User Tokens
User tokens allow your system to make API calls on behalf of a Wise user.
Access tokens are short-lived API tokens used to access Wise customer API resources.
Refresh tokens are long-lived API tokens that are used to generate access tokens.
User Tokens resource
Access token to be used when calling API endpoints on behalf of user. Valid for 12 hours.
"bearer"
Refresh token which you need to use in order to request new access_token. The lifetime of refresh tokens is 20 years.
Expiry time in seconds
"transfers"
Creation time in ISO 8601 format
{"access_token": "01234567-89ab-cdef-0123-456789abcdef","token_type": "bearer","refresh_token": "01234567-89ab-cdef-0123-456789abcdef","expires_in": 43199,"scope": "transfers","created_at": "2020-01-01T12:33:33.12345Z"}
Retrieve user tokens with registration code
POST /oauth/token
You can now use registration code to obtain user access token and refresh token.
"registration_code"
New user's email address
Your API client_id
registrationCode from step 2
Response
Returns a user tokens object
curl -X POST https://api.sandbox.transferwise.tech/oauth/token \-H 'Content-Type: application/x-www-form-urlencoded' \-U '<api-client-id>:<api-client-secret>' \-d '{"grant_type": "registration_code","email": test@wise.com,"client_id": {{clientId}},"registration_code": <registration code used to create user>}'
{"error": "invalid_grant","error_description": "Invalid user credentials."}
Retrieve user tokens with authorization code
POST /oauth/token
You can now use authorization code to obtain user access token and refresh token.
"authorization_code"
Your API client_id
Authorization code provided to you upon redirect back from the authorization flow.
Redirect URL associated with your API client credentials.
Response
Returns a user tokens object
curl -X POST https://api.sandbox.transferwise.tech/oauth/token \-U '<api-client-id>:<api-client-secret>' \-d '{"grant_type": "authorization_code","client_id": {{clientId}},"code": {{code from redirect uri}},"redirect_uri": "https://www.yourapp.com"}'
Retrieve user tokens with refresh token
POST /oauth/token
Access tokens are valid for 12 hours, so upon expiry you need to use the refresh token to generate a new access token.
In order to maintain an uninterrupted connection, you can request a new access token whenever it’s close to expiring. There is no need to wait for the actual expiration to happen first.
Depending on how your application uses the Wise Platform API, you may find that requesting a new access token before attempting a series of API calls on behalf of an individual user will avoid issues with expired access tokens.
"refresh_token"
User's refresh token obtained from creating or linking to a Wise user.
Response
Returns a user tokens object
curl -X POST https://api.sandbox.transferwise.tech/oauth/token \-U '<api-client-id>:<api-client-secret>' \-d '{"grant_type": "refresh_token","refresh_token": {{refresh token}}}'