---
swagger: "2.0"
info:
version: 1.0.0
title: BNE Security Services
x-ibm-name: bne-security-services
description: ""
basePath: /api
schemes:
- https
produces:
- application/json
paths:
/v1/channels/bne/authenticate/login:
post:
description: This API is to authenticate customer
consumes:
- application/json
produces:
- application/json
tags:
- authentication
parameters:
- name: 'uuid '
in: header
description: Random 128 bit UUID generated uniquely for every request from
the Customer, which will represent transaction unique identifier and it
is recommended to send.
required: false
type: string
- name: sid
in: header
description: Session is generated and returned on the first API call as response
header, which needs to be resent on succesive calls of same session
type: string
- name: countryCode
default: MX
in: header
description: 2 character ISO country code
required: false
type: string
- name: businessCode
default: GCB
in: header
description: 3 character business code
required: false
type: string
- name: channelId
in: header
description: channel ID used by the user, it is required for the first call
in a new session.
required: false
type: string
- name: client_id
in: header
description: The client ID you received during application registration in
the developer portal
required: true
type: string
- name: Authorization
in: header
description: Bearer token aquired from APIM token endpoint
required: true
type: string
- name: Content-Type
in: header
default: application/json
description: Content-Types that are sent in the request
required: false
type: string
- in: body
name: AuthenticationRequest
description: This request is to authenticate customer
required: true
schema:
$ref: '#/definitions/AuthenticationRequest'
responses:
200:
description: Authentication Successful
schema:
$ref: '#/definitions/AuthenticationResponse'
400:
description: | Type | Code | Details |
| error | invalidRequest | Missing
or invalid Parameters |
| error | userAccountNotActive |
180-account not active |
| error | userAccountLocked |
15-account locked |
error | passwordExpired |
9-password has expired | | error | credentialValidationFailed | 20-master
validation failure |
| error | cannotDecryptData | 620-Cannot
decrypt, please re-check the encrypted value |
schema:
$ref: '#/definitions/ErrorResponse'
401:
description: | Type | Code | Details |
| error | unAuthorized | Authorization
credentials are missing or invalid |
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: | Type | Code | Details |
| error | accessNotConfigured | The
request operation is not configured to access this resource |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: | Type | Code | Details |
| fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
fatal | backendError | Failed
during a call to backend service |
schema:
$ref: '#/definitions/ErrorResponse'
delete:
description: This API will logout the customer from NGA and S15 session. Session
id will become invalid after this is succesful
consumes:
- application/json
produces:
- application/json
tags:
- authentication
parameters:
- name: 'uuid '
in: header
description: Random 128 bit UUID generated uniquely for every request from
the Customer, which will represent transaction unique identifier and it
is recommended to send.
required: false
type: string
- name: sid
in: header
description: Session is generated and returned on the first API call as response
header, which needs to be resent on succesive calls of same session
type: string
- name: countryCode
default: MX
in: header
description: 2 character ISO country code
required: false
type: string
- name: businessCode
default: GCB
in: header
description: 3 character business code
required: false
type: string
- name: channelId
in: header
description: channel ID used by the user, it is required for the first call
in a new session.
required: false
type: string
- name: client_id
in: header
description: The client ID you received during application registration in
the developer portal
required: true
type: string
- name: Authorization
in: header
description: Bearer token aquired from APIM token endpoint
required: true
type: string
responses:
200:
description: Success Response, Logout Success
403:
description: | Type | Code | Details |
| error | accessNotConfigured | The
request operation is not configured to access this resource |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: | Type | Code | Details |
| fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
fatal | backendError | Failed
during a call to backend service |
schema:
$ref: '#/definitions/ErrorResponse'
/v1/channels/bne/authenticate/keepalive:
get:
description: This API is keeps the session alive of PSG and S15
consumes:
- application/json
produces:
- application/json
tags:
- keepalive
parameters:
- name: 'uuid '
in: header
description: Random 128 bit UUID generated uniquely for every request from
the Customer, which will represent transaction unique identifier and it
is recommended to send.
required: false
type: string
- name: sid
in: header
description: Session is generated and returned on the first API call as response
header, which needs to be resent on succesive calls of same session
type: string
- name: countryCode
default: MX
in: header
description: 2 character ISO country code
required: false
type: string
- name: businessCode
default: GCB
in: header
description: 3 character business code
required: false
type: string
- name: channelId
in: header
description: channel ID used by the user, it is required for the first call
in a new session.
required: false
type: string
- name: client_id
in: header
description: The client ID you received during application registration in
the developer portal
required: true
type: string
- name: Authorization
in: header
description: Bearer token aquired from APIM token endpoint
required: true
type: string
responses:
200:
description: Success Response
403:
description: | Type | Code | Details |
| error | accessNotConfigured | The
request operation is not configured to access this resource |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: | Type | Code | Details |
| fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
fatal | backendError | Failed
during a call to backend service |
schema:
$ref: '#/definitions/ErrorResponse'
/v1/channels/bne/authenticate/password:
post:
description: This API is used to change the password of customer
consumes:
- application/json
produces:
- application/json
tags:
- authentication
parameters:
- name: 'uuid '
in: header
description: Random 128 bit UUID generated uniquely for every request from
the Customer, which will represent transaction unique identifier and it
is recommended to send.
required: false
type: string
- name: sid
in: header
description: Session is generated and returned on the first API call as response
header, which needs to be resent on succesive calls of same session
type: string
- name: countryCode
default: MX
in: header
description: 2 character ISO country code
required: false
type: string
- name: businessCode
default: GCB
in: header
description: 3 character business code
required: false
type: string
- name: channelId
in: header
description: channel ID used by the user, it is required for the first call
in a new session.
required: false
type: string
- name: client_id
in: header
description: The client ID you received during application registration in
the developer portal
required: true
type: string
- name: Authorization
in: header
description: Bearer token aquired from APIM token endpoint
required: true
type: string
- name: Content-Type
in: header
default: application/json
description: Content-Types that are sent in the request
required: false
type: string
- in: body
name: ChangePasswordRequest
description: This request is to change customer password
required: true
schema:
$ref: '#/definitions/ChangePasswordRequest'
responses:
200:
description: Success Response, Password is changed.
400:
description: | Type | Code | Details |
| error | invalidRequest | Missing
or invalid Parameters |
| error | cannotDecryptData | 620-Cannot
decrypt, please re-check the encrypted value. |
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: | Type | Code | Details |
| error | accessNotConfigured | The
request operation is not configured to access this resource |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: | Type | Code | Details |
| fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
fatal | backendError | Failed
during a call to backend service |
schema:
$ref: '#/definitions/ErrorResponse'
/v1/channels/bne/authenticate/unlock:
post:
description: This API is used to unlock a locked customer
consumes:
- application/json
produces:
- application/json
tags:
- authentication
parameters:
- name: 'uuid '
in: header
description: Random 128 bit UUID generated uniquely for every request from
the Customer, which will represent transaction unique identifier and it
is recommended to send.
required: false
type: string
- name: sid
in: header
description: Session is generated and returned on the first API call as response
header, which needs to be resent on succesive calls of same session
type: string
- name: countryCode
default: MX
in: header
description: 2 character ISO country code
required: false
type: string
- name: businessCode
default: GCB
in: header
description: 3 character business code
required: false
type: string
- name: channelId
in: header
description: channel ID used by the user, it is required for the first call
in a new session.
required: false
type: string
- name: client_id
in: header
description: The client ID you received during application registration in
the developer portal
required: true
type: string
- name: Authorization
in: header
description: Bearer token aquired from APIM token endpoint
required: true
type: string
- name: Content-Type
in: header
default: application/json
description: Content-Types that are sent in the request
required: false
type: string
- in: body
name: UnlockCustomerRequest
description: This request is to unlock a locked customer
required: true
schema:
$ref: '#/definitions/UnlockCustomerRequest'
responses:
200:
description: Success Response
400:
description: | Type | Code | Details |
| error | invalidRequest | Missing
or invalid Parameters |
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: | Type | Code | Details |
| error | accessNotConfigured | The
request operation is not configured to access this resource |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: | Type | Code | Details |
| fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
fatal | backendError | Failed
during a call to backend service |
schema:
$ref: '#/definitions/ErrorResponse'
/v1/channels/bne/authenticate/challenge/get:
post:
description: This API is used to get a challenge code for authenticating a customer
consumes:
- application/json
produces:
- application/json
tags:
- challenge
parameters:
- name: 'uuid '
in: header
description: Random 128 bit UUID generated uniquely for every request from
the Customer, which will represent transaction unique identifier and it
is recommended to send.
required: false
type: string
- name: sid
in: header
description: Session is generated and returned on the first API call as response
header, which needs to be resent on succesive calls of same session
type: string
- name: countryCode
default: MX
in: header
description: 2 character ISO country code
required: false
type: string
- name: businessCode
default: GCB
in: header
description: 3 character business code
required: false
type: string
- name: channelId
in: header
description: channel ID used by the user, it is required for the first call
in a new session.
required: false
type: string
- name: client_id
in: header
description: The client ID you received during application registration in
the developer portal
required: true
type: string
- name: Authorization
in: header
description: Bearer token aquired from APIM token endpoint
required: true
type: string
- in: body
name: GetChallengeRequest
description: This request is to get customer challenge
required: true
schema:
$ref: '#/definitions/GetChallengeRequest'
responses:
200:
description: Success Response
schema:
$ref: '#/definitions/GetChallengeResponse'
400:
description: | Type | Code | Details |
| error | invalidRequest | Missing
or invalid Parameters |
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: | Type | Code | Details |
| error | accessNotConfigured | The
request operation is not configured to access this resource |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: | Type | Code | Details |
| fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
fatal | backendError | Failed
during a call to backend service |
schema:
$ref: '#/definitions/ErrorResponse'
/v1/channels/bne/authenticate/challenge/validate:
post:
description: This API is to authenticate customer with challenge code
consumes:
- application/json
produces:
- application/json
tags:
- challenge
parameters:
- name: 'uuid '
in: header
description: Random 128 bit UUID generated uniquely for every request from
the Customer, which will represent transaction unique identifier and it
is recommended to send.
required: false
type: string
- name: sid
in: header
description: Session is generated and returned on the first API call as response
header, which needs to be resent on succesive calls of same session
type: string
- name: countryCode
default: MX
in: header
description: 2 character ISO country code
required: false
type: string
- name: businessCode
default: GCB
in: header
description: 3 character business code
required: false
type: string
- name: channelId
in: header
description: channel ID used by the user, it is required for the first call
in a new session.
required: false
type: string
- name: client_id
in: header
description: The client ID you received during application registration in
the developer portal
required: true
type: string
- name: Authorization
in: header
description: Bearer token aquired from APIM token endpoint
required: true
type: string
- name: Content-Type
in: header
default: application/json
description: Content-Types that are sent in the request
required: false
type: string
- in: body
name: ValidateChallengeRequest
description: This request is to validate customer challenge
required: true
schema:
$ref: '#/definitions/ValidateChallengeRequest'
responses:
200:
description: Success Response
400:
description: | Type | Code | Details |
| error | invalidRequest | Missing
or invalid Parameters |
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: | Type | Code | Details |
| error | accessNotConfigured | The
request operation is not configured to access this resource |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: | Type | Code | Details |
| fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
fatal | backendError | Failed
during a call to backend service |
schema:
$ref: '#/definitions/ErrorResponse'
definitions:
ValidateChallengeRequest:
properties:
validationCode:
description: Validation code generated by hardware token
type: string
required:
- validationCode
GetChallengeRequest:
properties:
customerId:
type: string
description: provide customer id of the customer
legalRepresentativeId:
description: unique legal representative id
type: string
required:
- customerId
- legalRepresentativeId
GetChallengeResponse:
properties:
challengeCode:
description: Challenge code generated at server
type: string
expiry:
description: Challenge code expiry time
type: string
ChangePasswordRequest:
properties:
newPassword:
description: New Password to set
type: string
oldPassword:
description: Old Password
type: string
required:
- newPassword
- oldPassword
UnlockCustomerRequest:
properties:
customerId:
description: Unique Id for Customer
type: string
legalRepresentativeId:
description: Unique Id for representative
type: string
validationCode:
description: Validation code generated by hardware token
type: string
required:
- customerId
- legalRepresentativeId
- validationCode
AuthenticationRequest:
properties:
customerCredentials:
$ref: '#/definitions/CustomerCredentials'
sessionRequired:
description: true if session is required to be opened with s15
type: boolean
default: true
AuthenticationResponse:
properties:
challengeCode:
description: Challenge code generated at server
type: string
expiry:
description: Challenge code expiry time
type: string
CustomerCredentials:
properties:
customerId:
description: Unique Id for Customer
type: string
legalRepresentativeId:
description: Unique Id for representative
type: string
password:
description: Customer password
type: string
customerCategoryType:
description: Catagory of the customer required during Login
type: string
required:
- customerId
- password
ErrorResponse:
properties:
type:
description: Invalid - Request did not confirm to the specification and was
unprocessed and rejected. Please fix the value and try again
enum:
- error
- warn
- invalid
- fatal
type: string
code:
description: Error code which qualifies the error
type: string
details:
description: Human readable explanation specific to the occurrence of the
problem
type: string
location:
description: The name of the field that resulted in the error
type: string
moreInfo:
description: URI to human readable documentation of the error
type: string
required:
- type
- code
- details
x-ibm-configuration:
enforced: true
testable: true
phase: realized
security:
- OAuth2 Application Flow:
- /api/v1
Client ID: []
securityDefinitions:
OAuth2 Application Flow:
type: oauth2
description: ""
flow: application
tokenUrl: https://api.banamex.com/mx-gcgapi/api/v1/oauth/token
scopes:
/api/v1: ""
Client ID:
type: apiKey
description: ""
in: header
name: X-IBM-Client-Id
x-ibm-endpoints:
- endpointUrl: https://api.banamex.com/mx-gcgapi
type:
- production
- development
...