Wise · Capability

Wise Platform API — spend-controls

Wise Platform API — spend-controls. 6 operations. Lead operation: Add a new authorisation rule. Self-contained Naftiko capability covering one Wise business surface.

Run with Naftiko Wisespend-controls

What You Can Do

POST
Spendcontrolsrulecreate — Add a new authorisation rule
/v1/v3/spend/applications/{clientid}/spend-controls/rules
GET
Spendcontrolsruleslist — List all authorisation rules
/v1/v3/spend/applications/{clientid}/spend-controls/rules
GET
Spendcontrolsappliedruleslist — List applied authorisation rules
/v1/v3/spend/applications/{clientid}/spend-controls/rules/applied
POST
Spendcontrolsruleapply — Apply an authorisation rule
/v1/v3/spend/applications/{clientid}/spend-controls/rules/apply
POST
Spendcontrolsruleunapply — Unapply an authorisation rule
/v1/v3/spend/applications/{clientid}/spend-controls/rules/unapply
DELETE
Spendcontrolsruledelete — Delete an authorisation rule
/v1/v3/spend/applications/{clientid}/spend-controls/rules/{ruleid}

MCP Tools

add-new-authorisation-rule

Add a new authorisation rule

list-all-authorisation-rules

List all authorisation rules

read-only idempotent
list-applied-authorisation-rules

List applied authorisation rules

read-only idempotent
apply-authorisation-rule

Apply an authorisation rule

unapply-authorisation-rule

Unapply an authorisation rule

delete-authorisation-rule

Delete an authorisation rule

idempotent

Capability Spec

platform-spend-controls.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Wise Platform API — spend-controls
  description: 'Wise Platform API — spend-controls. 6 operations. Lead operation: Add a new authorisation rule. Self-contained
    Naftiko capability covering one Wise business surface.'
  tags:
  - Wise
  - spend-controls
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    WISE_API_KEY: WISE_API_KEY
capability:
  consumes:
  - type: http
    namespace: platform-spend-controls
    baseUri: https://api.wise.com
    description: Wise Platform API — spend-controls business capability. Self-contained, no shared references.
    resources:
    - name: v3-spend-applications-clientId-spend-controls-rules
      path: /v3/spend/applications/{clientId}/spend-controls/rules
      operations:
      - name: spendcontrolsrulecreate
        method: POST
        description: Add a new authorisation rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The application client ID.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: spendcontrolsruleslist
        method: GET
        description: List all authorisation rules
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The application client ID.
          required: true
    - name: v3-spend-applications-clientId-spend-controls-rules-applied
      path: /v3/spend/applications/{clientId}/spend-controls/rules/applied
      operations:
      - name: spendcontrolsappliedruleslist
        method: GET
        description: List applied authorisation rules
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The application client ID.
          required: true
    - name: v3-spend-applications-clientId-spend-controls-rules-apply
      path: /v3/spend/applications/{clientId}/spend-controls/rules/apply
      operations:
      - name: spendcontrolsruleapply
        method: POST
        description: Apply an authorisation rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The application client ID.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: v3-spend-applications-clientId-spend-controls-rules-unapply
      path: /v3/spend/applications/{clientId}/spend-controls/rules/unapply
      operations:
      - name: spendcontrolsruleunapply
        method: POST
        description: Unapply an authorisation rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The application client ID.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: v3-spend-applications-clientId-spend-controls-rules-ruleId
      path: /v3/spend/applications/{clientId}/spend-controls/rules/{ruleId}
      operations:
      - name: spendcontrolsruledelete
        method: DELETE
        description: Delete an authorisation rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: path
          type: string
          description: The application client ID.
          required: true
        - name: ruleId
          in: path
          type: integer
          description: The ID of the authorisation rule to delete.
          required: true
    authentication:
      type: bearer
      token: '{{env.WISE_API_KEY}}'
  exposes:
  - type: rest
    namespace: platform-spend-controls-rest
    port: 8080
    description: REST adapter for Wise Platform API — spend-controls. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/v3/spend/applications/{clientid}/spend-controls/rules
      name: v3-spend-applications-clientid-spend-controls-rules
      description: REST surface for v3-spend-applications-clientId-spend-controls-rules.
      operations:
      - method: POST
        name: spendcontrolsrulecreate
        description: Add a new authorisation rule
        call: platform-spend-controls.spendcontrolsrulecreate
        with:
          clientId: rest.clientId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: GET
        name: spendcontrolsruleslist
        description: List all authorisation rules
        call: platform-spend-controls.spendcontrolsruleslist
        with:
          clientId: rest.clientId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v3/spend/applications/{clientid}/spend-controls/rules/applied
      name: v3-spend-applications-clientid-spend-controls-rules-applied
      description: REST surface for v3-spend-applications-clientId-spend-controls-rules-applied.
      operations:
      - method: GET
        name: spendcontrolsappliedruleslist
        description: List applied authorisation rules
        call: platform-spend-controls.spendcontrolsappliedruleslist
        with:
          clientId: rest.clientId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v3/spend/applications/{clientid}/spend-controls/rules/apply
      name: v3-spend-applications-clientid-spend-controls-rules-apply
      description: REST surface for v3-spend-applications-clientId-spend-controls-rules-apply.
      operations:
      - method: POST
        name: spendcontrolsruleapply
        description: Apply an authorisation rule
        call: platform-spend-controls.spendcontrolsruleapply
        with:
          clientId: rest.clientId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v3/spend/applications/{clientid}/spend-controls/rules/unapply
      name: v3-spend-applications-clientid-spend-controls-rules-unapply
      description: REST surface for v3-spend-applications-clientId-spend-controls-rules-unapply.
      operations:
      - method: POST
        name: spendcontrolsruleunapply
        description: Unapply an authorisation rule
        call: platform-spend-controls.spendcontrolsruleunapply
        with:
          clientId: rest.clientId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v3/spend/applications/{clientid}/spend-controls/rules/{ruleid}
      name: v3-spend-applications-clientid-spend-controls-rules-ruleid
      description: REST surface for v3-spend-applications-clientId-spend-controls-rules-ruleId.
      operations:
      - method: DELETE
        name: spendcontrolsruledelete
        description: Delete an authorisation rule
        call: platform-spend-controls.spendcontrolsruledelete
        with:
          clientId: rest.clientId
          ruleId: rest.ruleId
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: platform-spend-controls-mcp
    port: 9090
    transport: http
    description: MCP adapter for Wise Platform API — spend-controls. One tool per consumed operation, routed inline through
      this capability's consumes block.
    tools:
    - name: add-new-authorisation-rule
      description: Add a new authorisation rule
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: platform-spend-controls.spendcontrolsrulecreate
      with:
        clientId: tools.clientId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: list-all-authorisation-rules
      description: List all authorisation rules
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: platform-spend-controls.spendcontrolsruleslist
      with:
        clientId: tools.clientId
      outputParameters:
      - type: object
        mapping: $.
    - name: list-applied-authorisation-rules
      description: List applied authorisation rules
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: platform-spend-controls.spendcontrolsappliedruleslist
      with:
        clientId: tools.clientId
      outputParameters:
      - type: object
        mapping: $.
    - name: apply-authorisation-rule
      description: Apply an authorisation rule
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: platform-spend-controls.spendcontrolsruleapply
      with:
        clientId: tools.clientId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: unapply-authorisation-rule
      description: Unapply an authorisation rule
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: platform-spend-controls.spendcontrolsruleunapply
      with:
        clientId: tools.clientId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-authorisation-rule
      description: Delete an authorisation rule
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: platform-spend-controls.spendcontrolsruledelete
      with:
        clientId: tools.clientId
        ruleId: tools.ruleId
      outputParameters:
      - type: object
        mapping: $.