WAPIs Overview
WiPay APIs (WAPIs) — RESTful API for user management, accounts, transactions, trusted cards, and withdrawals
WiPay APIs (WAPIs)
The WiPay APIs provide a RESTful interface for user management, managing accounts, processing transactions, handling trusted card payments, and creating withdrawal requests.
Base URL
Append /wapi/{resource-path} to the country-specific live or sandbox base URL documented in Platforms and Environments.
Prerequisites
See Getting Started for account and credential requirements. The Accounts API (/accounts/*) additionally requires a provisioned WAPI Configuration for Main Merchant Account workflows.
Authentication
Authenticate each protected request with exactly one of:
Authorization: Bearer <access_token>— available to all verified accountsX-WAPI-Key: wapi_live_<kid>_<secret>orwapi_test_<kid>_<secret>— available to BUSINESS accounts only
Do not send both headers. Requests that send both, send neither, or use an invalid/expired/revoked credential are rejected with 401 Unauthorized.
Bearer tokens are issued by Grant and Refresh. Access tokens expire after 12 hours; refresh tokens remain valid for 6 hours after the access token expires.
WAPI Keys are created and managed on the Developer page. See WAPI Keys for format, creation, and lifecycle details.
Request and Response Conventions
POSTbodies use form-data or x-www-form-urlencoded.GETparameters are query strings.- Always include
Accept: application/json. - All responses return JSON with at least a
messagefield.
Standard Error Responses
All WAPI endpoints may return these standard HTTP error responses in addition to the endpoint-specific responses documented on each page:
| Status | Message |
|---|---|
405 Method Not Allowed | "Method Not Allowed" — the HTTP method is not supported for this endpoint |
500 Internal Server Error | "Internal Server Error" — an unexpected server error occurred |
Rate Limiting
Rate limit headers are included in every response:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed in the window |
X-RateLimit-Remaining | Remaining requests in the current window |
API Sections
Authentication
Authenticate protected WAPI routes with OAuth bearer tokens, or with WAPI Keys created and managed on your WiPay BUSINESS account.
- Grant — Obtain an access token with your credentials
- Refresh — Refresh an expired access token
- Revoke — Invalidate an active token
User
Retrieve the authenticated user's profile, update credentials, manage profile pictures, and configure bank accounts.
- Retrieve Profile — Get basic profile details, balances, and bank configuration status
- Update Password — Change account password
- Update Phone — Change phone number
- Profile Picture — Upload, replace, or delete a profile picture
- Bank Accounts — Create, retrieve, update, or delete local and foreign bank accounts
Accounts
Create and manage WiPay user accounts programmatically.
- Create — Create a new user account
- Retrieve — Get account details
- Update — Update account information
- Delete — Delete an account
Transactions
Retrieve transaction metadata, calculate fees, review history, retrieve a single transaction, and request refunds.
- Meta — Retrieve supported environments, currencies, fee structures, and total limits
- Fees — Calculate transaction fees for a given currency, total, and fee structure
- History — Paginated transaction history
- Retrieve — Retrieve the full details of a specific transaction
- Refund Request — Submit a refund request
Trusted Cards
Store, verify, and charge cards on file for recurring payments.
- Create — Store a new card on file
- Verify — Verify a card with a micro-charge
- Retrieve — View all stored cards or a single stored card
- Charge Request — Charge a verified card
- Delete — Remove a card from file
Trusted Card create and charge flows reuse WiPay's hosted checkout model. See Hosted Checkout Flows.
Withdrawals
Create and manage withdrawal requests for the authenticated account.
- Create — Create a new withdrawal request
- Meta — Retrieve the reference values accepted by the withdrawal endpoints
- History — Retrieve paginated withdrawal history
- Retrieve — Retrieve a single withdrawal by transaction ID
- Delete — Delete an eligible withdrawal
API Collection
Download the WAPIs collection for API testing. The Bruno collection is the canonical source; the Postman export is auto-generated from it.
See Also
- WAPI Scopes Reference
- WAPI FAQ — Main Merchant Account and WAPI Configuration guidance
- Hosted Checkout Flows — Shared behavior between Payments API and WAPI Trusted Card flows