---
swagger: "2.0"
info:
version: 1.0.0
title: BNE Legacy Security Services
x-ibm-name: api-443ba
description: ""
basePath: /api
schemes:
- https
produces:
- application/json
paths:
/v1/channels/bne/legacy/authenticate/login:
post:
description: This API is to authenticate customer
consumes:
- application/json
produces:
- application/json
tags:
- authentication
parameters:
- name: 'uuid '
in: header
description: Random 128 bit UUID generated uniquely for every request from
the Customer, which will represent transaction unique identifier and it
is recommended to send.
required: false
type: string
- name: sid
in: header
description: Session is generated and returned on the first API call as response
header, which needs to be resent on succesive calls of same session
type: string
- name: Accept-Language
in: header
default: es
description: Language to be send to the backend systems mus bw ‘es’ for spanish
and ‘en’ for english
required: false
type: string
- name: countryCode
default: MX
in: header
description: 2 character ISO country code
required: false
type: string
- name: businessCode
default: GCB
in: header
description: 3 character business code
required: false
type: string
- name: channelId
in: header
description: channel ID used by the user, it is required for the first call
in a new session.
required: false
type: string
- name: client_id
in: header
description: The client ID you received during application registration in
the developer portal
required: true
type: string
- name: Authorization
in: header
description: Bearer token aquired from APIM token endpoint
required: true
type: string
- name: Content-Type
in: header
default: application/json
description: Content-Types that are sent in the request
required: false
type: string
- in: body
name: AuthenticationRequest
description: This request is to authenticate customer
required: true
schema:
$ref: '#/definitions/requestAuthenticate'
responses:
200:
description: Authentication Successful
schema:
$ref: '#/definitions/responseAuthenticate'
400:
description: | Type | Code | Details |
| error | invalidRequest | Missing
or invalid Parameters |
| error | userAccountNotActive |
180-account not active |
| error | userAccountLocked |
15-account locked |
error | passwordExpired |
9-password has expired | | error | credentialValidationFailed | 20-master
validation failure |
| error | cannotDecryptData | 620-Cannot
decrypt, please re-check the encrypted value |
schema:
$ref: '#/definitions/ErrorResponse'
401:
description: | Type | Code | Details |
| error | unAuthorized | Authorization
credentials are missing or invalid |
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: | Type | Code | Details |
| error | accessNotConfigured | The
request operation is not configured to access this resource |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: | Type | Code | Details |
| fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
fatal | backendError | Failed
during a call to backend service |
schema:
$ref: '#/definitions/ErrorResponse'
delete:
description: This API will logout the customer from NGA and S15 session. Session
id will become invalid after this is succesful
consumes:
- application/json
produces:
- application/json
tags:
- authentication
parameters:
- name: 'uuid '
in: header
description: Random 128 bit UUID generated uniquely for every request from
the Customer, which will represent transaction unique identifier and it
is recommended to send.
required: false
type: string
- name: sid
in: header
description: Session is generated and returned on the first API call as response
header, which needs to be resent on succesive calls of same session
type: string
- name: countryCode
default: MX
in: header
description: 2 character ISO country code
required: false
type: string
- name: businessCode
default: GCB
in: header
description: 3 character business code
required: false
type: string
- name: channelId
in: header
description: channel ID used by the user, it is required for the first call
in a new session.
required: false
type: string
- name: client_id
in: header
description: The client ID you received during application registration in
the developer portal
required: true
type: string
- name: Authorization
in: header
description: Bearer token aquired from APIM token endpoint
required: true
type: string
responses:
200:
description: Success Response, Logout Success
403:
description: | Type | Code | Details |
| error | accessNotConfigured | The
request operation is not configured to access this resource |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: | Type | Code | Details |
| fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
fatal | backendError | Failed
during a call to backend service |
schema:
$ref: '#/definitions/ErrorResponse'
/v1/channels/bne/legacy/authenticate/password:
post:
description: This API is used to change the password of customer
consumes:
- application/json
produces:
- application/json
tags:
- authentication
parameters:
- name: 'uuid '
in: header
description: Random 128 bit UUID generated uniquely for every request from
the Customer, which will represent transaction unique identifier and it
is recommended to send.
required: false
type: string
- name: sid
in: header
description: Session is generated and returned on the first API call as response
header, which needs to be resent on succesive calls of same session
type: string
- name: countryCode
default: MX
in: header
description: 2 character ISO country code
required: false
type: string
- name: businessCode
default: GCB
in: header
description: 3 character business code
required: false
type: string
- name: channelId
in: header
description: channel ID used by the user, it is required for the first call
in a new session.
required: false
type: string
- name: client_id
in: header
description: The client ID you received during application registration in
the developer portal
required: true
type: string
- name: Authorization
in: header
description: Bearer token aquired from APIM token endpoint
required: true
type: string
- name: Content-Type
in: header
default: application/json
description: Content-Types that are sent in the request
required: false
type: string
- in: body
name: ChangePasswordRequest
description: This request is to change customer password
required: true
schema:
$ref: '#/definitions/ChangePasswordRequest'
responses:
200:
description: Success Response, Password is changed.
400:
description: | Type | Code | Details |
| error | invalidRequest | Missing
or invalid Parameters |
| error | cannotDecryptData | 620-Cannot
decrypt, please re-check the encrypted value. |
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: | Type | Code | Details |
| error | accessNotConfigured | The
request operation is not configured to access this resource |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: | Type | Code | Details |
| fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
fatal | backendError | Failed
during a call to backend service |
schema:
$ref: '#/definitions/ErrorResponse'
/v1/channels/bne/legacy/authenticate/challenge/get:
post:
description: This API is used to get a challenge code for authenticating a customer
consumes:
- application/json
produces:
- application/json
tags:
- challenge
parameters:
- name: 'uuid '
in: header
description: Random 128 bit UUID generated uniquely for every request from
the Customer, which will represent transaction unique identifier and it
is recommended to send.
required: false
type: string
- name: sid
in: header
description: Session is generated and returned on the first API call as response
header, which needs to be resent on succesive calls of same session
type: string
- name: countryCode
default: MX
in: header
description: 2 character ISO country code
required: false
type: string
- name: businessCode
default: GCB
in: header
description: 3 character business code
required: false
type: string
- name: channelId
in: header
description: channel ID used by the user, it is required for the first call
in a new session.
required: false
type: string
- name: client_id
in: header
description: The client ID you received during application registration in
the developer portal
required: true
type: string
- name: Authorization
in: header
description: Bearer token aquired from APIM token endpoint
required: true
type: string
- in: body
name: GetChallengeRequest
description: This request is to get customer challenge
required: true
schema:
$ref: '#/definitions/GetChallengeRequest'
responses:
200:
description: Success Response
schema:
$ref: '#/definitions/GetChallengeResponse'
400:
description: | Type | Code | Details |
| error | invalidRequest | Missing
or invalid Parameters |
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: | Type | Code | Details |
| error | accessNotConfigured | The
request operation is not configured to access this resource |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: | Type | Code | Details |
| fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
fatal | backendError | Failed
during a call to backend service |
schema:
$ref: '#/definitions/ErrorResponse'
/v1/channels/bne/legacy/authenticate/challenge/validate:
post:
description: This API is to authenticate customer with challenge code
consumes:
- application/json
produces:
- application/json
tags:
- challenge
parameters:
- name: 'uuid '
in: header
description: Random 128 bit UUID generated uniquely for every request from
the Customer, which will represent transaction unique identifier and it
is recommended to send.
required: false
type: string
- name: sid
in: header
description: Session is generated and returned on the first API call as response
header, which needs to be resent on succesive calls of same session
type: string
- name: countryCode
default: MX
in: header
description: 2 character ISO country code
required: false
type: string
- name: businessCode
default: GCB
in: header
description: 3 character business code
required: false
type: string
- name: channelId
in: header
description: channel ID used by the user, it is required for the first call
in a new session.
required: false
type: string
- name: client_id
in: header
description: The client ID you received during application registration in
the developer portal
required: true
type: string
- name: Authorization
in: header
description: Bearer token aquired from APIM token endpoint
required: true
type: string
- name: Content-Type
in: header
default: application/json
description: Content-Types that are sent in the request
required: false
type: string
- in: body
name: ValidateChallengeRequest
description: This request is to validate customer challenge
required: true
schema:
$ref: '#/definitions/ValidateChallengeRequest'
responses:
200:
description: Success Response
400:
description: | Type | Code | Details |
| error | invalidRequest | Missing
or invalid Parameters |
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: | Type | Code | Details |
| error | accessNotConfigured | The
request operation is not configured to access this resource |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: | Type | Code | Details |
| fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
fatal | backendError | Failed
during a call to backend service |
schema:
$ref: '#/definitions/ErrorResponse'
definitions:
ValidateChallengeRequest:
type: object
required:
- securityTokenId
- challengeType
- transaction
properties:
securityTokenId:
type: string
description: Validation code generated by hardware token
challengeType:
type: string
description: Flag to request authentication for Login or Risk Transaction
enum:
- LOGIN
- RISK
default: LOGIN
transaction:
type: string
description: The transaction to apply the challenge
GetChallengeRequest:
properties:
customerId:
type: string
description: provide customer id of the customer
legalRepresentativeId:
description: unique legal representative id
type: string
required:
- customerId
- legalRepresentativeId
GetChallengeResponse:
properties:
challengeCode:
description: Challenge code generated at server
type: string
expiryDate:
description: Challenge code expiry time
type: string
ChangePasswordRequest:
properties:
newPassword:
description: New Password to set
type: string
oldPassword:
description: Old Password
type: string
required:
- newPassword
- oldPassword
requestAuthenticate:
type: object
required:
- customerCredentials
- sessionRequired
properties:
sessionRequired:
type: boolean
default: true
description: To create a session in Backend Systems, this is always true
customerCredentials:
$ref: '#/definitions/Credentials'
Credentials:
type: object
required:
- customerId
- legalRepresentativeId
- password
properties:
customerId:
type: string
description: cusmtomer client number
maxLength: 12
legalRepresentativeId:
type: string
description: representative number
maxLength: 2
minLength: 2
password:
type: string
description: |
"customer password must be Alphanumeric. The first 2 must be numeric and the last 6 must be alphanumeric"
maxLength: 8
minLength: 8
encryptionType:
type: string
description: |
"To be used on EBCS encryption, not used"
IPAddress:
type: string
description: Client IP this is not used
deviceInformation:
type: string
description: RSA javascript result to send to the RSA services. Currently
not used
responseAuthenticate:
type: object
required:
- passwordExpiryDate
- contingency
- lastLoginDate
- lastLoginTime
- lastChannelId
- stationName
- virtualAccountExistsFlag
- dataCenterLocation
- customerService
- products
- fullName
properties:
passwordExpiryDate:
type: string
description: Customer expiration date in format YYYY-MM-DD
pattern: date
contingency:
type: string
enum:
- OK
- DUMMY
default: OK
description: flag to determine whether the SPA service is down and you have
to send a dummy Challenge
lastLoginDate:
type: string
description: Customer Last Date access logged in whenever channel in format
YYYY-MM-DD
format: Date
lastLoginTime:
type: string
description: Customer Last time access logged in whenever channel in format
HH:mm
lastChannelId:
type: string
description: Customer last channel id logged
stationName:
type: string
description: Station Name to use in challenge
dataCenterLocation:
description: CSI register customer
type: string
fullName:
description: Customer full name
type: string
virtualAccountExistsFlag:
description: Field to know if the Customer have Virtual Accounts
type: boolean
lastUpdatedDate:
description: Last Updated Date
type: string
format: Date
products:
type: array
items:
$ref: '#/definitions/Product'
legalRepresentativeData:
$ref: '#/definitions/Representative'
customerService:
type: array
items:
$ref: '#/definitions/Service'
description: If enrolment notification is present or not
Representative:
properties:
legalRepresentativeName:
description: Executive Name
type: string
legalRepresentativeId:
description: Number of representative
type: string
Product:
properties:
productTypeCode:
description: product Type Code
type: integer
productSubtypeCode:
description: product Sub type Code
type: integer
totalrelatedAccountsCount:
description: total related Accounts Count
type: integer
Service:
required:
- customerServiceNumber
- customerServiceType
properties:
customerServiceNumber:
type: string
description: Id of bank service used by customer
customerServiceType:
type: string
description: type of bank service used by customer
ErrorResponse:
properties:
type:
description: Invalid - Request did not confirm to the specification and was
unprocessed and rejected. Please fix the value and try again
enum:
- error
- warn
- invalid
- fatal
type: string
code:
description: Error code which qualifies the error
type: string
details:
description: Human readable explanation specific to the occurrence of the
problem
type: string
location:
description: The name of the field that resulted in the error
type: string
moreInfo:
description: URI to human readable documentation of the error
type: string
required:
- type
- code
- details
x-ibm-configuration:
enforced: true
testable: true
phase: realized
securityDefinitions:
OAuth2 Application Flow:
type: oauth2
description: ""
flow: application
tokenUrl: https://api.banamex.com/mx-gcgapi/api/v1/oauth/token
scopes:
/api/v1: ""
Client ID:
type: apiKey
description: ""
in: header
name: X-IBM-Client-Id
security:
- OAuth2 Application Flow:
- /api/v1
Client ID: []
x-ibm-endpoints:
- endpointUrl: https://api.banamex.com/mx-gcgapi
type:
- production
- development
...