Skip to main content
Swippee Connect is the hosted consent flow: the consumer signs into their Swippee Vault, approves which scopes you get, and you receive a public_token. Your app never sees their statement or login.
1

Your backend creates a request

2

Open the flow in the browser

Script-tag drop-in (any site). The script is first-party — for extra safety you can pin it with integrity / crossorigin.
React drop-in (npm install @swippee/connect-react):
3

Exchange + read the granted data (server)

The consumer manages and revokes every connection from their Vault; a revoke kills the access token immediately.

Audit your consents

For compliance — proving which customer consents you obtained and how the data was used — read your consent + access trail. Both endpoints are read-only, scoped to your organization, and return consent metadata only: no consumer PII, no tokens. (Reading the granted data is the separate GET /v1/grants/:id/data above, which additionally requires the access token.)
consumer_id is an opaque identifier — never the consumer’s email, phone, or name. The access log records each time your app read the granted data.