OAuth 2.0 is an industry standard used to protect access to APIs. SWIFT OAuth Token API is used to issue tokens needed to access SWIFT API products.
Depending on the API product you are trying to access, you will be using one of the two types of OAuth:
- Password Grant Type
- JWT Bearer Grant Type
SWIFT SDK supports both types of OAuth and SWIFT Microgateway supports the JWT Bearer Grant Type, making it easy for you to access any API products.
URLs
Password Grant Type (Live) URL: api.swift.com/oauth2/v1/token
JWT Bearer Grant Type (Live) URL: api.swiftnet.sipn.swift.com/oauth2/v1/token
JWT Bearer Grant Type (Pilot) URL: api-test.swiftnet.sipn.swift.com/oauth2/v1/token
Sandbox URL: sandbox.swift.com/oauth2/v1/token
Authorization Header
Your application credentials are exchanged via the Basic Authentication Scheme in the authorization header. Your application credentials are the Consumer Key and Consumer Secret of the app you created. You can create an app by going to My Apps. Calculate the base-64 encoded value of $consumer-key:$consumer-secret
and use it in the authorization header with the keyword Basic
in front of it. For example:
ZGVtbzpwQDU1dzByZA==
is the base64 encoded value of "demo:p@55w0rd"
Authorization: Basic ZGVtbzpwQDU1dzByZA==
Request Body (different for each OAuth Grant Type)
Determine the OAuth grant type by going to the reference page, you will find this information in the Authentication section of the OpenAPI specification of each API product.
Password Grant Type using SWIFT issued License ID & License Secret
Field Name | Description |
grant_type | password |
username | Use “License ID” for the API product in Live after subscribing. To try it out in Sandbox, use sandbox-id |
password | Use “License Secret” for the API product in Live after subscribing. To try it out in Sandbox, use sandbox-key |
Please refer to the License ID & Secret Creation Guide for information on how to acquire these credentials in Live environment.
JWT Bearer Grant Type using SWIFT issued PKI Certificate
Field Name | Description |
grant_type | urn:ietf:params:oauth:grant-type:jwt-bearer |
scope | Name of the service, role and qualifiers, ie swift.apitracker/FullViewer/scope/GRWLCN33 |
assertion | Use your SWIFT issued PKI certificate to create a Signed JWT (JSON Web Token) . To try it out in Sandbox, use demo.jks to generate this value |
Run the postman collection to see examples for both grant types and how to refresh and revoke tokens.
We've also created a tutorial and a demo app in Java to show you an example of JWT Bearer Grant Type in the Sandbox using SWIFT SDK.
The access token returned from the /token
endpoint is used as the bearer token in each subsequent call to SWIFT APIs. The bearer token is exchanged via the Bearer Authentication Scheme in the authorization header. For example:
eqKaLgPGmrWyDTystA3HV233gyfk
is the access token
Authorization: Bearer eqKaLgPGmrWyDTystA3HV233gyfk
Your application is responsible for securely managing the tokens generated for use both in storage and transit.
It is strongly recommended that your application dispose tokens that are no longer needed using /revoke
endpoint. SWIFT will invalidate the tokens from further use if you do. Once invalidated, they can no longer be used to access SWIFT APIs.