User Security

User security allow users to set up security related protections over API.

Endpoints
POST/v1/user/pin
POST/v1/user/facemap/enrol
DELETE/v1/users/{{userId}}/pin
DELETE/v1/users/{{userId}}/facemap/enrol
POST/v1/users/pin - Deprecated
POST/v1/users/facemap/enrol - Deprecated
POST/v1/user/phone-numbers
GET/v1/user/phone-numbers
PUT/v1/user/phone-numbers/{{phoneNumberId}}
DELETE/v1/user/phone-numbers/{{phoneNumberId}}

Create PIN

POST /v1/user/pin

Notes:

  1. POST /v1/users/pin will be deprecated soon.
  2. Please use the new endpoint /v1/user/pin instead.
The Create PIN API is currently in closed Beta and subject to change. Please speak with your implementation manager if you would like to use this API

Create PIN for a user as a form of authentication.

Can be used to verify pin when accessing a strongly protected endpoint via One Time Token Framework.

Request

pintext

A four digits string.

Response

Possible HTTP status codes

204 - No Content

PIN is created successfully.

409 - Conflict

PIN has already been created.

Example Request
curl -X POST https://api.sandbox.transferwise.tech/v1/user/pin \
     -H 'Authorization: Bearer <your api token>' 
     -d '{
        "pin": "1111"
     }'

Delete PIN

DELETE /v1/users/{{userId}}/pin

Can be used to remove the PIN from the user's account, allowing them to reset their PIN using Create PIN API.

This endpoint is restricted and requires both an application token and additional access to use. Please speak with your implementation manager if you would like to use this API

Path Variable

userIdtext

User ID.

Response

Possible HTTP status codes

204 - No Content

PIN is deleted successfully.

404 - PIN Not Setup

PIN is not setup for this user.

Example Request
curl -X DELETE https://api.sandbox.transferwise.tech/v1/users/1234/pin \
     -H 'Authorization: Bearer <your api token>'
Response - PIN Not Setup (404)
{
  "errors": [{
    "code": "pin.not.setup",
    "message": "PIN has not been setup."
  }]
}

Enrol FaceMap

POST /v1/user/facemap/enrol

Notes:

  1. POST /v1/users/facemap/enrol will be deprecated soon.
  2. Please use the new endpoint /v1/user/facemap/enrol instead.
The Enrol FaceMap API is currently in closed Beta and subject to change. Please speak with your implementation manager if you would like to use this API

Enrol FaceMap: Facial biometric enrolment for Strong Customer Authentication (SCA).

Can be used to verify facemap when accessing a strongly protected endpoint via One Time Token Framework.

Request

faceMaptext

Base64-encoded binary data as a string.

For more details how to get this binary, please read FaceTec's export API.

To retrieve Wise's FaceTec public key, please refer to our FaceTec's Get Public Key API.

Response

Possible HTTP status codes

204 - No Content

Enrollment is successful.

409 - Conflict

FaceMap has already been enrolled.

Example Request
curl -X POST https://api.sandbox.transferwise.tech/v1/user/facemap/enrol \
     -H 'Authorization: Bearer <your api token>' 
     -d '{
        "faceMap": "<encrypted_face_map_in_base64_string>"
     }'

Delete FaceMap

DELETE /v1/users/{{userId}}/facemap/enrol

Can be used to remove the FaceMap from the user's account, allowing them to redo FaceMap enrolment using Enrol FaceMap API.

This endpoint is restricted and requires both an application token and additional access to use. Please speak with your implementation manager if you would like to use this API

Path Variable

userIdtext

User ID.

Response

Possible HTTP status codes

204 - No Content

FaceMap is deleted successfully.

404 - FaceMap Not Setup

FaceMap is not setup for this user.

Example Request
curl -X DELETE https://api.sandbox.transferwise.tech/v1/users/1234/facemap/enrol \
     -H 'Authorization: Bearer <your api token>'
Response - FaceMap Not Setup (404)
{
  "errors": [{
    "code": "facemap.not.setup",
    "message": "FaceMap has not been setup."
  }]
}

Create Phone Number

POST /v1/user/phone-numbers

The Create Phone number API is SCA protected
Learn more

Create Phone number for a user.

Request

phoneNumbertext

A valid phone number.

typetext

Phone Number type (PRIMARY)

revokeTokensboolean

Revoke user tokens

Response

Possible HTTP status codes

200 - OK

Phone Number is created successfully.

400 - Bad Request

Invalid phone number | Invalid phone number type.

403 - Forbidden

SCA challenge is not passed.

429 - Too Many Requests

If time base rate limit is exceeded.

Example Request
curl -X POST https://api.sandbox.transferwise.tech/v1/user/phone-numbers \
     -H 'Authorization: Bearer <your api token>' 
     -d '{
        "phoneNumber": "+44**********",
        "type": "PRIMARY",
        "revokeTokens": false
     }'
Example Response - OK (200)
{
    "id":1,
    "phoneNumber": "+44**********",
    "type": "PRIMARY",
    "verified": true
}

Get Phone Numbers

GET /v1/user/phone-numbers

Get Phone numbers for a user.

Response

Possible HTTP status codes

200 - OK

Get Phone Number is created successfully.

403 - Forbidden

Invalid Authorization token.

Example Request
curl -X GET https://api.sandbox.transferwise.tech/v1/user/phone-numbers \
     -H 'Authorization: Bearer <your api token>'
Example Response - OK (200)
[
    {
        "id":1,
        "phoneNumber": "+44**********",
        "type": "PRIMARY",
        "verified": true
    }
]

Update Phone Number

PUT /v1/user/phone-numbers/{{phoneNumberId}}

The Update Phone number API is SCA protected
Learn more

Update Phone number for a user.

Path Variable

phoneNumberIdtext

Id of user's existing phone number

Request

phoneNumbertext

A valid phone number.

Response

Possible HTTP status codes

200 - OK

Phone Number is created successfully.

400 - Bad Request

Invalid phone number | Invalid phone number type.

403 - Forbidden

SCA challenge is not passed.

Example Request
curl -X PUT https://api.sandbox.transferwise.tech/v1/user/phone-numbers/{{phoneNumberId}} \
     -H 'Authorization: Bearer <your api token>' 
     -d '{
        "phoneNumber": "+44**********"
     }'
Example Response - OK (200)
{
    "id":1,
    "phoneNumber": "+44**********",
    "type": "PRIMARY",
    "verified": false
}

Remove Phone Number

DELETE /v1/user/phone-numbers/{{phoneNumberId}}

Delete Phone number for a user.

Path Variable

phoneNumberIdtext

Id of user's existing phone number

Response

Possible HTTP status codes

200 - OK

Phone Number is created successfully.

403 - Forbidden

Invalid Authorization token.

404 - Not Found

User phone number is not found.

Example Request
curl -X DELETE https://api.sandbox.transferwise.tech/v1/user/phone-numbers/{{phoneNumberId}} \
     -H 'Authorization: Bearer <your api token>'
Example Response - Not Found (404)
{
    "errors":[{"code":"phone.number.not.found"}]
}