Skip to content

Wise Business API Token

Service Name: Wise (formerly TransferWise)

Service Description: Wise is a global technology company building the best way to move money around the world. Their API allows businesses to integrate with Wise's payment infrastructure to send, receive, and manage international payments.

Service Address: https://wise.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the Wise Business API settings for enhanced security.

Secret Access Scope: Grants programmatic access to Wise Business account features including creating transfers, managing recipients, viewing balances, and handling transactions.

Secret Revokement URL: https://api-docs.wise.com/#authentication-revoke-a-token

Secret Example: a123b456c789d0123e456f789g0123h456i789j0123k456l789m0123n456o789p

Suspicious Activity Investigation Instructions:

  • Review the Wise Business dashboard for unauthorized transfers or recipient additions.
  • Check API logs for unusual API calls, especially those related to money transfers.
  • Monitor for unexpected changes to recipient information or transfer patterns.
  • Review IP addresses that have accessed the API for any unfamiliar locations.
  • Check for unusual transfer amounts or frequencies that deviate from normal business patterns.

Mitigation Instructions:

  • Immediately revoke the compromised token through the Wise Developer Portal or via API call.
  • Generate a new API token with appropriate permissions.
  • Update all applications and services using the old token with the new one.
  • Review and adjust IP restrictions to limit API access to known, trusted IP addresses.
  • Enable additional security features like webhook notifications for sensitive operations.
  • Review and potentially reduce the scope of permissions granted to API tokens.
  • Consider implementing a token rotation policy for regular security maintenance.