Wise API users in the UK / Europe / EEA need to satisfy a Strong Customer Authentication (SCA) challenge from Wise when they are moving money or reading account statements. This is an additional security check to comply with the 2nd Payment Services Directive (PSD2) regulation.
How it works is that a standard API call to pull an account statement will fail with HTTP 403 and an 'x-2fa-approval' header with a one-time-token value. The user will need to sign the one-time-token with a private key that corresponds to a public key uploaded to their Wise account. They can then retry the same request including the signed header and the request can succeed.
- Read the Wise API documentation, generate your keypair and upload your public key.
- Add your profile ID, borderless account ID, and private key file path to the script.
- Add your API token as an env var with key: API_TOKEN
$ export API_TOKEN=<YOUR API TOKEN HERE>
- Run the script (go, python, java)
Source code: get-statements-sca.go
$ go run get-statements-sca.go
Source code: get-statements-sca.py
$ python3 get-statements-sca.py
Source code: https://github.com/transferwise/digital-signatures