With our GraphQL API you can request data and perform actions on your accounts, cards, transactions, etc. This is a communication process where you (or your user) asks Swan to execute operations and we respond.
How to execute operations with our API
With webhooks, when an external event happens and a resource is updated on our side, we initiate the request to one of your endpoints. This allows you to process events that were not initiated by you - through our API and in real-time rather than a few minutes or hours later.
How to get data using a webhook
Banking data is sensitive, that is why we require authentication to access it. Since Swan is all about making banking operations easy, we chose not to send any sensitive data through webhook requests. Therefore, if you want to access the data impacted by the event, you'll need to query our API.

Add and configure a webhook

You can configure a webhook from our dashboard. A webhook object possesses 4 characteristics:
  • status: a webhook can be Enabled or Disabled
  • label: input a short text of your choice
  • endpoint URL: the URL we will request
  • events: the list of event types where we request endpoint URL
Once a webhook is created, you'll be able to get more information about its usage; you can see all requests up to that point. This allows you to troubleshoot any errors you might encounter and to see what Swan got back as a response. You can access filters on the eventId or the resourceId to search for specific events that were fired.
For security reasons, when you go live, you'll have to manually configure your webhooks again in the live section.
If we encounter an error during a webhook request, we'll replay it up to 4 times. If all the tries fail, we'll then let you replay it manually. With just a click, you can catch the event you missed and synchronize your processes.

Event data sent

We send a POST request with the following body :
"eventType": "Transaction.Booked",
"eventId": "513e7027-8320-42f1-bdb5-3ca630b9a4c6",
"eventDate": "2021-08-18T09:35:46.673Z",
"projectId": "ea0e5a52-63ab-4eb8-9645-eaf42357694f",
"resourceId": "bosci_46976252125703bac107f4f8a4ca5b3d"
This example is an event triggered by the creation of a new transaction with the id bosci_46976252125703bac107f4f8a4ca5b3d. Each event is described by two data: eventType which tells you what action was performed and on which resource type, and eventIdwhich is unique for this action. For security reasons, we do not provide further information on our request. For more information on the resource impacted by the event, you must query our API.
Every request we make to your endpoint must be answered with the HTTP 200 code. If we receive another code, we consider it an error and retry the call a few seconds later. We make a maximum of three tries per request. After that, you can still replay the request manually if you need to.

Event types

The first part of the eventType will tell you what resources to query in an API call. In the following table, you will find all the event types and examples of their functional triggers.
This list of triggers is not exhaustive because the events are based on Swan's resources. transaction.created is an event type that is triggered every time there is a new transaction on your project. This could be a card payment, an incoming Sepa Credit Transfer, a received Sepa direct debit, or even a new type of transaction that hasn't been developed yet.
Examples of triggers
An onboarding was finalized
An account name was changed
An onboarding was finalized
A Banking Verification Status was updated by our compliance dept.
A user was bound with the accountMembership
A new accountMembership was created
An accountMembership was disabled
A suspended accountMembership was resumed
An accountMembership was suspended
An accountMembership was updated by an action
A new virtual card was created
A physical card was printed, a spending limit was updated ...
A consent was canceled by the partner
A consent was created for a sensitive operation
A consent expired without being refused or granted
The user accepted a sensitive operation
The user refused a sensitive operation
A consentURL was opened
A transaction was completed and will appear on the account statement
An upcoming direct debit was canceled
A scheduled direct debit was deleted
An outboing Sepa Credit Transfer was processed and is waiting for the next SEPA batch, a card authorisation was accepted ...
A transaction was rejected for compliance reasons
A card authorization was released
A transaction was booked for a future date
A new onboarding was created either through the API or the no-code interface
An onboarding was either finalized, or changed because new data was added to it
Last modified 1mo ago