Download OpenAPI specification:Download
NOTICE: We have updated the sandbox base url to https://public-api.sandbox.bunq.com/v1/. Please update your applications accordingly. Check here: https://github.com/bunq/sdk_php/issues/149 for more info.
+ " fill="currentColor">Download OpenAPI specification:Download
NOTICE: We have updated the sandbox base url to https://public-api.sandbox.bunq.com/v1/. Please update your applications accordingly. Check here: https://github.com/bunq/sdk_php/issues/149 for more info.
NOTICE: We're changing the origin of our callbacks for sandbox to originate from the Amazon network. Read the receiving callbacks section for more info.
Welcome to bunq!
X-Bunq-Client-Request-Id: a4f0de
The same ID that was provided in the request's X-Bunq-Client-Request-Id header. Is included in the response (and request) signature, so can be used to ensure this is the response for the sent request.
-X-Bunq-Client-Response-Id: 76cc7772-4b23-420a-9586-8721dcdde174
A unique ID for the response formatted as a UUID. Clients can use it to add extra protection against replay attacks.
This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.
This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued.
The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call
-| bunqme_tab_entry required | object (BunqMeTabEntry_5b0ec48ca55eb) |
| status | string The status of the bunq.me. Ignored in POST requests but can be used for cancelling the bunq.me by setting status as CANCELLED with a PUT request. + |
| bunqme_tab_entry required | object (BunqMeTabEntry_5b11106ad4802) |
| status | string The status of the bunq.me. Ignored in POST requests but can be used for cancelling the bunq.me by setting status as CANCELLED with a PUT request. |
bunq.me tabs allows you to create a payment request and share the link through e-mail, chat, etc. Multiple persons are able to respond to the payment request and pay through bunq, iDeal or SOFORT.
This is how the error response looks like for 4XX response codes
This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.
This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued.
The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call
-| bunqme_tab_entry required | object (BunqMeTabEntry_5b0ec48ca55eb) |
| status | string The status of the bunq.me. Ignored in POST requests but can be used for cancelling the bunq.me by setting status as CANCELLED with a PUT request. + |
| bunqme_tab_entry required | object (BunqMeTabEntry_5b11106ad4802) |
| status | string The status of the bunq.me. Ignored in POST requests but can be used for cancelling the bunq.me by setting status as CANCELLED with a PUT request. |
bunq.me tabs allows you to create a payment request and share the link through e-mail, chat, etc. Multiple persons are able to respond to the payment request and pay through bunq, iDeal or SOFORT.
This is how the error response looks like for 4XX response codes
The activation code required to set status to ACTIVE initially. Can only set status to ACTIVE using activation code when order_status is ACCEPTED_FOR_PRODUCTION and status is DEACTIVATED.
The status to set for the card. Can be ACTIVE, DEACTIVATED, LOST, STOLEN or CANCELLED, and can only be set to LOST/STOLEN/CANCELLED when order status is ACCEPTED_FOR_PRODUCTION/DELIVERED_TO_CUSTOMER/CARD_UPDATE_REQUESTED/CARD_UPDATE_SENT/CARD_UPDATE_ACCEPTED. Can only be set to DEACTIVATED after initial activation, i.e. order_status is DELIVERED_TO_CUSTOMER/CARD_UPDATE_REQUESTED/CARD_UPDATE_SENT/CARD_UPDATE_ACCEPTED. Mind that all the possible choices (apart from ACTIVE and DEACTIVATED) are permanent and cannot be changed after.
The limits to define for the card, among CARD_LIMIT_CONTACTLESS, CARD_LIMIT_ATM, CARD_LIMIT_DIPPING and CARD_LIMIT_POS_ICC (e.g. 25 EUR for CARD_LIMIT_CONTACTLESS). All the limits must be provided on update.
-The countries for which to grant (temporary) permissions to use the card.
+The countries for which to grant (temporary) permissions to use the card.
The ID of the monetary account that card transactions will use.
Array of Types, PINs, account IDs assigned to the card.
ID of the MA to be used as fallback for this card if insufficient balance. Fallback account is removed if not supplied.
@@ -1005,7 +1005,7 @@The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call
| second_line required | string The second line of text on the card, used as name/description for it. It can contain at most 17 characters and it can be empty. |
| name_on_card required | string The user's name as it will be on the card. Check 'card-name' for the available card names for a user. - |
| alias | object (Pointer_5b0ec481ab8e1) |
| type | string The type of card to order. Can be MAESTRO or MASTERCARD. + |
| alias | object (Pointer_5b111061c79b4) |
| type | string The type of card to order. Can be MAESTRO or MASTERCARD. |
| pin_code_assignment | Array of object Array of Types, PINs, account IDs assigned to the card. |
| monetary_account_id_fallback | integer ID of the MA to be used as fallback for this card if insufficient balance. Fallback account is removed if not supplied. |
With bunq it is possible to order debit cards that can then be connected with each one of the monetary accounts the user has access to (including connected accounts).
@@ -1031,7 +1031,7 @@| name required | string The name of the CashRegister. Must be unique for this MonetaryAccount. |
| status required | string The status of the CashRegister. Can only be created or updated with PENDING_APPROVAL or CLOSED. |
| avatar_uuid required | string The UUID of the avatar of the CashRegister. Use the calls /attachment-public and /avatar to create a new Avatar and get its UUID. - |
| location | object (Geolocation_5b0ec481c89c7) |
| notification_filters | Array of object The types of notifications that will result in a push notification or URL callback for this CashRegister. + |
| location | object (Geolocation_5b111061e5191) |
| notification_filters | Array of object The types of notifications that will result in a push notification or URL callback for this CashRegister. |
| tab_text_waiting_screen | Array of object The tab text for waiting screen of CashRegister. |
CashRegisters are virtual points of sale. They have a specific name and avatar, and optionally, a location.
With a CashRegister you can create a Tab and then use a QR code to receive payments.
Check out our Quickstart example to learn how you can easily create Tab payments.
Notification filters can be set on a CashRegister to receive callbacks. For more information check the dedicated callbacks page.
This is how the error response looks like for 4XX response codes
@@ -1066,7 +1066,7 @@| name required | string The name of the CashRegister. Must be unique for this MonetaryAccount. |
| status required | string The status of the CashRegister. Can only be created or updated with PENDING_APPROVAL or CLOSED. |
| avatar_uuid required | string The UUID of the avatar of the CashRegister. Use the calls /attachment-public and /avatar to create a new Avatar and get its UUID. - |
| location | object (Geolocation_5b0ec481c89c7) |
| notification_filters | Array of object The types of notifications that will result in a push notification or URL callback for this CashRegister. + |
| location | object (Geolocation_5b111061e5191) |
| notification_filters | Array of object The types of notifications that will result in a push notification or URL callback for this CashRegister. |
| tab_text_waiting_screen | Array of object The tab text for waiting screen of CashRegister. |
CashRegisters are virtual points of sale. They have a specific name and avatar, and optionally, a location.
With a CashRegister you can create a Tab and then use a QR code to receive payments.
Check out our Quickstart example to learn how you can easily create Tab payments.
Notification filters can be set on a CashRegister to receive callbacks. For more information check the dedicated callbacks page.
This is how the error response looks like for 4XX response codes
@@ -1518,7 +1518,7 @@The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call
| status | string The status of the draft share invite. Can be CANCELLED (the user cancels the draft share before it's used). |
| expiration required | string The moment when this draft share invite expires. - |
| draft_share_settings required | object (DraftShareInviteEntry_5b0ec48d393c3) |
Used to create a draft share invite for a monetary account with another bunq user, as in the 'Connect' feature in the bunq app. The user that accepts the invite can share one of their MonetaryAccounts with the user that created the invite.
+Used to create a draft share invite for a monetary account with another bunq user, as in the 'Connect' feature in the bunq app. The user that accepts the invite can share one of their MonetaryAccounts with the user that created the invite.
This is how the error response looks like for 4XX response codes
Used to create a draft share invite for a monetary account with another bunq user, as in the 'Connect' feature in the bunq app. The user that accepts the invite can share one of their MonetaryAccounts with the user that created the invite.
| userID required | integer |
| Cache-Control required | string The standard HTTP Cache-Control header is required for all requests. @@ -1550,7 +1550,7 @@Visibility |
| X-Bunq-Client-Authentication required | string The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call |
| status | string The status of the draft share invite. Can be CANCELLED (the user cancels the draft share before it's used). |
| expiration required | string The moment when this draft share invite expires. - |
| draft_share_settings required | object (DraftShareInviteEntry_5b0ec48d393c3) |
Used to create a draft share invite for a monetary account with another bunq user, as in the 'Connect' feature in the bunq app. The user that accepts the invite can share one of their MonetaryAccounts with the user that created the invite.
+Used to create a draft share invite for a monetary account with another bunq user, as in the 'Connect' feature in the bunq app. The user that accepts the invite can share one of their MonetaryAccounts with the user that created the invite.
This is how the error response looks like for 4XX response codes
Create a new annual overview for a specific year. An overview can be generated only for a past year.
| userID required | integer |
| Cache-Control required | string The standard HTTP Cache-Control header is required for all requests. @@ -1777,7 +1777,7 @@Visibility |
| X-Bunq-Client-Request-Id required | string This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer. |
| X-Bunq-Geolocation required | string This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued. |
| X-Bunq-Client-Authentication required | string The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call - |
| attachment required | object (BunqId_5b0ec481db9dc) |
Create new messages holding file attachments.
+| attachment required | object (BunqId_5b11106203b36) |
Create new messages holding file attachments.
This is how the error response looks like for 4XX response codes
Add a new text message to a specific conversation.
| userID required | integer |
| chat-conversationID required | integer |
| Cache-Control required | string The standard HTTP Cache-Control header is required for all requests. @@ -1830,13 +1830,13 @@Visibility |
| X-Bunq-Client-Authentication required | string The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call |
| currency required | string The currency of the MonetaryAccountBank as an ISO 4217 formatted currency code. |
| description | string The description of the MonetaryAccountBank. Defaults to 'bunq account'. - |
| daily_limit | object (Amount_5b0ec481a926d) |
| avatar_uuid | string The UUID of the Avatar of the MonetaryAccountBank. + |
| daily_limit | object (Amount_5b111061c603a) |
| avatar_uuid | string The UUID of the Avatar of the MonetaryAccountBank. |
| status | string The status of the MonetaryAccountBank. Ignored in POST requests (always set to ACTIVE) can be CANCELLED or PENDING_REOPEN in PUT requests to cancel (close) or reopen the MonetaryAccountBank. When updating the status and/or sub_status no other fields can be updated in the same request (and vice versa). |
| sub_status | string The sub-status of the MonetaryAccountBank providing extra information regarding the status. Should be ignored for POST requests. In case of PUT requests with status CANCELLED it can only be REDEMPTION_VOLUNTARY, while with status PENDING_REOPEN it can only be NONE. When updating the status and/or sub_status no other fields can be updated in the same request (and vice versa). |
| reason | string The reason for voluntarily cancelling (closing) the MonetaryAccountBank, can only be OTHER. Should only be specified if updating the status to CANCELLED. |
| reason_description | string The optional free-form reason for voluntarily cancelling (closing) the MonetaryAccountBank. Can be any user provided message. Should only be specified if updating the status to CANCELLED. |
| notification_filters | Array of object The types of notifications that will result in a push notification or URL callback for this MonetaryAccountBank. - |
| setting | object (MonetaryAccountSetting_5b0ec48d67e4a) |
With MonetaryAccountBank you can create a new bank account, retrieve information regarding your existing MonetaryAccountBanks and update specific fields of an existing MonetaryAccountBank. Examples of fields that can be updated are the description, the daily limit and the avatar of the account.
Notification filters can be set on a monetary account level to receive callbacks. For more information check the dedicated callbacks page.
With MonetaryAccountBank you can create a new bank account, retrieve information regarding your existing MonetaryAccountBanks and update specific fields of an existing MonetaryAccountBank. Examples of fields that can be updated are the description, the daily limit and the avatar of the account.
Notification filters can be set on a monetary account level to receive callbacks. For more information check the dedicated callbacks page.
This is how the error response looks like for 4XX response codes
Create new MonetaryAccountBank.
| userID required | integer |
| Cache-Control required | string The standard HTTP Cache-Control header is required for all requests. @@ -1848,13 +1848,13 @@Visibility |
| X-Bunq-Client-Authentication required | string The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call |
| currency required | string The currency of the MonetaryAccountBank as an ISO 4217 formatted currency code. |
| description | string The description of the MonetaryAccountBank. Defaults to 'bunq account'. - |
| daily_limit | object (Amount_5b0ec481a926d) |
| avatar_uuid | string The UUID of the Avatar of the MonetaryAccountBank. + |
| daily_limit | object (Amount_5b111061c603a) |
| avatar_uuid | string The UUID of the Avatar of the MonetaryAccountBank. |
| status | string The status of the MonetaryAccountBank. Ignored in POST requests (always set to ACTIVE) can be CANCELLED or PENDING_REOPEN in PUT requests to cancel (close) or reopen the MonetaryAccountBank. When updating the status and/or sub_status no other fields can be updated in the same request (and vice versa). |
| sub_status | string The sub-status of the MonetaryAccountBank providing extra information regarding the status. Should be ignored for POST requests. In case of PUT requests with status CANCELLED it can only be REDEMPTION_VOLUNTARY, while with status PENDING_REOPEN it can only be NONE. When updating the status and/or sub_status no other fields can be updated in the same request (and vice versa). |
| reason | string The reason for voluntarily cancelling (closing) the MonetaryAccountBank, can only be OTHER. Should only be specified if updating the status to CANCELLED. |
| reason_description | string The optional free-form reason for voluntarily cancelling (closing) the MonetaryAccountBank. Can be any user provided message. Should only be specified if updating the status to CANCELLED. |
| notification_filters | Array of object The types of notifications that will result in a push notification or URL callback for this MonetaryAccountBank. - |
| setting | object (MonetaryAccountSetting_5b0ec48d67e4a) |
With MonetaryAccountBank you can create a new bank account, retrieve information regarding your existing MonetaryAccountBanks and update specific fields of an existing MonetaryAccountBank. Examples of fields that can be updated are the description, the daily limit and the avatar of the account.
Notification filters can be set on a monetary account level to receive callbacks. For more information check the dedicated callbacks page.
With MonetaryAccountBank you can create a new bank account, retrieve information regarding your existing MonetaryAccountBanks and update specific fields of an existing MonetaryAccountBank. Examples of fields that can be updated are the description, the daily limit and the avatar of the account.
Notification filters can be set on a monetary account level to receive callbacks. For more information check the dedicated callbacks page.
This is how the error response looks like for 4XX response codes
Gets a listing of all MonetaryAccountBanks of a given user.
| userID required | integer |
| Cache-Control required | string The standard HTTP Cache-Control header is required for all requests. @@ -1874,7 +1874,7 @@Visibility |
| X-Bunq-Client-Request-Id required | string This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer. |
| X-Bunq-Geolocation required | string This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued. |
| X-Bunq-Client-Authentication required | string The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call - |
| amount required | object (Amount_5b0ec481a926d) |
| counterparty_alias required | object (Pointer_5b0ec481ab8e1) |
| description required | string The description for the Payment. Maximum 140 characters for Payments to external IBANs, 9000 characters for Payments to only other bunq MonetaryAccounts. Field is required but can be an empty string. + |
| amount required | object (Amount_5b111061c603a) |
| counterparty_alias required | object (Pointer_5b111061c79b4) |
| description required | string The description for the Payment. Maximum 140 characters for Payments to external IBANs, 9000 characters for Payments to only other bunq MonetaryAccounts. Field is required but can be an empty string. |
| attachment | Array of object The Attachments to attach to the Payment. |
| merchant_reference | string Optional data to be included with the Payment specific to the merchant. |
Using Payment, you can send payments to bunq and non-bunq users from your bunq MonetaryAccounts. This can be done using bunq Aliases or IBAN Aliases. When transferring money to other bunq MonetaryAccounts you can also refer to Attachments. These will be received by the counter-party as part of the Payment. You can also retrieve a single Payment or all executed Payments of a specific monetary account.
@@ -2034,7 +2034,7 @@This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.
This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued.
The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call
-| amount_inquired required | object (Amount_5b0ec481a926d) |
| counterparty_alias required | object (Pointer_5b0ec481ab8e1) |
| description required | string The description for the RequestInquiry. Maximum 9000 characters. Field is required but can be an empty string. + |
| amount_inquired required | object (Amount_5b111061c603a) |
| counterparty_alias required | object (Pointer_5b111061c79b4) |
| description required | string The description for the RequestInquiry. Maximum 9000 characters. Field is required but can be an empty string. |
| attachment | Array of object The Attachments to attach to the RequestInquiry. |
| merchant_reference | string Optional data to be included with the RequestInquiry specific to the merchant. Has to be unique for the same source MonetaryAccount. |
| status | string The status of the RequestInquiry. Ignored in POST requests but can be used for revoking (cancelling) the RequestInquiry by setting REVOKED with a PUT request. @@ -2066,7 +2066,7 @@Visibility |
| X-Bunq-Client-Request-Id required | string This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer. |
| X-Bunq-Geolocation required | string This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued. |
| X-Bunq-Client-Authentication required | string The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call - |
| amount_inquired required | object (Amount_5b0ec481a926d) |
| counterparty_alias required | object (Pointer_5b0ec481ab8e1) |
| description required | string The description for the RequestInquiry. Maximum 9000 characters. Field is required but can be an empty string. + |
| amount_inquired required | object (Amount_5b111061c603a) |
| counterparty_alias required | object (Pointer_5b111061c79b4) |
| description required | string The description for the RequestInquiry. Maximum 9000 characters. Field is required but can be an empty string. |
| attachment | Array of object The Attachments to attach to the RequestInquiry. |
| merchant_reference | string Optional data to be included with the RequestInquiry specific to the merchant. Has to be unique for the same source MonetaryAccount. |
| status | string The status of the RequestInquiry. Ignored in POST requests but can be used for revoking (cancelling) the RequestInquiry by setting REVOKED with a PUT request. @@ -2100,7 +2100,7 @@Visibility |
| X-Bunq-Client-Authentication required | string The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call |
| request_inquiries required | Array of object The list of request inquiries we want to send in 1 batch. |
| status | string The status of the request. - |
| total_amount_inquired required | object (Amount_5b0ec481a926d) |
| event_id | integer The ID of the associated event if the request batch was made using 'split the bill'. + |
| total_amount_inquired required | object (Amount_5b111061c603a) |
| event_id | integer The ID of the associated event if the request batch was made using 'split the bill'. |
Create a batch of requests for payment, or show the request batches of a monetary account.
This is how the error response looks like for 4XX response codes
The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call
| request_inquiries required | Array of object The list of request inquiries we want to send in 1 batch. |
| status | string The status of the request. - |
| total_amount_inquired required | object (Amount_5b0ec481a926d) |
| event_id | integer The ID of the associated event if the request batch was made using 'split the bill'. + |
| total_amount_inquired required | object (Amount_5b111061c603a) |
| event_id | integer The ID of the associated event if the request batch was made using 'split the bill'. |
Create a batch of requests for payment, or show the request batches of a monetary account.
This is how the error response looks like for 4XX response codes
This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer.
This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued.
The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call
-| amount_responded | object (Amount_5b0ec481a926d) |
| status required | string The responding status of the RequestResponse. Can be ACCEPTED or REJECTED. - |
| address_shipping | object (Address_5b0ec481abc72) |
| address_billing | object (Address_5b0ec481abc72) |
A RequestResponse is what a user on the other side of a RequestInquiry gets when he is sent one. So a RequestInquiry is the initiator and visible for the user that sent it and that wants to receive the money. A RequestResponse is what the other side sees, i.e. the user that pays the money to accept the request. The content is almost identical.
+| amount_responded | object (Amount_5b111061c603a) |
| status required | string The responding status of the RequestResponse. Can be ACCEPTED or REJECTED. + |
| address_shipping | object (Address_5b111061c7bc6) |
| address_billing | object (Address_5b111061c7bc6) |
A RequestResponse is what a user on the other side of a RequestInquiry gets when he is sent one. So a RequestInquiry is the initiator and visible for the user that sent it and that wants to receive the money. A RequestResponse is what the other side sees, i.e. the user that pays the money to accept the request. The content is almost identical.
This is how the error response looks like for 4XX response codes
Get the details for a specific existing RequestResponse.
| userID required | integer |
| monetary-accountID required | integer |
| itemId required | integer |
| Cache-Control required | string The standard HTTP Cache-Control header is required for all requests. @@ -2246,7 +2246,7 @@Visibility |
| X-Bunq-Client-Request-Id required | string This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer. |
| X-Bunq-Geolocation required | string This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued. |
| X-Bunq-Client-Authentication required | string The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call - |
| payment required | object (SchedulePaymentEntry_5b0ec4829e4f3) |
| schedule required | object (Schedule_5b0ec482a07ee) |
Endpoint for schedule payments.
+| payment required | object (SchedulePaymentEntry_5b111062b0f84) |
| schedule required | object (Schedule_5b111062b2e76) |
Endpoint for schedule payments.
This is how the error response looks like for 4XX response codes
Endpoint for schedule payments.
| userID required | integer |
| monetary-accountID required | integer |
| Cache-Control required | string The standard HTTP Cache-Control header is required for all requests. @@ -2286,7 +2286,7 @@Visibility |
| X-Bunq-Client-Request-Id required | string This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer. |
| X-Bunq-Geolocation required | string This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued. |
| X-Bunq-Client-Authentication required | string The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call - |
| payment required | object (SchedulePaymentEntry_5b0ec4829e4f3) |
| schedule required | object (Schedule_5b0ec482a07ee) |
Endpoint for schedule payments.
+| payment required | object (SchedulePaymentEntry_5b111062b0f84) |
| schedule required | object (Schedule_5b111062b2e76) |
Endpoint for schedule payments.
This is how the error response looks like for 4XX response codes
Endpoint for schedule payment batches.
| userID required | integer |
| monetary-accountID required | integer |
| itemId required | integer |
| Cache-Control required | string The standard HTTP Cache-Control header is required for all requests. @@ -2297,7 +2297,7 @@Visibility |
| X-Bunq-Geolocation required | string This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued. |
| X-Bunq-Client-Authentication required | string The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call |
| payments required | Array of object The payment details. - |
| schedule required | object (Schedule_5b0ec482a07ee) |
Endpoint for schedule payment batches.
+Endpoint for schedule payment batches.
This is how the error response looks like for 4XX response codes
Endpoint for schedule payment batches.
| userID required | integer |
| monetary-accountID required | integer |
| itemId required | integer |
| Cache-Control required | string The standard HTTP Cache-Control header is required for all requests. @@ -2318,7 +2318,7 @@Visibility |
| X-Bunq-Geolocation required | string This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued. |
| X-Bunq-Client-Authentication required | string The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call |
| payments required | Array of object The payment details. - |
| schedule required | object (Schedule_5b0ec482a07ee) |
Endpoint for schedule payment batches.
+Endpoint for schedule payment batches.
This is how the error response looks like for 4XX response codes
Show the ServerPublicKey for this Installation.
| installationID required | integer |
| Cache-Control required | string The standard HTTP Cache-Control header is required for all requests. @@ -2359,8 +2359,8 @@Visibility |
| X-Bunq-Client-Request-Id required | string This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer. |
| X-Bunq-Geolocation required | string This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued. |
| X-Bunq-Client-Authentication required | string The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call - |
| counter_user_alias required | object (Pointer_5b0ec481ab8e1) |
| draft_share_invite_bank_id | integer The id of the draft share invite bank. - |
| share_detail required | object (ShareDetail_5b0ec482f0883) |
| status required | string The status of the share. Can be PENDING, REVOKED (the user deletes the share inquiry before it's accepted), ACCEPTED, CANCELLED (the user deletes an active share) or CANCELLATION_PENDING, CANCELLATION_ACCEPTED, CANCELLATION_REJECTED (for canceling mutual connects). + |
| counter_user_alias required | object (Pointer_5b111061c79b4) |
| draft_share_invite_bank_id | integer The id of the draft share invite bank. + |
| share_detail required | object (ShareDetail_5b111062d0dcc) |
| status required | string The status of the share. Can be PENDING, REVOKED (the user deletes the share inquiry before it's accepted), ACCEPTED, CANCELLED (the user deletes an active share) or CANCELLATION_PENDING, CANCELLATION_ACCEPTED, CANCELLATION_REJECTED (for canceling mutual connects). |
| share_type | string The share type, either STANDARD or MUTUAL. |
| start_date | string The start date of this share. |
| end_date | string The expiration date of this share. @@ -2394,8 +2394,8 @@Visibility |
| X-Bunq-Client-Request-Id required | string This header must specify an ID with each request that is unique for the logged in user. There are no restrictions for the format of this ID. However, the server will respond with an error when the same ID is used again on the same DeviceServer. |
| X-Bunq-Geolocation required | string This header must specify the geolocation of the device. The format of this value is longitude latitude altitude radius country. The country is expected to be formatted of an ISO 3166-1 alpha-2 country code. When no geolocation is available or known the header must still be included but can be zero valued. |
| X-Bunq-Client-Authentication required | string The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call - |
| counter_user_alias required | object (Pointer_5b0ec481ab8e1) |
| draft_share_invite_bank_id | integer The id of the draft share invite bank. - |
| share_detail required | object (ShareDetail_5b0ec482f0883) |
| status required | string The status of the share. Can be PENDING, REVOKED (the user deletes the share inquiry before it's accepted), ACCEPTED, CANCELLED (the user deletes an active share) or CANCELLATION_PENDING, CANCELLATION_ACCEPTED, CANCELLATION_REJECTED (for canceling mutual connects). + |
| counter_user_alias required | object (Pointer_5b111061c79b4) |
| draft_share_invite_bank_id | integer The id of the draft share invite bank. + |
| share_detail required | object (ShareDetail_5b111062d0dcc) |
| status required | string The status of the share. Can be PENDING, REVOKED (the user deletes the share inquiry before it's accepted), ACCEPTED, CANCELLED (the user deletes an active share) or CANCELLATION_PENDING, CANCELLATION_ACCEPTED, CANCELLATION_REJECTED (for canceling mutual connects). |
| share_type | string The share type, either STANDARD or MUTUAL. |
| start_date | string The start date of this share. |
| end_date | string The expiration date of this share. @@ -2475,7 +2475,7 @@Visibility |
| avatar_attachment_uuid | string An AttachmentPublic UUID that used as an avatar for the TabItem. |
| tab_attachment | array A list of AttachmentTab attached to the TabItem. |
| quantity | string The quantity of the TabItem. Formatted as a number containing up to 15 digits, up to 15 decimals and using a dot. - |
| amount | object (Amount_5b0ec481a926d) |
After you’ve created a Tab using /tab-usage-single or /tab-usage-multiple you can add items and attachments using tab-item. You can only add or modify TabItems of a Tab which status is OPEN. The amount of the TabItems will not influence the total_amount of the corresponding Tab. However, if you've created any TabItems for a Tab the sum of the amounts of these items must be equal to the total_amount of the Tab when you change its status to PAYABLE/WAITING_FOR_PAYMENT.
+After you’ve created a Tab using /tab-usage-single or /tab-usage-multiple you can add items and attachments using tab-item. You can only add or modify TabItems of a Tab which status is OPEN. The amount of the TabItems will not influence the total_amount of the corresponding Tab. However, if you've created any TabItems for a Tab the sum of the amounts of these items must be equal to the total_amount of the Tab when you change its status to PAYABLE/WAITING_FOR_PAYMENT.
This is how the error response looks like for 4XX response codes
Get a collection of TabItems from a given Tab.
| userID required | integer |
| monetary-accountID required | integer |
| cash-registerID required | integer |
| tabUUID required | string |
| Cache-Control required | string The standard HTTP Cache-Control header is required for all requests. @@ -2500,7 +2500,7 @@Visibility |
| avatar_attachment_uuid | string An AttachmentPublic UUID that used as an avatar for the TabItem. |
| tab_attachment | array A list of AttachmentTab attached to the TabItem. |
| quantity | string The quantity of the TabItem. Formatted as a number containing up to 15 digits, up to 15 decimals and using a dot. - |
| amount | object (Amount_5b0ec481a926d) |
After you’ve created a Tab using /tab-usage-single or /tab-usage-multiple you can add items and attachments using tab-item. You can only add or modify TabItems of a Tab which status is OPEN. The amount of the TabItems will not influence the total_amount of the corresponding Tab. However, if you've created any TabItems for a Tab the sum of the amounts of these items must be equal to the total_amount of the Tab when you change its status to PAYABLE/WAITING_FOR_PAYMENT.
+After you’ve created a Tab using /tab-usage-single or /tab-usage-multiple you can add items and attachments using tab-item. You can only add or modify TabItems of a Tab which status is OPEN. The amount of the TabItems will not influence the total_amount of the corresponding Tab. However, if you've created any TabItems for a Tab the sum of the amounts of these items must be equal to the total_amount of the Tab when you change its status to PAYABLE/WAITING_FOR_PAYMENT.
This is how the error response looks like for 4XX response codes
Delete a specific TabItem from a Tab.
| userID required | integer |
| monetary-accountID required | integer |
| cash-registerID required | integer |
| tabUUID required | string |
| itemId required | integer |
| Cache-Control required | string The standard HTTP Cache-Control header is required for all requests. @@ -2583,13 +2583,13 @@Visibility |
| X-Bunq-Client-Authentication required | string The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call |
| description required | string The description of the TabUsageMultiple. Maximum 9000 characters. Field is required but can be an empty string. |
| status required | string The status of the TabUsageMultiple. On creation the status must be set to OPEN. You can change the status from OPEN to PAYABLE. If the TabUsageMultiple gets paid the status will remain PAYABLE. - |
| amount_total required | object (Amount_5b0ec481a926d) |
| allow_amount_higher | boolean [DEPRECATED] Whether or not a higher amount can be paid. + |
| amount_total required | object (Amount_5b111061c603a) |
| allow_amount_higher | boolean [DEPRECATED] Whether or not a higher amount can be paid. |
| allow_amount_lower | boolean [DEPRECATED] Whether or not a lower amount can be paid. |
| want_tip | boolean [DEPRECATED] Whether or not the user paying the Tab should be asked if he wants to give a tip. When want_tip is set to true, allow_amount_higher must also be set to true and allow_amount_lower must be false. |
| minimum_age | integer The minimum age of the user paying the Tab. |
| require_address | string Whether a billing and shipping address must be provided when paying the Tab. Possible values are: BILLING, SHIPPING, BILLING_SHIPPING, NONE, OPTIONAL. Default is NONE. |
| redirect_url | string The URL which the user is sent to after paying the Tab. - |
| visibility | object (TabVisibility_5b0ec48cbbb88) |
| expiration | string The moment when this Tab expires. Can be at most 365 days into the future. + |
| visibility | object (TabVisibility_5b11106ae9bfe) |
| expiration | string The moment when this Tab expires. Can be at most 365 days into the future. |
| tab_attachment | Array of object An array of attachments that describe the tab. Uploaded through the POST /user/{userid}/attachment-tab endpoint. |
TabUsageMultiple is a Tab that can be paid by multiple users. Just like the TabUsageSingle it is created with the status OPEN, the visibility can be defined in the visibility object and TabItems can be added as long as the status is OPEN. When you change the status to PAYABLE any bunq user can use the tab to make a payment to your account. After an user has paid your TabUsageMultiple the status will not change, it will stay PAYABLE. For example: you can create a TabUsageMultiple with require_address set to true. Now show the QR code of this Tab on your webshop, and any bunq user can instantly pay and order something from your webshop.
This is how the error response looks like for 4XX response codes
@@ -2613,13 +2613,13 @@The authentication token is used to authenticate the source of the API call. It is required by all API calls except for POST /v1/installation. It is important to note that the device and session calls are using the token from the response of the installation call, while all the other calls use the token from the response of the session-server call
| description required | string The description of the TabUsageMultiple. Maximum 9000 characters. Field is required but can be an empty string. |
| status required | string The status of the TabUsageMultiple. On creation the status must be set to OPEN. You can change the status from OPEN to PAYABLE. If the TabUsageMultiple gets paid the status will remain PAYABLE. - |
| amount_total required | object (Amount_5b0ec481a926d) |
| allow_amount_higher | boolean [DEPRECATED] Whether or not a higher amount can be paid. + |
| amount_total required | object (Amount_5b111061c603a) |
| allow_amount_higher | boolean [DEPRECATED] Whether or not a higher amount can be paid. |
| allow_amount_lower | boolean [DEPRECATED] Whether or not a lower amount can be paid. |
| want_tip | boolean [DEPRECATED] Whether or not the user paying the Tab should be asked if he wants to give a tip. When want_tip is set to true, allow_amount_higher must also be set to true and allow_amount_lower must be false. |
| minimum_age | integer The minimum age of the user paying the Tab. |
| require_address | string Whether a billing and shipping address must be provided when paying the Tab. Possible values are: BILLING, SHIPPING, BILLING_SHIPPING, NONE, OPTIONAL. Default is NONE. |
| redirect_url | string The URL which the user is sent to after paying the Tab. - |
| visibility | object (TabVisibility_5b0ec48cbbb88) |
| expiration | string The moment when this Tab expires. Can be at most 365 days into the future. + |
| visibility | object (TabVisibility_5b11106ae9bfe) |
| expiration | string The moment when this Tab expires. Can be at most 365 days into the future. |
| tab_attachment | Array of object An array of attachments that describe the tab. Uploaded through the POST /user/{userid}/attachment-tab endpoint. |
TabUsageMultiple is a Tab that can be paid by multiple users. Just like the TabUsageSingle it is created with the status OPEN, the visibility can be defined in the visibility object and TabItems can be added as long as the status is OPEN. When you change the status to PAYABLE any bunq user can use the tab to make a payment to your account. After an user has paid your TabUsageMultiple the status will not change, it will stay PAYABLE. For example: you can create a TabUsageMultiple with require_address set to true. Now show the QR code of this Tab on your webshop, and any bunq user can instantly pay and order something from your webshop.
This is how the error response looks like for 4XX response codes
@@ -2654,13 +2654,13 @@| merchant_reference | string The reference of the Tab, as defined by the owner. This reference will be set for any payment that is generated by this tab. Must be unique among all the owner's tabs for the used monetary account. |
| description required | string The description of the Tab. Maximum 9000 characters. Field is required but can be an empty string. |
| status required | string The status of the Tab. On creation the status must be set to OPEN. You can change the status from OPEN to WAITING_FOR_PAYMENT. - |
| amount_total required | object (Amount_5b0ec481a926d) |
| allow_amount_higher | boolean [DEPRECATED] Whether or not a higher amount can be paid. + |
| amount_total required | object (Amount_5b111061c603a) |
| allow_amount_higher | boolean [DEPRECATED] Whether or not a higher amount can be paid. |
| allow_amount_lower | boolean [DEPRECATED] Whether or not a lower amount can be paid. |
| want_tip | boolean [DEPRECATED] Whether or not the user paying the Tab should be asked if he wants to give a tip. When want_tip is set to true, allow_amount_higher must also be set to true and allow_amount_lower must be false. |
| minimum_age | integer The minimum age of the user paying the Tab. |
| require_address | string Whether a billing and shipping address must be provided when paying the Tab. Possible values are: BILLING, SHIPPING, BILLING_SHIPPING, NONE, OPTIONAL. Default is NONE. |
| redirect_url | string The URL which the user is sent to after paying the Tab. - |
| visibility | object (TabVisibility_5b0ec48cbbb88) |
| expiration | string The moment when this Tab expires. Can be at most 1 hour into the future. + |
| visibility | object (TabVisibility_5b11106ae9bfe) |
| expiration | string The moment when this Tab expires. Can be at most 1 hour into the future. |
| tab_attachment | Array of object An array of attachments that describe the tab. Uploaded through the POST /user/{userid}/attachment-tab endpoint. |
TabUsageSingle is a Tab that can be paid once. The TabUsageSingle is created with the status OPEN. Optionally you can add TabItems to the tab using /tab/_/tab-item, TabItems don't affect the total amount of the Tab. However, if you've created any TabItems for a Tab the sum of the amounts of these items must be equal to the total_amount of the Tab when you change its status to WAITING_FOR_PAYMENT. By setting the visibility object a TabUsageSingle with the status OPEN or WAITING_FOR_PAYMENT can be made visible to customers. As soon as a customer pays the TabUsageSingle its status changes to PAID, and it can't be paid again.
This is how the error response looks like for 4XX response codes
@@ -2695,13 +2695,13 @@| merchant_reference | string The reference of the Tab, as defined by the owner. This reference will be set for any payment that is generated by this tab. Must be unique among all the owner's tabs for the used monetary account. |
| description required | string The description of the Tab. Maximum 9000 characters. Field is required but can be an empty string. |
| status required | string The status of the Tab. On creation the status must be set to OPEN. You can change the status from OPEN to WAITING_FOR_PAYMENT. - |
| amount_total required | object (Amount_5b0ec481a926d) |
| allow_amount_higher | boolean [DEPRECATED] Whether or not a higher amount can be paid. + |
| amount_total required | object (Amount_5b111061c603a) |
| allow_amount_higher | boolean [DEPRECATED] Whether or not a higher amount can be paid. |
| allow_amount_lower | boolean [DEPRECATED] Whether or not a lower amount can be paid. |
| want_tip | boolean [DEPRECATED] Whether or not the user paying the Tab should be asked if he wants to give a tip. When want_tip is set to true, allow_amount_higher must also be set to true and allow_amount_lower must be false. |
| minimum_age | integer The minimum age of the user paying the Tab. |
| require_address | string Whether a billing and shipping address must be provided when paying the Tab. Possible values are: BILLING, SHIPPING, BILLING_SHIPPING, NONE, OPTIONAL. Default is NONE. |
| redirect_url | string The URL which the user is sent to after paying the Tab. - |
| visibility | object (TabVisibility_5b0ec48cbbb88) |
| expiration | string The moment when this Tab expires. Can be at most 1 hour into the future. + |
| visibility | object (TabVisibility_5b11106ae9bfe) |
| expiration | string The moment when this Tab expires. Can be at most 1 hour into the future. |
| tab_attachment | Array of object An array of attachments that describe the tab. Uploaded through the POST /user/{userid}/attachment-tab endpoint. |
TabUsageSingle is a Tab that can be paid once. The TabUsageSingle is created with the status OPEN. Optionally you can add TabItems to the tab using /tab/_/tab-item, TabItems don't affect the total amount of the Tab. However, if you've created any TabItems for a Tab the sum of the amounts of these items must be equal to the total_amount of the Tab when you change its status to WAITING_FOR_PAYMENT. By setting the visibility object a TabUsageSingle with the status OPEN or WAITING_FOR_PAYMENT can be made visible to customers. As soon as a customer pays the TabUsageSingle its status changes to PAID, and it can't be paid again.
This is how the error response looks like for 4XX response codes
@@ -2778,7 +2778,7 @@| name | string The company name. |
| public_nick_name | string The company's nick name. |
| avatar_uuid | string The public UUID of the company's avatar. - |
| address_main required | object (Address_5b0ec481abc72) |
| address_postal | object (Address_5b0ec481abc72) |
| language required | string The person's preferred language. Formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, seperated by an underscore. + |
| address_main required | object (Address_5b111061c7bc6) |
| address_postal | object (Address_5b111061c7bc6) |
| language required | string The person's preferred language. Formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, seperated by an underscore. |
| region required | string The person's preferred region. Formatted as a ISO 639-1 language code plus a ISO 3166-1 alpha-2 country code, seperated by an underscore. |
| country | string The country where the company is registered. |
| ubo | Array of object The names and birth dates of the company's ultimate beneficiary owners. Minimum zero, maximum four. @@ -2786,7 +2786,7 @@Visibility |
| status | string The user status. Can be: ACTIVE, SIGNUP, RECOVERY. |
| sub_status | string The user sub-status. Can be: NONE, FACE_RESET, APPROVAL, APPROVAL_DIRECTOR, APPROVAL_PARENT, APPROVAL_SUPPORT, COUNTER_IBAN, IDEAL or SUBMIT. |
| session_timeout | integer The setting for the session timeout of the company in seconds. - |
| daily_limit_without_confirmation_login | object (Amount_5b0ec481a926d) |
| notification_filters | Array of object The types of notifications that will result in a push notification or URL callback for this UserCompany. + |
| daily_limit_without_confirmation_login | object (Amount_5b111061c603a) |
| notification_filters | Array of object The types of notifications that will result in a push notification or URL callback for this UserCompany. |
With UserCompany you can retrieve information regarding the authenticated UserCompany and update specific fields.
Notification filters can be set on a UserCompany level to receive callbacks. For more information check the dedicated callbacks page.
This is how the error response looks like for 4XX response codes
The person's middle name.
The person's last name.
The person's public nick name.
-The public UUID of the user's avatar.
+The public UUID of the user's avatar.
The user's tax residence numbers for different countries.
The type of identification document the person registered with.
The identification document number the person registered with.
@@ -2827,15 +2827,15 @@The person's gender. Can be: MALE, FEMALE and UNKNOWN.
The user status. You are not allowed to update the status via PUT.
The user sub-status. Can be updated to SUBMIT if status is RECOVERY.
-The setting for the session timeout of the user in seconds.
+The setting for the session timeout of the user in seconds.
Card ids used for centralized card limits.
The centralized limits for user's cards.
-The types of notifications that will result in a push notification or URL callback for this UserPerson.
+The types of notifications that will result in a push notification or URL callback for this UserPerson.
With UserPerson you can retrieve information regarding the authenticated UserPerson and update specific fields.
Notification filters can be set on a UserPerson level to receive callbacks. For more information check the dedicated callbacks page.
This is how the error response looks like for 4XX response codes