OAuth 2.0 is an industry standard used to protect access to APIs. SWIFT OAuth Token API is used to issue tokens needed to access other SWIFT API products.
Depending on the API product you are trying to access, you will be using one of the two types of OAuth:
- Password Grant Type
- JWT Bearer Grant Type
SWIFT SDK and SWIFT Microgateway support both types of OAuth, making it easy for you to access any API products.
Your Application
An application is represented by the combination of consumer-key
and consumer-secret
. This set of credentials identifies your application. You can create your application by going to My Apps.
Your application credentials are exchanged via the Basic Authentication Scheme. It is a simple HTTP authentication scheme which transmits credentials as Username and Password in the Authorization header. When sending SWIFT OAuth Token API request, calculate the base-64 encoded value of consumer-key
and consumer-secret
and use it in the Authorization header with the keyword Basic
in front of it.
Authorization: Basic {{base64Encode consumer-key:consumer-secret}}
Your Credentials
This is the credentials that you have with SWIFT that identifies you, the caller of the API. There are two types of credentials each used via a different type of OAuth. Check the securitySchemes defined in the OpenAPI specification of the API product to find out the type of OAuth and credentials you should use.
Password Grant Type using SWIFT issued License ID & License Secret
The API request body of this type requires three values: grant_type, username, and password. The values of username and password correspond to the License ID
and License Secret
assigned to you by your SWIFT API admin. The value of grant_type is password
in a new token request and refresh_token
for extending the lifetime of the token.
Reference the Postman Collection to see an example of password grant type API request in the Sandbox.
JWT Bearer Grant Type using SWIFT issued PKI Certificate
The API request body of this type requires three values: grant_type, scope, and assertion. The value of grant_type is urn:ietf:params:oauth:grant-type:jwt-bearer
in a new token request and refresh_token
for extending the lifetime of the token. The value of scope is the API service and role that you are trying to access, such as swift.apitracker/FullViewer
for GPI Tracker service. The value of assertion is the Signed JWT (JSON Web Token) or JWS (JSON Web Signature) that is generated with your SWIFT issued PKI certificate.
Reference the gpi v4 demo app to see an example in Java of JWT Bearer Grant Type in the Sandbox using SWIFT SDK. Also reference the Postman Collection to see the example in javascript.
The access token issued is exchanged via the Bearer Authentication Scheme. The access token is called a Bearer token which means that any party in possession of the token can use it to access SWIFT APIs. Your application is responsible for securely managing the tokens generated for use both in storage and transit.
Authorization: Bearer {{access_token}}
It is strongly recommended that your application dispose tokens that are no longer needed. SWIFT will invalidate the tokens from further use if you do. Once invalidated, they can no longer be used to access SWIFT APIs.