API Authentication

Securing access to our API is essential. This section explains the supported authentication method and best practices for keeping your credentials safe.

The Wise API utilizes Basic Authentication for API access. This method leverages a userId and api_key to verify your developer account and grant authorization for API calls.

Authentication Flow:

Here's a breakdown of how to include your credentials in API requests:

  1. Encode Credentials: Combine your userId and api_key separated by a colon (:). Encode this combined string using Base64 encoding. You can find online tools or libraries in your chosen programming language to handle Base64 encoding.

  2. Construct Authorization Header: Create an Authorization header using the Basic authentication scheme followed by a space and the Base64 encoded credentials from step 1. The format should look like this: Authorization: Basic <Base64_Encoded_Credentials>.

  3. Include Header in API Requests: When making API calls using your preferred method (REST client or code), include the constructed Authorization header in your request.

Additional Properties required in APIs

  • host: All APIs should be sent to api.wiseapp.live

  • user_id: The account owner's user UUID

  • api_key: API key for authentication and used in x-api-key in the API Headers

  • institute_id: A UUID generated for your institute

  • namespace: Your sub-domain that you choose while creating your institute. For subdomain, xyz.wise.live the namespace is xyz

  • user-agent: This is required in the headers for each API call. The user-agent should be be VendorIntegrations/{{namespace}}

Security Considerations:

  • Never share your API credentials publicly: These credentials grant access to your developer account and the functionalities you have authorized. Keep them confidential.

  • Store credentials securely: Avoid storing your client ID and client secret directly in your code. Consider environment variables or secure configuration files for sensitive information.

  • Consider token-based authentication (future): We are continually evaluating security best practices. In the future, we may introduce token-based authentication methods for enhanced security. Stay tuned for updates in the documentation.

Postman Collection for all Wise APIs

PreviousGetting Started with Wise APIsNextAPI Endpoints

Last updated