Documentation Index
Fetch the complete documentation index at: https://docs.swippee.com/llms.txt
Use this file to discover all available pages before exploring further.
Swippee Connect is the hosted consent flow: the consumer signs into their
Swippee Vault, approves which scopes you get, and you receive a public_token.
Your app never sees their statement or login.
Your backend creates a request
curl -X POST https://api.swippee.com/v1/connect/request \
-H "Authorization: Bearer swippee_sk_live_xxx" \
-H "Content-Type: application/json" \
-d '{ "scopes": ["identity","income"], "redirect_uri": "https://yourapp.com/cb" }'
# → { "request_token": "swln_…", "connect_url": "https://swippee.com/connect?token=swln_…" }
Open the flow in the browser
Script-tag drop-in (any site). The script is first-party — for extra safety
you can pin it with integrity / crossorigin.<script src="https://swippee.com/connect.js"></script>
<script>
SwippeeConnect.open({
connectUrl, // from step 1 (via your backend)
onSuccess: ({ public_token }) => exchangeOnYourServer(public_token),
onExit: () => {},
});
</script>
npm install @swippee/connect-react):import { SwippeeConnect } from "@swippee/connect-react";
<SwippeeConnect
createRequest={() => fetch("/api/connect-request").then(r => r.json())}
onHostedSuccess={({ publicToken }) => exchangeOnYourServer(publicToken)}
/>
Exchange + read the granted data (server)
curl -X POST https://api.swippee.com/v1/connect/exchange \
-H "Authorization: Bearer swippee_sk_live_xxx" \
-d '{ "public_token": "swln_…" }'
# → { "access_token": "swac_…", "grant_id": "...", "scopes": [...] }
# read only the granted views (token in a header, never the URL):
curl https://api.swippee.com/v1/grants/GRANT_ID/data \
-H "Authorization: Bearer swippee_sk_live_xxx" \
-H "X-Swippee-Access-Token: swac_…"
# → { "scopes": [...], "data": { "identity": {...}, "income": {...} } }
The consumer manages and revokes every connection from their Vault; a revoke
kills the access token immediately.
