Security & Access
Wise uses standard OAuth 2.0 protocol for authentication and authorization.
Once our partnership begins, we’ll send you API access credentials for the sandbox environment consisting of a Client ID and a Client Secret. The credentials are needed to either create users over API or complete the authorization_code OAuth 2.0 grant type through which the customer will allow your application access to their account.
The Client secret is a very sensitive piece of data as it could be used to impersonate your institution on the Wise Platform API. It should be handled and stored with the upmost care, seen by as few people as possible and stored in a secure secret storage solution, preferably away from any other Wise data such as user API access tokens.
We also need redirect_url from your technical team which is used to forward users to after successfully granting your application access to their Wise account. Specifying this explicitly makes the integration more secure. This article about OAuth 2.0 framework is a great way to refresh your knowledge about the protocol itself.
In order to perform actions on behalf of a customer you need to create a new or link an existing Wise account.
Personal tokens are meant to be used to access the API on behalf of your own Wise account.
Follow the guides below to make your integration with Wise API more secure.
Learn about how Wise implements JOSE signing and encryption along with mTLS to support stronger security in API calls and webhooks.
Strong customer authentication and two factor authentication is required in important payment flow steps. Learn how to handle requests that require it.
Was this section helpful?