Authorizing Wallet Orders

Wallet Orders have two layers of authentication that will need to be done by the end user in order for the wallet order to be completed.

1. Authenticate End User

When authCodesRequested = true, you need to call:

GET v3/debitcard/authorization/:orderId

This will start the process of authenticating a user.

Wyre may require the following authentication codes:

  • CARD2FA - A 6 digit code that's added immediately to the end user's bank account.
  • SMS - A 6 digits sent to the user's mobile device.
  • 3DS: A URL with the 3DS challenge request by the Bank.



When 3DS is requested, CARD2FA and SMS will never be requested.

When the Get Authorization Details call above returns authorization3dsUrl with a valid URL, you should open a Web-View from the exact same device that sent the Wallet Order creation request, and let the user solve the 3DS challenge. Do not change the Web-View size or inject any kind of script or the 3DS challenge and order will immediately fail. The device IP address where the challenge is solved must be the same as the parameter ipAddress in the wallet order creation.

To receive the 3DS authentication keep polling Get Wallet Order until the status is PROCESSING or FAILED. Do not close the Web-View before the Wallet Order status is PROCESSING or FAILED.

The need for confirming codes are dynamic and are based on each order. You will need to confirm only codes that are requested. If the Authentication codes are not provided, the order will expire - the current expiration time is 10 minutes. When building your UI, you need to make it a real-time experience.

The GET request is only available until codes are still valid. After that, if you try to get authorization information in this endpoint we throw an error, check Card Exceptions. The current limit of attempts to specify the code is 5 times. After this, you will receive back an error and the order will expire.

If smsNeeded or card2faNeeded are true, you must provide the codes back in the following endpoints:

POST v3/debitcard/authorize/partner


Testing Note

In testwyre you need to provide card2fa only once each 2 minutes you submitted your last order using the same card and same billing. After 2 minutes you will need to provide card2fa again.


The node type must be either SMS, CARD2FA or ALL. When SMS the node sms is mandatory, when CARD2FA the node card2fa is mandatory, when ALL both sms and card2fa are mandatory.


When any code failed due to any reason (max attempts, time expiration...) the order will also fail and card refunded. Failed orders cannot be resumed. These codes' needs might change at any time and based on the buyer's info.

2. Verify Order Authorization

Keep polling Wallet Order Details until the order's status is PROCESSING or COMPLETE.

You can also receive updates via Webhooks, contact our sales team at [email protected] to set up your webhook configuration.

3. Track Wallet Order

Once the transferId is returned it means the order was accepted and the transfer (blockchain transaction) is in progress.

To track its progress, you can use the Track Widget Order endpoint.


Test Data

You should provide your own test dummy data. Do not use the data in the samples.