Core endpoints
Complete endpoint reference
Every endpoint below mirrors production behavior and response shape.
Base URL
https://api.swippee.com/v1For local development: http://localhost:3000/api/v1
Authentication
All requests require a Bearer token. Get one from the dashboard.
Authorization: Bearer swippee_sk_live_xxxxxxxxxxxxxxxxKeys are shown exactly once at creation. We only keep a SHA-256 hash — lost keys must be revoked and replaced. Issue read-only keys for backend services that only need to fetch existing reports.
POST /v1/parse
Upload a bank statement. Returns a full StatementReport.
Request
curl -X POST https://api.swippee.com/v1/parse \
-H "Authorization: Bearer $SWIPPEE_API_KEY" \
-F "file=@statement.pdf" \
-F "bank=auto"Fields
| Field | Type | Description |
|---|---|---|
| file | file | Required. PDF, JPEG, or PNG. Max 20 MB. |
| bank | string | Optional. NABIL, NIC_ASIA, NIMB, NMB, KUMARI, SIDDHARTHA, GLOBAL_IME, or auto. |
| async | boolean | Optional. If true, returns 202 + poll_url immediately; worker processes in background. |
Response (200)
{
"report_id": "cl_abc123",
"status": "complete",
"statement": {
"bank": "Nabil Bank",
"bank_code": "NABIL",
"currency": "NPR",
"period": { "from": "2025-11-01", "to": "2026-04-30" },
"opening_balance": 5028.73,
"closing_balance": 5062.93,
"total_transactions": 114
},
"signals": { /* … */ },
"monthly_summary": [ /* … */ ],
"categories": { /* … */ },
"merchant_categories": { "groceries": { "count": 12, "total": 8420 }, /* … */ },
"transactions": [
{
"date": "2026-04-12",
"description": "MPAY 2222020006840462,492738040,MOB",
"debit": 540, "credit": null, "balance": 4820.5,
"category": "merchant_payment",
"merchant": "Santosh Babu Store",
"merchantTerminal": "2222020006840462",
"mcc": "5411",
"merchantCategory": "groceries"
}
/* … */
]
}Transaction object
| Field | Type | Description |
|---|---|---|
| date | string | ISO 8601 (YYYY-MM-DD). |
| description | string | Raw narration as printed on the statement. |
| debit / credit / balance | number | null | Amounts in statement currency. |
| category | string | Coarse class: salary, merchant_payment, transfer, wallet, utility, loan_repayment, remittance, … |
| merchant | string | null | Merchant name parsed from the narration (or resolved from a Fonepay terminal). Null when none. |
| merchantTerminal | string | null | Fonepay terminal PAN, when the rail carries one. |
| mcc | string | null | ISO 18245 Merchant Category Code, when the merchant resolves. |
| merchantCategory | string | null | Spend sub-category derived from the MCC (e.g. groceries, dining, fuel). |
Product endpoints
Once a report is complete, each product is a focused GET on it. All take a Bearer key and return JSON shaped for that one product — call only what you need, billed as one parse regardless of how many you read.
| Product | Endpoint | Returns |
|---|---|---|
| Asset Report | GET /v1/reports/:id/asset-report | The full underwriting view — statement, signals, monthly summary, categories, and every transaction. |
| Income | GET /v1/reports/:id/income | Salary detection (amount, regularity, day-of-month), monthly credits, stability score, and the income transactions. |
| Identity | GET /v1/reports/:id/identity | Account holder, account number, bank, currency, and statement period — to confirm the uploader owns the account. |
| Balance | GET /v1/reports/:id/balance | Opening/closing balances, average and minimum balance, and the balance trend. |
| Liabilities | GET /v1/reports/:id/liabilities | EMI/loan obligations bucketed by detected lender, monthly EMI total, EMI load %, and bounce count. |
| Score | GET /v1/reports/:id/score | A single 0–1000 creditworthiness score derived from the statement signals. |
| Verify | GET /v1/reports/:id/verify | Forgery/tamper detection — a verdict (authentic | review | suspicious), confidence, and every check with pass/fail + severity. |
| Underwriting | GET /v1/reports/:id/underwriting | A full loan-decision assessment: affordability, risk flags, and a recommendation. |
# fetch just the income view of a completed report
curl https://api.swippee.com/v1/reports/cl_abc123/income \
-H "Authorization: Bearer swippee_sk_live_xxx"enrich is a transform endpoint (POST /v1/enrich) — send raw transactions, get merchant/MCC/category tags back. connect is the hosted upload flow (see the Connect product page).
GET /v1/reports/:id/transactions
The categorized transaction list, with query filters so you don't always need the full set.
# only dining spend, debits, in April
curl "https://api.swippee.com/v1/reports/cl_abc123/transactions\
?merchant_category=dining&direction=debit&since=2026-04-01&until=2026-04-30&limit=100" \
-H "Authorization: Bearer swippee_sk_live_xxx"Filters: category, merchant_category, direction (credit|debit), since, until (ISO dates), limit (default 500, max 1000). Filters combine (AND).
GET /v1/reports/:id
Fetch a past report by its ID.
curl https://api.swippee.com/v1/reports/cl_abc123 \
-H "Authorization: Bearer swippee_sk_live_xxx"GET /v1/reports
List your recent reports.
curl 'https://api.swippee.com/v1/reports?limit=20&status=complete' \
-H "Authorization: Bearer swippee_sk_live_xxx"GET /v1/banks
List supported banks. No auth required.
curl https://api.swippee.com/v1/banksGET /v1/usage
Check your quota and usage for the current month.
{
"plan": "sandbox",
"quota": 100,
"used": 23,
"remaining": 77,
"period": "2026-05",
"resets_at": "2026-06-01T00:00:00.000Z"
}Connect — embed the consumer Vault
Swippee Connect is the hosted consent flow: the consumer signs into their Swippee Vault, approves which scopes you get, and you receive a public_token — your app never sees their statement or login. Three steps:
1. Your backend creates a request
curl -X POST https://api.swippee.com/v1/connect/request \
-H "Authorization: Bearer swippee_sk_live_xxx" \
-H "Content-Type: application/json" \
-d '{ "scopes": ["identity","income"], "redirect_uri": "https://yourapp.com/cb" }'
# → { "request_token": "swln_…", "connect_url": "https://swippee.com/connect?token=swln_…" }2. Open the flow in the browser
Script-tag drop-in (any site). The script is first-party — for extra safety you can pin it with integrity/crossorigin.
<script src="https://swippee.com/connect.js"></script>
<script>
SwippeeConnect.open({
connectUrl, // from step 1 (via your backend)
onSuccess: ({ public_token }) => exchangeOnYourServer(public_token),
onExit: () => {},
});
</script>React drop-in:
<SwippeeConnect
mode="hosted"
createRequest={() => fetch("/api/connect-request").then(r => r.json())}
onHostedSuccess={({ publicToken }) => exchangeOnYourServer(publicToken)}
/>3. Exchange + read the granted data (server)
curl -X POST https://api.swippee.com/v1/connect/exchange \
-H "Authorization: Bearer swippee_sk_live_xxx" \
-d '{ "public_token": "swln_…" }'
# → { "access_token": "swac_…", "grant_id": "...", "scopes": [...] }
# read only the granted views (token in a header, never the URL):
curl https://api.swippee.com/v1/grants/GRANT_ID/data \
-H "Authorization: Bearer swippee_sk_live_xxx" \
-H "X-Swippee-Access-Token: swac_…"
# → { "scopes": [...], "data": { "identity": {...}, "income": {...} } }The consumer manages and revokes every connection from my Vault; a revoke kills the access token immediately.
Consents — share a report safely
Let the statement owner share a parsed report with a third party (a lender, CA, or landlord) without handing over an API key. You grant a scoped, expiring consent; the grantee redeems an opaque token and sees only the views you allowed. Every read is audit-logged, and you can revoke at any time.
Create a consent
curl -X POST https://api.swippee.com/v1/consents \
-H "Authorization: Bearer swippee_sk_live_xxx" \
-H "Content-Type: application/json" \
-d '{
"report_id": "cl_abc123",
"scopes": ["identity", "income", "verify"],
"grantee_label": "Nabil Bank loan desk",
"expires_in_days": 7
}'
# → { "id": "...", "token": "swcon_…", "data_url": "…/v1/consents/:id/data?token=…",
# "scopes": [...], "expires_at": "..." }Valid scopes: identity, income, liabilities, verify, transactions. Expiry defaults to 30 days (max 365).
Redeem (grantee — token only, no API key)
curl 'https://api.swippee.com/v1/consents/:id/data?token=swcon_…'
# → { "scopes": [...], "data": { "identity": {...}, "income": {...} } }List & revoke (owner)
curl https://api.swippee.com/v1/consents \
-H "Authorization: Bearer swippee_sk_live_xxx"
curl -X POST https://api.swippee.com/v1/consents/:id/revoke \
-H "Authorization: Bearer swippee_sk_live_xxx"
# after revoke, redeem returns 403 consent_inactiveWebhooks
When a report completes (sync or async), Swippee POSTs the result to every active webhook endpoint on your org. The payload is signed with X-Swippee-Signature: t=<unix>,v1=<hex> (HMAC-SHA256 signature). Failed deliveries retry with exponential backoff up to 24h.
{
"event": "parse.complete",
"report_id": "cl_abc123",
"timestamp": "2026-05-27T10:23:41Z",
"result": { /* StatementReport */ }
}Errors
All errors return JSON of the form { "error": { "code": "...", "message": "..." } }.
| Code | HTTP | Meaning |
|---|---|---|
missing_api_key | 401 | No Authorization header sent. |
invalid_api_key | 401 | Key does not exist. |
revoked_api_key | 401 | Key was revoked. |
insufficient_scope | 403 | Key lacks the required scope. |
quota_exceeded | 429 | Monthly parse limit reached. |
missing_file | 400 | Form field `file` is missing. |
file_too_large | 413 | File exceeds the 20 MB limit. |
invalid_format | 400 | Body was malformed or not multipart/form-data. |
unsupported_document | 422 | Uploaded file is not a transaction statement. |
unsupported_bank | 422 | No supported Nepali bank detected. |
parse_failed | 422 | Bank detected but extraction failed. |
not_found | 404 | Resource not found on this organization. |
Swippee Data API
Read-only access to Nepal's public-sector financial data, parsed from NRB's releases. These endpoints are unauthenticated and free to try (rate-limited per IP). Every response is wrapped in a { data, meta } envelope — meta carries the source, publication date and an attribution string you must surface when republishing.
Endpoints
| Endpoint | Description |
|---|---|
| Forex reference rates · Daily (weekdays) | |
GET /v1/data/nrb/forex/latest | Latest buy/sell for all currencies |
GET /v1/data/nrb/forex/series?currency=USD&from=YYYY-MM-DD&to=YYYY-MM-DD | Daily series for one currency |
GET /v1/data/nrb/forex/convert?from=USD&to=NPR&amount=100 | Convert using the latest rate |
| Monthly banking statistics · Monthly | |
GET /v1/data/nrb/banking/snapshot?month=YYYY-MM | All C4 indicators for a month |
GET /v1/data/nrb/banking/indicators?month=YYYY-MM&class=commercial | Flat indicator list, filterable by BFI class |
GET /v1/data/nrb/banking/indicators/series?indicator=npl-total-loan&class=commercial | One indicator over time |
| Commercial-bank interest rates · Monthly (since 2016) | |
GET /v1/data/nrb/interest-rates/latest | All rates for the latest month |
GET /v1/data/nrb/interest-rates/series?metric=base-rate | One rate over time (base-rate, spread-rate, wavg-deposit, wavg-credit…) |
| Macroeconomic situation · Monthly | |
GET /v1/data/nrb/macro/latest | Latest report's indicators (each with a source quote) |
GET /v1/data/nrb/macro/series?metric=cpi_inflation_yoy | One indicator over time (inflation, remittance, reserves, bop…) |
| Payment systems indicators · Monthly | |
GET /v1/data/nrb/payments/latest | All channels (volume + value) for the latest month |
GET /v1/data/nrb/payments/series?channel=mobile-banking&metric=volume | One channel/metric over time |
| Licensed BFI directory · Quarterly | |
GET /v1/data/nrb/bfis?class=commercial&as_of=YYYY-MM-DD | Licensed BFIs, filterable by class |
Example
curl https://api.swippee.com/v1/data/nrb/interest-rates/latest{
"data": [
{ "metric": "base-rate", "label": "Base Rate", "value": 5.0, "unit": "percent", "sheet": "C23" },
{ "metric": "wavg-deposit", "label": "Weighted Avg. Deposit Rate", "value": 3.4, "unit": "percent", "sheet": "C20" }
],
"meta": {
"source": "Nepal Rastra Bank",
"source_url": "https://www.nrb.org.np/contents/uploads/.../Chaitra_2082_Publish.xlsx",
"attribution": "Source: Nepal Rastra Bank — Monthly Banking & Financial Statistics. Republished by Swippee Data with attribution.",
"as_of": "2026-04-15"
}
}Browse every dataset and its cadence at /products/data. Macro figures additionally include a source_quote field — the verbatim sentence each number was verified against.