These endpoints are deprecated. Please refer to strong-customer-authentication section to integrate with SCA.
User security allow users to set up security related protections over API.
A resource used to define phone number stored in Wise.
ID of the phone number
A text representation of phone number.
Type of phone number when used in authentication.
Only PRIMARY is supported at the moment.
Indicator if phone number is verified.
Note that only verified phone number will be used as a form of authentication.
Client ID of which this phone number belongs to.
{
"id": 1230944,
"phoneNumber": "+6588888888",
"type": "PRIMARY",
"verified": true,
"clientId": "clientId"
}POST /v1/user/pin
Create PIN for a user as a form of authentication.
Can be used to verify pin when accessing a strongly protected endpoint via One Time Token Framework.
A four digits string.
Possible HTTP status codes
PIN is created successfully.
PIN has already been created.
curl -X POST \
https://api.sandbox.transferwise.tech/v1/user/pin \
-H 'Authorization: Bearer <your api token>' \
-H 'Accept: application/jose+json' \
-H 'Accept-Encoding: identity' \
-H 'Content-Type: application/jose+json' \
-H 'Content-Encoding: identity' \
-H 'X-TW-JOSE-Method: jwe' \
-d 'eyJlbmMiOiJBMjU2R0NNIiwi...'eyJlbmMiOiJBMjU2R0NNIiwi...DELETE /v1/users/{{userId}}/pin
Can be used to remove the PIN from the user's account.
User ID.
Possible HTTP status codes
PIN is deleted successfully.
PIN is not setup for this user.
curl -X DELETE \
https://api.sandbox.transferwise.tech/v1/users/{{userId}}/pin \
-H 'Authorization: Bearer <your client credentials token>' {
"errors": [{
"code": "pin.not.setup",
"message": "PIN has not been setup."
}]
}POST /v1/user/facemap/enrol
Enrol FaceMap: Facial biometric enrolment for Strong Customer Authentication (SCA).
Can be used to verify facemap when accessing a strongly protected endpoint via One Time Token Framework.
Base64-encoded binary data as a string.
For more details how to get this binary, please read FaceTec's export API.
To retrieve Wise's FaceTec public key, please refer to our FaceTec's Get Public Key API.
Possible HTTP status codes
Enrollment is successful.
FaceMap has already been enrolled.
curl -X POST \
https://api.sandbox.transferwise.tech/v1/user/facemap/enrol \
-H 'Authorization: Bearer <your api token>' \
-d '{
"faceMap": "<encrypted_face_map_in_base64_string>"
}'DELETE /v1/users/{{userId}}/facemap/enrol
Can be used to remove the FaceMap from the user's account.
User ID.
Possible HTTP status codes
FaceMap is deleted successfully.
FaceMap is not setup for this user.
curl -X DELETE \
https://api.sandbox.transferwise.tech/v1/users/{{userId}}/facemap/enrol \
-H 'Authorization: Bearer <your client credentials token>' {
"errors": [{
"code": "facemap.not.setup",
"message": "FaceMap has not been setup."
}]
}POST /v1/user/partner-device-fingerprints
A device fingerprint represents a string that identifies a unique device.
This endpoint is used to register the fingerprint of the device as one of the allowed devices used during an One Time Token (OTT) challenge.
This can be used to verify device fingerprint when clearing a OTT.
A string that is used as a device fingerprint
Identifier of the device fingerprint
Timestamp on when the device fingerprint was created
Possible HTTP status codes
The device fingerprint has been successfully created.
The device fingerprint has already been created.
Maximum number of device fingerprints reached (defaulted to 3).
curl -X POST \
'https://api.sandbox.transferwise.tech/v1/user/partner-device-fingerprints' \
-H 'Authorization: Bearer <your api token>' \
-H 'Content-Type: application/jose+json' \
-H 'X-TW-JOSE-Method: jwe' \
-H 'Accept: application/jose+json' \
-H 'Accept-Encoding: *' \
-d '{
"deviceFingerprint": "3207da22-a0d3-4b6b-a591-6297e646fe32"
}'{
"deviceFingerprintId": "636a5514-aa86-4719-8700-e9a9a0ae7ea7",
"createdAt": "2024-05-24T07:27:58.273205554Z"
}POST /v1/users/{{userId}}/partner-device-fingerprints
Returns a list of device fingerprints created for this user.
curl -X POST \
'https://api.sandbox.transferwise.tech/v1/users/{{userId}}/partner-device-fingerprints' \
-H 'Authorization: Bearer <your client credentials token>'Identifier of the device fingerprint
Timestamp on when the device fingerprint was created
The user is not found
{
[
{
"deviceFingerprintId": "636a5514-aa86-4719-8700-e9a9a0ae7ea7",
"createdAt": "2024-05-24T07:27:58.273205554Z"
}
]
}DELETE /v1/users/{{userId}}/partner-device-fingerprints/{{deviceFingerprintId}}
Can be used to remove a specific device fingerprint from the allowed devices of a user.
Device fingerprint ID.
Possible HTTP status codes
Device fingerprint has been successfully removed.
User or deviceFingerprintId is not found.
curl -X DELETE \
https://api.sandbox.transferwise.tech/v1/users/{{userId}}/partner-device-fingerprints/{{deviceFingerprintId}} \
-H 'Authorization: Bearer <your client credentials token>' GET /v1/application/users/{{userId}}/phone-numbers
List verified phone numbers for a user.
User ID.
Returns a list of phone numbers.
curl -X GET \
https://api.sandbox.transferwise.tech/v1/application/users/{{user_id}}/phone-numbers \
-H 'Authorization: Bearer <your api token>'[
{
"id": 1230944,
"phoneNumber": "+6588888888",
"type": "PRIMARY",
"verified": true,
"clientId": "clientId"
}
]POST /v1/application/users/{{userId}}/phone-numbers
Create a verified phone number for a user.
A valid phone number in string.
Returns phone number
The phone number is already associated with another account.
To authenticate users and prevent unauthorized access, we require each user to have a unique phone number that can be verified.
curl -X POST \
https://api.sandbox.transferwise.tech/v1/application/users/{{user_id}}/phone-numbers \
-H 'Authorization: Bearer <your api token>' \
-d '{
"phoneNumber": "+6588888888"
}'{
"id": 1230944,
"phoneNumber": "+6588888888",
"type": "PRIMARY",
"verified": true,
"clientId": "clientId"
}{
"errors": [{
"code": "phone.number.repeated",
"message": "It's linked to an account with the email ****@wise.com"
}]
}PUT /v1/application/users/{{userId}}/phone-numbers/{{phoneNumberId}}
Update a verified phone number for a user.
A valid phone number in string.
Returns phone number
The phone number is already associated with another account.
To authenticate users and prevent unauthorized access, we require each user to have a unique phone number that can be verified.
curl -X PUT \
https://api.sandbox.transferwise.tech/v1/application/users/{{user_id}}/phone-numbers/{{phoneNumberId}} \
-H 'Authorization: Bearer <your api token>' \
-d '{
"phoneNumber": "+6588888888"
}'{
"id": 1230944,
"phoneNumber": "+6588888888",
"type": "PRIMARY",
"verified": true,
"clientId": "clientId"
}{
"errors": [{
"code": "phone.number.repeated",
"message": "It's linked to an account with the email ****@wise.com"
}]
}DELETE /v1/application/users/{{userId}}/phone-numbers/{{phoneNumberId}}
Deletes a verified phone number for a user.
No Content.
curl -X DELETE \
https://api.sandbox.transferwise.tech/v1/application/users/{{user_id}}/phone-numbers/{{phoneNumberId}} \
-H 'Authorization: Bearer <your api token>'