Search...
Log inGet started
Airwallex logo
Home
Core API
Payments
Transactional FX
Payouts
Issuing
Embedded Finance
Global Treasury
Banking as a Service
Payments for Platforms
Developer Tools
Trust Center
Business Account Help Center
API Reference
Back to home
OverviewUnderstanding Banking as a ServiceMarket & infrastructure coverage
Get started
Global Accounts
Held balances
Funds movement
Cards
Connected accounts
Risk
Compliance Support
Compliance requirementsStrong Customer Authentication (SCA)
SCA for funds transfers
SCA for transaction data retrievalEmbedded SCA componentSCA exemptions
Mentions of Airwallex in Platform's user interfaces
Platform operations
Reporting
Test and go live

SCA for funds transfers

SCA will be enforced when the platform's user initiates funds transfers unless SCA exemptions apply. After the user successfully completes two-factor authentication, Airwallex will issue a one-time SCA token that expires in five minutes. The user can use this token for a single operation before it expires.

The following Airwallex endpoints used for funds transfers are subject to SCA.

  • Initiating payment transactions

    • POST /api/v1/transfers/create
    • POST /api/v1/wallet_transfers/create
    • POST /api/v1/batch_transfers/{id}/submit
    • POST /api/v1/connected_account_transfers/create

  • Adding beneficiaries

    • POST /api/v1/beneficiaries/create

  • Updating beneficiaries

    • POST /api/v1/beneficiaries/update/{beneficiary_id}

  • Accessing card details

    • GET /api/v1/issuing/cards/{id}/details
    • POST /api/v1/issuing/pantokens/create

This integration guide describes how to handle SCA enforcement for payouts using Airwallex's Embedded SCA component.

Step 1: Create a payout

Airwallex Payouts allows platform's customers to easily move funds across the globe to their suppliers, employees, contractors and/or own bank accounts.

After preparing the required beneficiary information, call Create a new payment API with the beneficiary and transaction information (currency, amount, date, reference) to create a payout.

SCA exemptions will apply to payouts created using the beneficiary_id of a saved beneficiary. The trusted beneficiary exemption is currently not supported by the SCA component but will be made available soon.

When SCA is enforced, the x-sca-session-code response header will be returned with the following error message.

JSON

Step 2: Initialize and add the SCA Component

If a x-sca-session-code response header is returned for a payout request, you must initialize the Components SDK and embed the SCA verify flow into your page.

Note that to create the SCA component for the verify flow, you must specify the following in createElement(type, options):

  • type as scaVerify
  • options properties must include userEmail and scaSessionCode
JavaScript

For more information on how to initialize the Components SDK and add the component to your page, see Embedded SCA component.

After the user is authenticated successfully using two-factor authentication, the SDK will return a success event verificationSucceed. The client side receives a one-time SCA token in the response. This token must be used in the subsequent request to complete the action.

JavaScript

Step 3: Use one-time SCA token in the payout request

Call Create a new payment API again by specifying the one-time SCA token in the x-sca-token request header. Note that the one-time SCA token is specific to the given payout and will only remain valid for five minutes.

Shell
Example request
On this page