allows for personal projects, and is equipped with the tools and mechanisms that make development fun.