OAuth 2.0


https://api.wgtwo.com expects the access token as a Bearer credential in the HTTP Authorization headers:

Authorization: Bearer {access token}


Base URI:   https://id.wgtwo.com

Token endpointhttps://id.wgtwo.com/oauth2/tokenbasic auth

Grant types supported

  • Client Credentials

Subject identifier

We use pairwise Subject Identifiers, which will calculate unique subject values for each Sector Identifier. That is, two clients will not be able to correlate end-user activity without the consent of the user.

Note that many of our APIs does include phone numbers, which will provide an ID of the user. The phone scope will therefore be required for most services, but does require user consent.

JSON Web Key Set

JWKS endpoint:   https://id.wgtwo.com/.well-known/jwks.json

All issued JWTs are signed using the RS256 signing algorithm.

The JWT is signed using one of these keys, but the endpoint may contain multiple keys to allow key rotation.

It is recommended to use a library that fetches the keys dynamically as they may be re rotated without notice.