With our GraphQL API you can request data and perform actions on your accounts, cards, transactions, etc. In this communication process, you (or your user) ask Swan to execute operations and we respond.
How to execute operations with our API
With webhooks, when an external event happens and a resource is updated on our side, we initiate the request to one of your endpoints. This allows you to process events that were not initiated by you - through our API, and in near real-time. Most of the time, few seconds after the event, and sometimes up to 10min.
How to get data using a webhook
Banking data is sensitive; that's why we require authentication to access it! And webhooks simply aren't that secure. So we won't send sensitive banking data through them, you'll just get a notification that something happened. To access sensitive data impacted by an event, you'll need to query our API.
You can configure a webhook from our dashboard. A webhook object possesses 4 characteristics:
status: a webhook can be Enabled or Disabled
label: input a short text of your choice
endpoint URL: the URL we will request
events: the list of event types where we request
Once a webhook is created, you can get more information on its usage and see all requests up to that point. This allows you to troubleshoot any errors you might encounter and see what Swan got back as a response. You can access filters on the
resourceIdto search for specific events that were fired.
If we encounter an error during a webhook request, we'll replay it up to 8 times. If all the tries fail, we'll then let you replay it manually. With just a click, you can catch the event you missed and synchronize your processes.
We send a POST request with the following body :
This example is an event triggered by the creation of a new transaction with the id
bosci_46976252125703bac107f4f8a4ca5b3d. Each event is described by two data:
eventTypewhich tells you what action was performed and on which resource type, and
eventIdwhich is unique for this action. For security reasons, we do not provide further information on our request. For more information on the resource impacted by the event, you must query our API.
Every request we make to your endpoint must be answered with the HTTP 200 code. If we receive another code, we consider it an error and retry the call a few seconds later. We make a maximum of three tries per request. After that, you can still replay the request manually if you need to.
The first part of the
eventTypewill tell you what resources to query in an API call. In the following table, you will find all the event types and examples of their functional triggers.