Users overview
A Swan user is an actual person identified within Swan by their mobile phone number. Swan users are managed globally, not project-by-project. Therefore, users can log into multiple projects with the same phone number.
Using mobile phone numbers to identify users greatly simplifies their experience: users only need to know their mobile number to log into Swan, and occasionally their chosen 6-digit passcode. Their passcode is linked to their mobile phone number and is the same for all projects in both the Sandbox and Live environments.
Note that if your users get a new phone number, they should change their number with Swan. They shouldn't sign up with a new link, which would create a new Swan user.
When testing your integration, you'll need Sandbox users. Sandbox users make it possible to simulate the different situations you may encounter with your real users in your Live environment, as long as they're logging in with the same phone number.
Authentication​
When a user wants to access their data or make transactions through your service with Swan's API, they must be authenticated. This includes when they log into their Web Banking app, whether it's Swan's open source version or your own custom integration.
Signing up​
Users sign up for Swan the first time their go through an authentication link. This typically occurs when they're invited to become an account member or during the onboarding process.
Your user:
- Opens their signup link.
- Enters their mobile number.
- If you include their number when creating their signup link, they won't need to enter it again.
- Confirms their mobile number, after which they continue the signup process on their mobile device. How they confirm this step depends on whether they opened the signup link from a computer or their mobile device:
- Computer: Swan sends your user a text message with a link to open on their mobile device.
- Mobile device: Swan sends your user a text message with a verification code.
- Enters their personal information, including their name and birthdate. This information must match the information that appears on their identity documents.
- If you include this information when creating their signup link, they won't need to enter it again.
- Selects a 6-digit passcode. They need to remember their passcode; Swan can request it anytime the user needs to consent to a sensitive operation.
- Completes identification, where Swan verifies their identity. This step can be performed later, though it's recommended to complete it as soon as possible. If you're using the API, you're responsible for triggering this step.
- Sets up biometrics, if desired and available on their mobile device. Biometrics typically include face or fingerprint authentication.
After signing up, your user can start using Swan.
- If you're using Swan's provided Web Banking interface, Swan redirects your user to the interface automatically.
- If you're using a custom API integration or a customization of Swan's open source frontend, your user is redirected to the
redirectUrlyou supplied when creating their signup link. Make sure to declare yourredirectUrlon your Dashboard > Developers > Redirect URIs; otherwise, the redirection fails.
End-user perspective of signing up for Swan
Logging in​
After signing up, logging into Swan is quick.
Your user re-enters their mobile number (every time, for security reasons), then either completes biometric authentication or enters the 6-digit passcode they chose when signing up.
Whether biometrics function correctly depends on your user's device. If your user configured biometrics and is logging in (or consenting to a sensitive operation) from that same device, biometrics should work as expected. However, if they access Swan from a new mobile device, they must enter their passcode. Then, if desired, they can configure biometrics on the new device.
Additionally, biometrics might be deactivated if Swan's API detects that the mobile device's operating system isn't up to date. In this case, the user enters their passcode to authenticate. Before trying to reconfigure biometrics, they need to update the software on their mobile device.