Airwallex logo
Airwallex logoAirwallex logo

Get started

Copy for LLMView as Markdown

To authenticate with the Partner API, use OAuth, a partner access token, or HTTP Basic authentication, depending on your use case.

OAuth

OAuth is for applications that access Airwallex client accounts on behalf of authorized users. It uses the standard authorization code flow , with optional PKCE support for public clients.

To use OAuth, register your application by contacting [email protected]. You will be issued a client_id and client_secret.

1. Redirect the user to the authorization endpoint

Send the user to the authorization URL to start the consent flow. On approval, Airwallex redirects to your redirect_uri with an authorization code.

1https://airwallex.com/oauth/authorize
2 ?response_type=code
3 &client_id=YOUR_CLIENT_ID
4 &redirect_uri=YOUR_REDIRECT_URI
5 &scope=YOUR_SCOPE
6 &state=YOUR_STATE

2. Exchange the code for an access token

POST the authorization code to the token endpoint. A successful response returns an access_token and a refresh_token.

Example token request
1curl --request POST \
2 --url 'https://api-demo.airwallex.com/oauth/token' \
3 --header 'Content-Type: application/json' \
4 --data '{
5 "client_id": "YOUR_CLIENT_ID",
6 "client_secret": "YOUR_CLIENT_SECRET",
7 "code": "AUTH_CODE",
8 "grant_type": "authorization_code",
9 "redirect_uri": "YOUR_REDIRECT_URI"
10 }'

3. Call the Client API on behalf of the user

Include the access token as a Bearer token in the Authorization header to call Client API endpoints on behalf of the authorized user.

Example API call
1curl --request GET \
2 --url 'https://api-demo.airwallex.com/api/v1/...' \
3 --header 'Authorization: Bearer YOUR_ACCESS_TOKEN'

Partner API access token

Partner API access tokens are for applications that call Partner API endpoints directly, such as lending or factoring APIs, without requiring user authorization. Authenticate using your x-app-id and x-app-secret to obtain a bearer token, which is valid for 30 minutes.

Include the token as a Bearer token in the Authorization header for subsequent Partner API calls.

Example request
1curl --request POST \
2 --url 'https://api-demo.airwallex.com/partner-api/v1/authentication/login' \
3 --header 'Content-Type: application/json' \
4 --header 'x-app-id: YOUR_APP_ID' \
5 --header 'x-app-secret: YOUR_APP_SECRET'
Example response
1{
2 "token": "eyJhbGciOiJIUzI1NiJ9...",
3 "expires_at": "2026-05-27T00:00:00+0000"
4}

HTTP Basic

Basic authentication is for server-to-server calls that do not require user authorization — for example, managing Partner Webhooks. Use HTTP Basic authentication : encode your client_id and client_secret as a Base64 string and pass it in the Authorization header.

Where BASE64_ENCODED_CREDENTIALS is base64(client_id:client_secret).

Example request
1curl --request GET \
2 --url 'https://api-demo.airwallex.com/partner-api/v1/webhooks' \
3 --header 'Authorization: Basic BASE64_ENCODED_CREDENTIALS'
Was this page helpful?