# Security & Access Learn how Wise Platform handles security. Wise supports two ways to authenticate to the Wise Platform API. 1. Use a personal API token if you’re a small business user automating your own Wise account. 2. Use OAuth 2.0 if you’re a partner building for end customers or a large enterprise. ## Personal API token (Small Business Users) A personal token authenticates requests for a single Wise.com user and has limited API access compared to OAuth credentials. To generate an API token, go to Wise.com and select your business profile. Then go to *Your Account > Integrations and Tools > API tokens > Add new Token* (2‑step login is required). You can then pass this token with `Authorization: Bearer token` in your API calls. Important personal token limitations Some endpoints and actions aren’t available with personal tokens. EU/UK: Due to PSD2, you cannot fund transfers or view balance statements via API with a personal token. If you are not sure which method to use, contact your CSM to confirm your correct auth type. ## OAuth 2.0 (Partners & Enterprises) Wise uses standard OAuth 2.0 protocol for partner authentication and authorisation. Once our partnership begins, we’ll send you API access credentials for the sandbox environment consisting of a Client ID and a Client Secret. These credentials are required to either create users over API or complete the `authorization_code` OAuth 2.0 grant type through which the customer will allow your application access to their account. Keep your Client Secret Safe The Client Secret is highly sensitive data that can impersonate your institution on the Wise Platform API. Handle it with utmost care, limit access, and store it securely. We also need the `redirect_url` from your technical team, which we forward users to after successfully granting your application access to their Wise account. Specifying this explicitly makes the integration more secure. [This article about OAuth 2.0 framework](https://auth0.com/docs/protocols/oauth2) is a great way to refresh your knowledge about the protocol. ## Enhanced security Wise takes security as a paramount concern in its APIs, employing technologies like mTLS (mutual TLS), JOSE (JSON Object Signing and Encryption), and Strong Customer Authentication (SCA) and 2FA to further secure communications. Follow the guides below to make your integration with Wise API more secure: mTLS Set up mTLS to support stronger security in API calls and webhooks. JOSE Implement JWS, JWE, or JWS+JWE enhanced security for your integration. SCA & 2FA Set up strong customer authentication and two factor authentication.