# iFrame Initialization

#### Required Parameters

* <mark style="color:$danger;">**`apiKey`**</mark>: Your publishable API key for customer and transaction assignment (also known as the public key).
* <mark style="color:$danger;">**`signature`**</mark>: Your HMAC-SHA256 signature of the full query string, base64-encoded. The signature must be the final parameter in the query string. See Server-Side URL Signature for implementation details.
* <mark style="color:$danger;">**`currencyCode`**</mark>: The cryptocurrency code for purchase (e.g., `BTC`, `ETH`, `BCH`). [See the documentation for all options](https://docs.swapped.com/swapped-ramp/readme/supported-cryptocurrencies). When multiple wallet addresses are provided, this serves as the default cryptocurrency.
* <mark style="color:$danger;">**`walletAddress`**</mark>: The destination wallet address for the purchased cryptocurrency.
  * Single address: <mark style="color:$danger;">`walletAddress=`</mark><mark style="color:$primary;">`ltc1q2k0xaafhgt3s8qw03wmajjmlc8gcepdy0un0ah`</mark>
  * Multiple currencies: To accept multiple cryptocurrencies, use the format `SYMBOL:address` with comma separation, e.g. <mark style="color:$danger;">`walletAddress=`</mark><mark style="color:$primary;">`BTC:yourBitcoinAddress,LTC:yourLitecoinAddress,DOGE:yourDogecoinAddress`</mark>

#### Optional Parameters

* <mark style="color:$danger;">**`method`**</mark>: Specifies a payment method on load. Value is the `payment_group` mentioned [here](https://docs.swapped.com/swapped-ramp/endpoints/onramp-endpoints/get-payment-methods) (e.g., <mark style="color:$danger;">`method=`</mark><mark style="color:$primary;">`creditcard`</mark>).
* <mark style="color:$danger;">**`baseCurrencyCode`**</mark>: The fiat currency code for transactions (e.g., `USD`, `EUR`, `GBP`). [Supported currencies](https://docs.swapped.com/swapped-ramp/readme/supported-fiat-currencies).
* <mark style="color:$danger;">**`lockBaseCurrency`**</mark>: `True|False` Locks currency selection to the specified `baseCurrencyCode`. Prevents users from selecting other currencies and removes payment methods that don't support the specified currency.
* <mark style="color:$danger;">**`baseCurrencyAmount`**</mark>: The fiat amount to spend. Maximum 2 decimal places and cannot be zero. Requires `baseCurrencyCode` to be set.
* <mark style="color:$danger;">**`quoteCurrencyAmount`**</mark>: The cryptocurrency amount to purchase. Maximum 6 decimal places with a minimum equivalent of 7 EUR or 8 USD.
* <mark style="color:$danger;">**`email`**</mark>: Pre-fills the customer's email address on the login page.
* <mark style="color:$danger;">**`externalCustomerId`**</mark>: Your unique identifier for the customer.
* <mark style="color:$danger;">**`redirectUrl`**</mark>: URL for redirection after purchase completion. Must be URL-encoded.
  * Without variables: \ <mark style="color:$danger;">`redirectUrl=`</mark>`https%3A%2F%2Fwebhook.site%2FSwapped`
  * With dynamic variables: <mark style="color:$danger;">`redirectUrl=`</mark>`https%3A%2F%2Fwebhook.site%2FSwapped%3ForderId%3D%7BorderId%7D%26orderStatus%3D%7BorderStatus%7D`
* <mark style="color:$danger;">**`responseUrl`**</mark>: Webhook URL for order notifications. Must be URL-encoded.
  * Additionally, you can define a global callback URL via the [Swapped.com dashboard](https://dashboard.swapped.com/developers)
* <mark style="color:$danger;">**`customerKYC`**</mark>: The customer's Know Your Customer (KYC) verification level:
  * `0`: No KYC completed
  * `1`: Proof of ID + Liveness Check&#x20;
  * `2`: Proof of ID + Liveness Check + Proof of Address&#x20;
* <mark style="color:$danger;">**`destinationTag`**</mark>: Adds a numeric destination tag or text memo for recipient identification or transaction context.
* <mark style="color:$danger;">**`minAmount`**</mark>: Minimum order amount in EUR. Cannot be lower than 7 EUR.
* <mark style="color:$danger;">**`lockAmount`**</mark>: `True|False` Locks the fiat and crypto amount fields, preventing user modification.
* <mark style="color:$danger;">**`baseCountry`**</mark>: ISO country code for the user's location. Determines available payment methods.
* <mark style="color:$danger;">**`markup`**</mark>: Order markup percentage between 0 and 5. A default global markup can be configured [here](https://dashboard.swapped.com/ramp/settings/affiliate-fee).
* <mark style="color:$danger;">**`submerchant`**</mark>: Submerchant identifier for multi-tenant setups

#### Server-Side URL Signature

Generate a signature to prevent URL tampering. The signature is created using the query string (including the `?`) and your secret key.

```javascript
// Import the crypto module.
import crypto from 'crypto';

// Define the public API key.
const publicKey = 'your_public_key';

// Define the secret API key.
const secretKey = 'your_secret_key';

// Define the currency code.
const currencyCode = 'currency_code';

// Define the wallet address.
const walletAddress = 'your_wallet_address';

// Build URL with query parameters.
const originalUrl = `https://widget.swapped.com?apiKey=${publicKey}&currencyCode=${currencyCode}&walletAddress=${walletAddress}`;

// Create a SHA-256 HMAC signature from the URL's search string, then encode in Base64.
const signature = crypto.createHmac('sha256', secretKey).update(new URL(originalUrl).search).digest('base64');

// Append the URL-encoded signature to the original URL.
const urlWithSignature = `${originalUrl}&signature=${encodeURIComponent(signature)}`;

// Output the final URL with the signature appended.
console.log(urlWithSignature);
```

```php
<?php

// Define the public API key.
$publicKey = 'your_public_key';

// Define the secret API key.
$secretKey = 'your_secret_key';

// Define the currency code.
$currencyCode = 'currency_code';

// Define the wallet address.
$walletAddress = 'your_wallet_address';

// Build URL with query parameters.
$originalUrl = "https://widget.swapped.com?apiKey={$publicKey}&currencyCode={$currencyCode}&walletAddress={$walletAddress}";

// Parse the URL into its components.
$parsedUrl = parse_url($originalUrl);

// Create a SHA-256 HMAC signature from the query string, then encode in Base64.
$signature = base64_encode(hash_hmac('sha256', '?'.$parsedUrl['query'], $secretKey, true));

// Append the URL-encoded signature to the URL.
$urlWithSignature = "{$originalUrl}&signature=" . urlencode($signature);

// Output the final URL with the signature appended.
echo $urlWithSignature;

```

#### Example iFrame URL <a href="#example-iframe-url" id="example-iframe-url"></a>

Note: this is a test key, your key **will** be different.

<https://widget.swapped.com/?apiKey=pk_live_3e4c36240c0f46880e543b04e721dbee&walletaddress=ltc1q2k0xaafhgt3s8qw03wmajjmlc8gcepdy0un0ah&signature=okYOG6%2FzzQBmkEchBU4XUTYrMWGAPROVC46skuf2hl8%3D>

#### Example iFrame <a href="#example-iframe" id="example-iframe"></a>

The iFrame has been optimized for height: 482px; width: 400px;.

{% code overflow="wrap" %}

```html
<iframe allow="accelerometer; autoplay; camera; encrypted-media; gyroscope; payment; clipboard-read; clipboard-write" src="https://widget.swapped.com?apiKey={pk_live_key}&currencyCode=btc&signature=lorem" title="Buy crypto with Swapped" style="height: 482px; width: 400px; border-radius: 28px; margin: auto;"></iframe>
```

{% endcode %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.swapped.com/swapped-ramp/readme/iframe-initialization.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.