> ## Documentation Index
> Fetch the complete documentation index at: https://docs.swippee.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Consents — share a report safely

> Let a statement owner share a parsed report with a third party via a scoped, expiring token — without handing over an API key.

Let the statement owner share a parsed report with a third party (a lender, CA,
or landlord) **without** handing over an API key. You grant a scoped, expiring
*consent*; the grantee redeems an opaque token and sees only the views you
allowed. Every read is audit-logged, and you can revoke at any time.

## Create a consent

```bash theme={null}
curl -X POST https://api.swippee.com/v1/consents \
  -H "Authorization: Bearer swippee_sk_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{
    "report_id": "cl_abc123",
    "scopes": ["identity", "income", "verify"],
    "grantee_label": "Nabil Bank loan desk",
    "expires_in_days": 7
  }'

# → { "id": "...", "token": "swcon_…", "data_url": "…/v1/consents/:id/data?token=…",
#     "scopes": [...], "expires_at": "..." }
```

Valid `scopes`: `identity`, `income`, `liabilities`, `verify`, `transactions`.
Expiry defaults to 30 days (max 365).

## Redeem (grantee — token only, no API key)

```bash theme={null}
curl 'https://api.swippee.com/v1/consents/:id/data?token=swcon_…'
# → { "scopes": [...], "data": { "identity": {...}, "income": {...} } }
```

## List & revoke (owner)

```bash theme={null}
curl https://api.swippee.com/v1/consents \
  -H "Authorization: Bearer swippee_sk_live_xxx"

curl -X POST https://api.swippee.com/v1/consents/:id/revoke \
  -H "Authorization: Bearer swippee_sk_live_xxx"
# after revoke, redeem returns 403 consent_inactive
```
