--- swagger: "2.0" info: description: This service is meant to validate de Session in SSO for Mexico supported backend version: 1.0.0 title: XLG-FDN-P-SessionValidate x-ibm-name: SessionValidateService_platform basePath: /api tags: - name: session-validate-sso description: "" schemes: - https paths: /v1/x-global/sso/session/validate: post: tags: - session-validate-sso summary: Validate the session in a specific backend. description: This API is meant to validate the session for a specific system and promote the scope to Customer operationId: session-validate-sso consumes: - application/json produces: - application/json parameters: - name: uuid in: header description: A 128 bit universally unique identifier (UUID) that you generate for every request and is used for tracking. It is recommended to use the output from Java UUID class or an equivalent.If not provided by, PSG will automatically inject one. required: true type: string default: a7d1e304-83a9-4413-af97-62615e57eae66807840 - name: Accept in: header description: Content-Types that are acceptable for the response. Currently we support application/json by default. required: false type: string default: application/json - name: Content-Type in: header description: application/json.If not provided, PSG will automatically inject default (application/json) required: true type: string default: application/json - name: Accept-Language in: header description: HTTP Accept-Language header.If not provided, PSG will automatically inject default (application/json) required: false type: string default: en-US - name: countryCode in: header description: 2 character ISO country code.If not provided, PSG will automatically inject default (MX) required: true type: string default: MX - name: businessCode in: header description: 3 character business code.If not provided, PSG will automatically inject default (GCB) required: true type: string default: GCB - name: channelId in: header description: channel Id used by the user. required: true type: string - name: client_id in: header description: The client ID you received during application registration in the developer portal required: true type: string - name: Authorization in: header description: Bearer token aquired from APIM token endpoint required: true type: string - in: body name: SessionValidateRequest description: Request object with the data to validate the session required: true schema: $ref: '#/definitions/SessionValidateRequest' responses: 200: description: Session Validated successfully headers: eventID: type: string description: This is a unique event id generated and encrypted with session key, which can be used to send in the next encrypted payload to validate. eventIDExpTime: type: string description: Event ID expiration time encrypted with session key 400: description: (BAD REQUEST) - Request was not processed
TypeCodeDetails
invalidinvalidRequestMissing or invalid Parameters
invalidinvalidHMAC629-HMAC comparison failed
invalidinvalidServerRandom630-EventID/Server random comparison failed
errorcannotDecryptData620-Cannot decrypt, please re-check the encrypted value.
schema: $ref: '#/definitions/ErrorResponse' 403: description: (FORBIDDEN) - Unauthorized to perform the requested operation on resource
TypeCodeDetailsMore Info
invalidaccessNotConfiguredThe request operation is not configured to access this resourceChannel/Country/Business provided in the request is not supported currently
schema: $ref: '#/definitions/ErrorResponse' 500: description: (INTERNAL SERVER ERROR) - API Server Error
TypeCodeDetails
fatalserverUnavailableThe request failed due to an internal error/server unavailability
errorhostSystemNotSupportedHost backend system not supported.
schema: $ref: '#/definitions/ErrorResponse' definitions: SessionValidateRequest: type: object required: - customerId - sessionContext properties: customerId: type: string description: this is the customer Id of client sessionContext: type: string description: this is the session context with a length 49 positions ErrorResponse: required: - code - type properties: type: type: string description:
invalid - Request did not confirm to the specification and was unprocessed & rejected. Please fix the value and try again

warn - Request was partially processed. E.g. some of the fields are missing in response to the system issues, request was accepted successfully but will be processed asynchronously

error - The request was accepted but could not be processed successfully

fatal - There was an internal system error while processing the request. These are technical errors and will be resolved by Citi, and the consumer should retry after some time. Business errors will not be categorized as fatal
enum: - error - warn - invalid - fatal code: type: string description: Error code which qualifies the error details: type: string description: Human readable explanation specific to the occurrence of the problem x-ibm-configuration: enforced: true testable: true phase: realized security: - OAuth2 Application Flow: - /api/v1 ClientID: [] securityDefinitions: OAuth2 Application Flow: type: oauth2 description: "" flow: application scopes: /api/v1: "" tokenUrl: https://api.banamex.com/mx-gcgapi/api/v1/oauth/token ClientID: type: apiKey description: "" in: header name: X-IBM-Client-Id x-ibm-endpoints: - endpointUrl: https://api.banamex.com/mx-gcgapi type: - production - development ...