Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@transferwise/approve-api-action-helpers
Advanced tools
An http client that handles SCA protected requests gracefully
A tiny library that lets you handle Strong Customer Authentication (SCA) required calls easily.
Read more from our API documentation.
Using npm:
npm install @transferwise/approve-api-action-helpers
Using CDN and script tags:
<script src="https://unpkg.com/@transferwise/approve-api-action-helpers@latest/dist/main.js"></script>
Note that to use this library with Internet Explorer (11)
fetch
andPromise
must be polyfilled. For example: https://polyfill-fastly.io/v3/polyfill.min.js?features=fetch%2CPromise. Comment out the script in the demo (demo/src/inex.html
) to see it in action.
This library exports a create
function for SCA protected requests. It returns a request wrapper that can be used like a regular fetch request. Use it as follows:
import { create, Mode } from '@transferwise/approve-api-action-helpers';
const request = create({ mode: Mode.PRODUCTION });
const res = await request('https://my-backend-api.com/sca-protected-call', { method: 'GET', ... });
When the backend returns that SCA is required, it will run the user through an SCA flow and retry that request. Also, it will throw an error if you get a 4xx
or 5xx
response.
NB! make sure that your backend proxies 'x-2fa-approval' response header to the frontend and forwards it back to Wise when this library passes it back. Also please reflect the response status (403) back to the frontend.
key | optional | default | alternatives |
---|---|---|---|
mode | yes | Mode.PRODUCTION | Mode.SANDBOX |
In /demo directory you'll find a simple demo of the flow.
FAQs
An http client that handles SCA protected requests gracefully
We found that @transferwise/approve-api-action-helpers demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.