SWIFT Developer Portal | SWIFT OAuth Token API

Overview

OAuth 2.0 is an industry standard used to protect access to APIs. SWIFT OAuth Token API is used to issue tokens needed to access other SWIFT API products.

Depending on the API product you are trying to access, you will be using one of the two types of OAuth:

Password Grant Type
Client Credentials Grant Type with Signed JWT (JWS) assertion

SWIFT SDK and SWIFT Microgateway support both types of OAuth, making it easy for you to access any API products.

How to get tokens needed to access SWIFT APIs?

Your Application

An application is represented by the combination of consumer-key and consumer-secret. This set of credentials identifies your application. You can create your application by going to My Apps.

Your application credentials are exchanged via the Basic Authentication Scheme. It is a simple HTTP authentication scheme which transmits credentials as Username and Password in the Authorization header. When sending SWIFT OAuth Token API request, calculate the base-64 encoded value of consumer-key and consumer-secret and use it in the Authorization header with the keyword Basic in front of it.

Authorization: Basic {{base64Encode consumer-key:consumer-secret}}

Your Credentials

This is the credentials that you have with SWIFT that identifies you, the caller of the API. There are two types of credentials each used via a different type of OAuth. Check the securitySchemes defined in the OpenAPI specification of the API product to find out the type of OAuth and credentials you should use.

Password Grant Type using SWIFT.com License ID & License Secret

The API request body of this type requires three values: grant_type, username, and password. The values of username and password correspond to the License ID and License Secret assigned to you by your SWIFT API admin. The value of grant_type is password in a new token request and refresh_token for extending the lifetime of the token.

Reference the Postman Collection to see an example of password grant type API request in the Sandbox.

Client Credentials Grant Type using SWIFT issued PKI Certificate

The API request body of this type requires three values: grant_type, scope, and assertion. The value of grant_type is urn:ietf:params:oauth:grant-type:jwt-bearer in a new token request and refresh_token for extending the lifetime of the token. The value of scope is the API service and role that you are trying to access, such as swift.apitracker/FullViewer for GPI Tracker service. The value of assertion is the Signed JWT (JSON Web Token) or JWS (JSON Web Signature) that is generated with your SWIFT issued PKI certificate.

Reference the gpi v4 demo app to see an example in Java of Client Credentials Grant Type in the Sandbox using SWIFT SDK. Also reference the Postman Collection to see the example in javascript.

How to use tokens to access SWIFT APIs?

The access token issued is exchanged via the Bearer Authentication Scheme. The access token is called a Bearer token which means that any party in possession of the token can use it to access SWIFT APIs. Your application is responsible for securely managing the tokens generated for use both in storage and transit.

Authorization: Bearer {{access_token}}

Disposal of tokens

It is strongly recommended that your application dispose tokens that are no longer needed. SWIFT will invalidate the tokens from further use if you do. Once invalidated, they can no longer be used to access SWIFT APIs.

Postman

Request a SWIFT OAuth Token in the Sandbox! And use it to access the API products in the Sandbox.