Introducing: Plutus. Don’t Buy Crypto, Earn It!
Earn Crypto Rewards every time you shop with a Visa Debit Card. Plutus is a platform that has been building a connection between cryptocurrency and…
Unlike most APIs, the bunq API requires up to 8 headers to be passed along with every request. Moreover, most of them are custom and so have a special purpose. What important mission do the bunq headers carry out? Let’s find out.
Aside from the standard headers such as Cache-Control and User-Agent, bunq is designed to work with 6 peculiar headers that help us do two things:
That’s 2 groups and more than 2 headers. Let’s stop by the impact every header has on the work of bunq and see to which out of two groups it belongs and why.
The bunq API expects you to tell us whether you prefer en_US or nl_NL to respond to your requests in your language of preference. You will, for example, notice that error descriptions are returned in the language you choose in the header — either English or Dutch.
Information about the country the device is located in helps us to properly localize the messages delivered to the bunq user: they are returned in not only the right language but also in the right format that is specific to the region. For example, this header tells us what currency format to use in relevant messages by default.
bunq asks you to give each request a unique ID for 3 purposes:
X-Bunq-Client-Request-Id
).When the geolocation from which an operation is made is passed in X-Bunq-Geolocation
, bunq maps it with the relevant event. For instance, we link the location of transactions with the payment events the user sees in the bunq app.
The bunq API requires you to pass the authentication token to validate that the request is sent by you, that is, with a valid token that identifies you.
Trivia: You receive an authentication token after doing either of these:
access_token
you get after your authorization request is accepted by another bunq user.We require you to pass the public key of your key pair for 2 reasons:
The response headers of the bunq API mirror the request headers to close the mapping and security loops:
X-Bunq-Client-Request-Id
returns the X-Bunq-Client-Request-Id of the request so we could map the request with its response;X-Bunq-Client-Response-Id
provides an ID you can use as extra protection against replay attacks;X-Bunq-Server-Signature
verifies the response is sent by bunq.Haven’t experienced the freedom of programmable banking yet? Start in seconds by just running a command! No need to create API keys. 😉
Choose your language:
$ bash >(curl -s https://tinker.bunq.com/php/setup.sh)
$ bash >(curl -s https://tinker.bunq.com/python/setup.sh)
$ bash >(curl -s https://tinker.bunq.com/java/setup.sh)
$ bash >(curl -s https://tinker.bunq.com/csharp/setup.sh
)