Search...
Log inGet started
Airwallex logo
Home
Core API
Payments
Transactional FX
Payouts
Issuing
Back to home
OverviewUnderstanding Payments for PlatformsChoose your Payments for Platforms solution
Use cases
Hold & convert funds
Compliance Support
Compliance requirementsStrong Customer Authentication (SCA)
SCA for funds transfersSCA for transaction data retrieval
Embedded SCA componentSCA exemptions
Mentions of Airwallex in Platform's user interfaces

SCA for transaction data retrieval

SCA will be enforced when a platform user attempts to access sensitive data such as the account balance or transaction data generated within the last 90 days unless SCA exemptions apply.

After the user successfully completes two-factor authentication, Airwallex will issue:

  • a short-lived SCA token (expires in five minutes), which the user can use multiple times to perform one or more sensitive operations until it expires.
  • a multi-use refresh token (expires in 180 days) bound to the device, which Airwallex automatically exchanges for a new SCA token if the SCA token expires.

The following Airwallex transaction data endpoints are subject to SCA.

  • Get current balance
    • GET /api/v1/balances/current
  • Get payment transactions
    • GET /api/v1/balances/history
    • GET /api/v1/financial_transactions
    • GET /api/v1/financial_transactions/{id}
    • GET /api/v1/issuing/transactions
    • GET /api/v1/issuing/transactions/{id}
    • GET /api/v1/transfers
    • GET /api/v1/transfers/{transfer_id}
    • GET /api/v1/wallet_transfers
    • GET /api/v1/wallet_transfers/{wallet_transfer_id}
    • GET /api/v1/batch_transfers
    • GET /api/v1/batch_transfers/{id}
    • GET /api/v1/connected_account_transfers
    • GET /api/v1/connected_account_transfers/{id}

This integration guide describes how to handle SCA enforcement for account balance or transaction retrieval using Airwallex's Embedded SCA component.

Note that retrieving account balance and transaction data can be exempt from SCA if SCA has been completed within the past 180 days.

Step 1: Initialize the Components SDK

Initialize the Components SDK to handle SCA for the user. For information, see Embedded SCA component.

Step 2: Retrieve the SCA token from the SDK

Before adding the SCA component for two-factor authentication, you must check if a valid SCA token can be retrieved from the SDK from a previous SCA flow. Airwallex automatically handles the process of exchanging a refresh token for a new SCA token. The returned short-lived SCA token in the response must be used in the account balance and transaction data request to complete the action. See Step 4.

If a valid SCA token cannot be retrieved from the SDK, i.e., if it's a new device or the refresh token has expired, add the SCA component to re-authenticate the user. See Step 3.

JavaScript

PfP Step 3: Add the SCA component to your page (Copy Id:4279)

If the SCA token is unavailable or for a first-time user, embed the SCA verify flow into your page by specifying type as scaVerify in createElement(type, options) method. For more information on how to add the component to your page, see Embedded SCA component.

After the user is successfully authenticated using two-factor authentication, the SDK will return a success event verificationSucceed. The client side receives a short-lived SCA token and a refresh token. Retrieve the SCA token and use it in the account details and transaction data requests to complete the action.

JavaScript

Step 4: Retrieve account balance and transactions using SCA token

Call Get current balances API by specifying the one-time SCA token in the x-sca-token request header to view the connected account’s current balance.

Shell

Call Get balance history API by specifying the one-time SCA token in the x-sca-token request header to view the connected account’s transaction history.

Shell
On this page