Quick Start
This topic uses an API Call Demo as an example to demonstrate how to quickly start using the Open APIs to get customer information from the SwiftFederation Portal, including the steps of preparing, signing, and firing the API Call.
Make an API Call
To make an API call (as in API Call Demo), follow the steps below to manually get the customer information:
Ⅰ. Obtain Access Key from the SwiftFederation Portal
Ⅱ. Identify the API URL by checking the API document
Ⅲ. Prepare the API Request by getting all the Request Parameters ready
Ⅳ. Sign the API Request with the proper signature algorithm
Ⅴ. Fire the API Call by sending the signed request
Ⅵ. Get the API Response and retrieve the data returned
Ⅶ. Handle the errors for failed requests
1. Obtain Access key
Before firing an API Call, follow the steps below to obtain the Access Key to sign the API Request properly:
- Access key ID (AccessKeyID): to identify the API caller, bound with the SwiftFederation account ID.
- Access key secret (AccessKeySecret): used in the encryption algorithm to generate the signature.
For a sole demo purpose, the SwiftFederation platform provides a demo customer (Customer ID: 35394) with a live access key to illustrate making the API Call. DO NOT use this access key and demo customer information in any other cases with any improper intentions.
* Access key ID (AccessKeyID): O80ybSq26xUE383u
* Access key secret (AccessKeySecret): q738531SV3s0yFC2I3p7QJ49og37yIat
2. Identify the API URL
Identify the API URL by checking the specific API documents under API Catalogue.
For API Call Demo, you could have the API URL:
https://open-api.swiftfederation.com/v1.1/customer/{customer_id}
3. Prepare the API Request
3.1 Prepare the Request Parameters
All the API Request Parameters and the Request-Line should be prepared before the signing. For API Call Demo, you could have the parameters below:
| Parameter Location | Request Parameters |
|---|---|
| Path Parameters | customer_id=35394 The API URL: https://open-api.swiftfederation.com/v1.1/customer/35394 |
| Query Parameters | None in this example. |
| Common Headers | Content-Type: application/json; charset=utf-8 Host: base-api.swiftfederation.com X-SFD-Date: yyyyMMdd'T'HHmmss'Z' X-SFD-Nonce: A random number in a length of 5-18 digits X-SFD-Signature-Version: 2 |
| Custom Headers | If the header name starts with "X-SFD-", i.e. "X-SFD-FZone", the custom header will be used to generate the signature. Otherwise, the custom header will not be used when generating the signature. |
| Cookie Parameters | None in this example. |
| Body Parameters | None in this example. |
3.2 Prepare the Request-Line
The Request-Line is: GET https://open-api.swiftfederation.com/v1.1/customer/35394 HTTP/1.1
3.3 API Request before being signed
Get the API request before being signed. Use your current time for X-SFD-Date, because API Gateway will check if the X-SFD-Date is within one hour before the current time.
GET /v1.1/customer/35394 HTTP/1.1
Host: open-api.swiftfederation.com
Content-Type: application/json; charset=utf-8
X-SFD-Date: 20250725T023747Z
X-SFD-Nonce: 89027
X-SFD-Signature-Version: 2
X-SFD-FZone:SG
4: Sign the API Request
Before singing the request, generate the signature with the request information.
For the API Call Demo, use the Signature Toolkit to sign the API Request.
GET /v1.1/customer/35394 HTTP/1.1
Host: open-api.swiftfederation.com
Content-Type: application/json; charset=utf-8
Authorization: HMAC-SHA256 O80ybSq26xUE383u:3ebba5b79c247db566d957638ecc9d085d4805a957f84ad8114af721635a41a7
X-SFD-FZone: SG
X-SFD-Date: 20250806T045529Z
X-SFD-Nonce: 15121
X-SFD-Signature-Version: 2
5. Fire the API Call
After signing the API Request, fire the API Call with Curl:
curl -X GET https://open-api.swiftfederation.com/v1.1/customer/35394 \
-H "Host: open-api.swiftfederation.com" \
-H "Content-Type: application/json; charset=utf-8" \
-H "Authorization: HMAC-SHA256 O80ybSq26xUE383u:3ebba5b79c247db566d957638ecc9d085d4805a957f84ad8114af721635a41a7" \
-H "X-SFD-Date: 20250806T045529Z" \
-H "X-SFD-Nonce: 15121" \
-H "X-SFD-Signature-Version: 2" \
-H "X-SFD-FZone: SG"
6. Get the API Response
After successfully receiving the API Call, verify the signature and execute the API Call, the API Gateway will return a response to carry the customer information as indicated by the ${customer_id} (35394) in the Path Parameters.
HTTP/1.1 200
Date: Wed, 06 Aug 2025 04:55:29 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-sfd-trace-id: 0496d18ec7e243a09e0ebd861bdbd81d
{"partnership":1,"name":"Customer_Demo","ingestDomain":null,"industry":"","id":35394,"type":2,"region":"SG","parentId":2,"onboardingType":1}
7. Handle the errors
If failing in verifying the signature or executing the API Call, the API Gateway will return the error with the details included in the Status Code, Error Code and Error Message.
For instance, the response will show an error if the ${customer_id} is not properly set in the Path Parameters of the API Request:
HTTP/1.1 401
Date: Wed, 06 Aug 2025 09:42:16 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-sfd-trace-id: 83833830e1f94b5586e9187e366c5c7c
{"code":"Signature.NotMatch","message":"The request signature that we calculate does not match the signature that you provided."}