Skip to main content
Authentication uses opaque API keys passed as Authorization: Bearer <key>. Keys are issued per organization, scoped to a specific environment (live or test), and carry the minimum permissions needed for your integration. There is no token exchange step. Include the API key directly on every request. Common scopes include:
  • entities:read and entities:write for entity management
  • connections:read for institutions and connection reads
  • connections:write for connection onboarding, credential updates, sync, and deletion
  • accounts:read for account data
  • transactions:read for historical browse and sync
  • webhooks:read and webhooks:write for webhook registration management
Keys are managed through the Waycore Console. To get access, contact us at hello@waycore.com.