SWIFT OAuth Token API

OAuth 2.0 is an industry standard used to protect access to APIs. SWIFT OAuth Token API is used to issue tokens needed to access SWIFT API products.

Depending on the API product you are trying to access, you will be using one of the two types of OAuth:

  • Password Grant Type
  • JWT Bearer Grant Type

SWIFT SDK supports both types of OAuth and SWIFT Microgateway supports the JWT Bearer Grant Type, making it easy for you to access any API products.

 

URLs

Password Grant Type (Live) URL: api.swift.com/oauth2/v1/token

JWT Bearer Grant Type (Live) URL: api.swiftnet.sipn.swift.com/oauth2/v1/token

JWT Bearer Grant Type (Pilot) URL: api-test.swiftnet.sipn.swift.com/oauth2/v1/token

Sandbox URL: sandbox.swift.com/oauth2/v1/token

 

Authorization Header

Your application credentials are exchanged via the Basic Authentication Scheme in the authorization header. Your application credentials are the Consumer Key and Consumer Secret of the app you created. You can create an app by going to My Apps. Calculate the base-64 encoded value of $consumer-key:$consumer-secret and use it in the authorization header with the keyword Basic in front of it. For example:

ZGVtbzpwQDU1dzByZA== is the base64 encoded value of "demo:p@55w0rd"
Authorization: Basic ZGVtbzpwQDU1dzByZA==

 

Request Body (different for each OAuth Grant Type)

Determine the OAuth grant type by going to the reference page, you will find this information in the Authentication section of the OpenAPI specification of each API product.

Password Grant Type using SWIFT issued License ID & License Secret

Field Name Description
grant_type password
username Use “License ID” for the API product in Live after subscribing. To try it out in Sandbox, use sandbox-id
password Use “License Secret” for the API product in Live after subscribing. To try it out in Sandbox, use sandbox-key

Please refer to the License ID & Secret Creation Guide for information on how to acquire these credentials in Live environment.

 

JWT Bearer Grant Type using SWIFT issued PKI Certificate

Field Name Description
grant_type urn:ietf:params:oauth:grant-type:jwt-bearer
scope   Name of the service, role and qualifiers, ie swift.apitracker/FullViewer/scope/GRWLCN33
assertion  Use your SWIFT issued PKI certificate to create a Signed JWT (JSON Web Token)  . To try it out in Sandbox, use demo.jks   to generate this value
 

Run the postman collection to see examples for both grant types and how to refresh and revoke tokens.

We've also created a tutorial and a demo app in Java to show you an example of JWT Bearer Grant Type in the Sandbox using SWIFT SDK.

 

The access token returned from the /token endpoint is used as the bearer token in each subsequent call to SWIFT APIs. The bearer token is exchanged via the Bearer Authentication Scheme in the authorization header. For example:

eqKaLgPGmrWyDTystA3HV233gyfk is the access token
Authorization: Bearer eqKaLgPGmrWyDTystA3HV233gyfk

Your application is responsible for securely managing the tokens generated for use both in storage and transit.

 

It is strongly recommended that your application dispose tokens that are no longer needed using /revoke endpoint. SWIFT will invalidate the tokens from further use if you do. Once invalidated, they can no longer be used to access SWIFT APIs.