🔗iFrame Initialization

Required Parameters

apiKey: Your publishable API key for customer and transaction assignment (also known as the public key).
signature: Your HMAC-SHA256 signature of the full query string, base64-encoded. The signature must be the final parameter in the query string. See Server-Side URL Signature for implementation details.
currencyCode: The cryptocurrency code for purchase (e.g., BTC, ETH, BCH). See the documentation for all options. When multiple wallet addresses are provided, this serves as the default cryptocurrency.
walletAddress: The destination wallet address for the purchased cryptocurrency.
- Single address: walletAddress=ltc1q2k0xaafhgt3s8qw03wmajjmlc8gcepdy0un0ah
- Multiple currencies: To accept multiple cryptocurrencies, use the format SYMBOL:address with comma separation, e.g. walletAddress=BTC:yourBitcoinAddress,LTC:yourLitecoinAddress,DOGE:yourDogecoinAddress

Optional Parameters

method: Specifies a payment method on load. Value is the payment_group mentioned here (e.g., method=creditcard).
baseCurrencyCode: The fiat currency code for transactions (e.g., USD, EUR, GBP). Supported currencies.
lockBaseCurrency: True|False Locks currency selection to the specified baseCurrencyCode. Prevents users from selecting other currencies and removes payment methods that don't support the specified currency.
baseCurrencyAmount: The fiat amount to spend. Maximum 2 decimal places and cannot be zero. Requires baseCurrencyCode to be set.
quoteCurrencyAmount: The cryptocurrency amount to purchase. Maximum 6 decimal places with a minimum equivalent of 7 EUR or 8 USD.
email: Pre-fills the customer's email address on the login page.
externalCustomerId: Your unique identifier for the customer.
redirectUrl: URL for redirection after purchase completion. Must be URL-encoded.
- Without variables: redirectUrl=https%3A%2F%2Fwebhook.site%2FSwapped
- With dynamic variables: redirectUrl=https%3A%2F%2Fwebhook.site%2FSwapped%3ForderId%3D%7BorderId%7D%26orderStatus%3D%7BorderStatus%7D
responseUrl: Webhook URL for order notifications. Must be URL-encoded.
- Additionally, you can define a global callback URL via the Swapped.com dashboard
customerKYC: The customer's Know Your Customer (KYC) verification level:
- 0: No KYC completed
- 1: Proof of ID + Liveness Check
- 2: Proof of ID + Liveness Check + Proof of Address
destinationTag: Adds a numeric destination tag or text memo for recipient identification or transaction context.
coverFees: True|False Sets processing and handling fees to zero for the customer. Fees are instead included in the spread.
minAmount: Minimum order amount in EUR. Cannot be lower than 7 EUR.
lockAmount: True|False Locks the fiat and crypto amount fields, preventing user modification.
baseCountry: ISO country code for the user's location. Determines available payment methods.
markup: Order markup percentage between 0 and 5. A default global markup can be configured here.
submerchant: Submerchant identifier for multi-tenant setups

Server-Side URL Signature

Generate a signature to prevent URL tampering. The signature is created using the query string (including the ?) and your secret key.

// Import the crypto module.
import crypto from 'crypto';

// Define the public API key.
const publicKey = 'your_public_key';

// Define the secret API key.
const secretKey = 'your_secret_key';

// Define the currency code.
const currencyCode = 'currency_code';

// Define the wallet address.
const walletAddress = 'your_wallet_address';

// Build URL with query parameters.
const originalUrl = `https://widget.swapped.com?apiKey=${publicKey}&currencyCode=${currencyCode}&walletAddress=${walletAddress}`;

// Create a SHA-256 HMAC signature from the URL's search string, then encode in Base64.
const signature = crypto.createHmac('sha256', secretKey).update(new URL(originalUrl).search).digest('base64');

// Append the URL-encoded signature to the original URL.
const urlWithSignature = `${originalUrl}&signature=${encodeURIComponent(signature)}`;

// Output the final URL with the signature appended.
console.log(urlWithSignature);

<?php

// Define the public API key.
$publicKey = 'your_public_key';

// Define the secret API key.
$secretKey = 'your_secret_key';

// Define the currency code.
$currencyCode = 'currency_code';

// Define the wallet address.
$walletAddress = 'your_wallet_address';

// Build URL with query parameters.
$originalUrl = "https://widget.swapped.com?apiKey={$publicKey}&currencyCode={$currencyCode}&walletAddress={$walletAddress}";

// Parse the URL into its components.
$parsedUrl = parse_url($originalUrl);

// Create a SHA-256 HMAC signature from the query string, then encode in Base64.
$signature = base64_encode(hash_hmac('sha256', '?'.$parsedUrl['query'], $secretKey, true));

// Append the URL-encoded signature to the URL.
$urlWithSignature = "{$originalUrl}&signature=" . urlencode($signature);

// Output the final URL with the signature appended.
echo $urlWithSignature;

Example iFrame URL

Note: this is a test key, your key will be different.

https://widget.swapped.com/?apiKey=pk_live_3e4c36240c0f46880e543b04e721dbee&walletaddress=ltc1q2k0xaafhgt3s8qw03wmajjmlc8gcepdy0un0ah&signature=okYOG6%2FzzQBmkEchBU4XUTYrMWGAPROVC46skuf2hl8%3D

Example iFrame

The iFrame has been optimized for height: 400; width: 482;.

<iframe allow="accelerometer; autoplay; camera; encrypted-media; gyroscope; payment; clipboard-read; clipboard-write" src="https://widget.swapped.com?apiKey={pk_live_key}&currencyCode=btc&signature=lorem" title="Buy crypto with Swapped" style="height: 400px; width: 482px; border-radius: 
0.75rem; margin: auto;"></iframe>

PreviousOn-ramp Integration NextOrder Notifications

Last updated 20 hours ago

hashtagRequired Parameters

hashtagOptional Parameters

hashtagServer-Side URL Signature

hashtagExample iFrame URL

hashtagExample iFrame

Required Parameters

Optional Parameters

Server-Side URL Signature

Example iFrame URL

Example iFrame