Authentication

The Swish API uses access tokens to authenticate requests.

Please contact our support team to request an admin token.

API requests are authenticated using the Bearer Auth scheme. To authenticate a request, provide the token in the Authorization header of the request:

curl -H "Authorization: Bearer <your_access_token>" https://swish.app/api/2025-04/items

Please be sure to keep your API access tokens secure! Do not share them in emails, chat messages, client-side code or publicly accessible sites.

If you have accidentally shared an API access token publicly, you must contact our support team immediately.

Swish API access scopes

API access tokens can be scoped to a Shopify customer, a temporary session, or all store data when using an admin token.

Admin token

All third-party integrations require an admin token. This token can be use to access and manage all resources with the Swish API. They must be used in a secure environment and should never be shared.

An admin token can be used to create profile tokens with limited access. These tokens can be shared with a client and may be stored there as well.

Profile tokens expire after one day and need to be replaced with a new token when that happens.

Load user data with admin token

Using an admin token allows you to impersonate a customer or session with the Profile header. This technique lets you access user data without generating a personal token for them. Ensure this method is only applied in secure environments, such as on a server.

curl -L \
  --url 'https://swish.app/api/2025-04/items' \
  --header 'Authorization: Bearer JWT' \
  --header 'Profile: gid://shopify/Customer/1234567890'

Customer token

A customer token is specific to an individual Shopify customer account. It can be shared with a client authenticated as a signed-in customer. These tokens may be stored in the client's local storage for the duration of their session. Ensure secure storage with restricted access is used for token management.

curl -L \
  --request POST \
  --url 'https://swish.app/api/2025-04/profiles/token' \
  --header 'Authorization: Bearer <your admin token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "customer": "gid://shopify/Customer/1234567890"
  }'

Session token

Session tokens function similarly to customer tokens, but they are intended for visitors who haven't signed in yet. These tokens provide access to Swish features without requiring a user to sign in. When you create a new token without specifying a profile, the API will automatically generate a new session for you.

curl -L \
  --request POST \
  --url 'https://swish.app/api/2025-04/profiles/token' \
  --header 'Authorization: Bearer <your admin token>' \
  --header 'Content-Type: application/json'

When a customer logs in, replace their session token with a customer token. To link the previous session to the new customer session, provide the the customer and session IDs when creating the customer token.

curl -L \
  --request POST \
  --url 'https://swish.app/api/2025-04/profiles/token' \
  --header 'Authorization: Bearer <your admin token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "customer": "gid://shopify/Customer/1234567890",
    "session": "gid://swish/Session/ebe9347c-6d2c-4d94-8542-d3a7e6e5ccd7"
  }'

PreviousOverview NextRate limits

Last updated 5 months ago

hashtagSwish API access scopes

hashtagAdmin token

hashtagLoad user data with admin token

hashtagCustomer token

hashtagSession token

Swish API access scopes

Admin token

Load user data with admin token

Customer token

Session token