---
swagger: "2.0"
info:
  title: xlg-pat-v-opb-transmit-access-recovery
  description: This purpose of this Microservice is to perform the operations with
    transmit soft token in SSS to recover customer's access. This is an Orchestrator
    service.
  version: 1.1.0
  x-ibm-name: xlg-pat-v-opb-transmit-access-recovery
host: 127.0.0.1
schemes:
- https
basePath: /api
produces:
- application/json
paths:
  /v1/open-banking/x-global/security/customers/electronic-banking/access/unlock:
    post:
      tags:
      - opb-transmit-unlock-customer-access
      operationId: opb-transmit-unlock-customer-access
      summary: LOB:Security; Feature:Unlock; Functionality:transmit-soft token
      description: This API is used to unlock a customer access to electronic banking
        using the transmit soft token through SSS
      consumes:
      - application/json
      produces:
      - application/json
      parameters:
      - name: client_id
        in: header
        required: false
        type: string
        description: Client ID generated during application registration
      - name: Authorization
        in: header
        required: false
        type: string
        description: The Authorization Token received during login
      - name: Accept
        in: header
        required: true
        type: string
        description: Content-Types that are acceptable for the response
      - name: uuid
        in: header
        required: true
        type: string
        description: 128 bit UUID that you generate for every request
      - name: Accept-Language
        in: header
        required: false
        type: string
        description: List of acceptable human languages for response
      - name: Content-Type
        in: header
        required: true
        type: string
        description: Content-Types that are sent in the request
      - name: countryCode
        in: header
        required: true
        type: string
        description: Country code in 2 character ISO 3166 format
      - name: businessCode
        in: header
        required: true
        type: string
        description: Business code identified during application registration
      - name: ChannelId
        in: header
        required: true
        type: string
        description: Channel where request originated
      - name: sid
        in: header
        required: false
        type: string
        description: SessionId sent by Consumer
      - name: unlockCustomerRequest
        in: body
        required: true
        schema:
          $ref: '#/definitions/UnlockCustomerRequest'
      responses:
        204:
          description: Successful operation.
          headers:
            Strict-Transport-Security:
              type: string
              description: HTTP Strict Transport Security (HSTS) is a web security
                policy mechanism which helps to protect websites against protocol
                downgrade attacks and cookie hijacking.
            X-XSS-Protection:
              type: string
              description: This header enables the Cross-site scripting (XSS) filter
                in your browser.
            X-Content-Type-Options:
              type: string
              description: Setting this header will prevent MSIE and Chrome from interpreting
                files as something else than declared by the content type in the HTTP
                headers.
            Content-Security-Policy:
              type: string
              description: CSP has significant impact on the way browser renders pages
                (e.g., inline JavaScript disabled by default and must be explicitly
                allowed in policy). CSP prevents a wide range of attacks, including
                Cross-site scripting and other cross-site injections
        400:
          description: <table><tr><td>Type</td><td>Code</td><td>Details</td></tr>
            <tr><td>error</td><td>invalidRequest</td><td>Missing or invalid Parameters</td></tr>
            <tr><td>error</td><td>cannotDecryptData</td><td>620-Cannot decrypt, please
            re-check the encrypted value</td></tr></table>
          headers:
            Strict-Transport-Security:
              type: string
              description: HTTP Strict Transport Security (HSTS) is a web security
                policy mechanism which helps to protect websites against protocol
                downgrade attacks and cookie hijacking.
            X-XSS-Protection:
              type: string
              description: This header enables the Cross-site scripting (XSS) filter
                in your browser.
            X-Content-Type-Options:
              type: string
              description: Setting this header will prevent MSIE and Chrome from interpreting
                files as something else than declared by the content type in the HTTP
                headers.
            Content-Security-Policy:
              type: string
              description: CSP has significant impact on the way browser renders pages
                (e.g., inline JavaScript disabled by default and must be explicitly
                allowed in policy). CSP prevents a wide range of attacks, including
                Cross-site scripting and other cross-site injections
          schema:
            $ref: '#/definitions/ErrorResponse'
        401:
          description: <table><tr><td>Type</td><td>Code</td><td>Details</td></tr><tr><td>error</td><td>unAuthorized</td><td>Authorization
            credentials are missing or invalid</td></tr></table>
          headers:
            Strict-Transport-Security:
              type: string
              description: HTTP Strict Transport Security (HSTS) is a web security
                policy mechanism which helps to protect websites against protocol
                downgrade attacks and cookie hijacking.
            X-XSS-Protection:
              type: string
              description: This header enables the Cross-site scripting (XSS) filter
                in your browser.
            X-Content-Type-Options:
              type: string
              description: Setting this header will prevent MSIE and Chrome from interpreting
                files as something else than declared by the content type in the HTTP
                headers.
            Content-Security-Policy:
              type: string
              description: CSP has significant impact on the way browser renders pages
                (e.g., inline JavaScript disabled by default and must be explicitly
                allowed in policy). CSP prevents a wide range of attacks, including
                Cross-site scripting and other cross-site injections
          schema:
            $ref: '#/definitions/ErrorResponse'
        403:
          description: <table><tr><td>Type</td><td>Code</td><td>Details</td><td>More
            Info</td></tr><tr><td>error</td><td>accessNotConfigured</td><td>The request
            operation is not configured to access this resource</td><td>Channel/Country/Business
            provided in the request is not supported currently</td></tr></table>
          headers:
            Strict-Transport-Security:
              type: string
              description: HTTP Strict Transport Security (HSTS) is a web security
                policy mechanism which helps to protect websites against protocol
                downgrade attacks and cookie hijacking.
            X-XSS-Protection:
              type: string
              description: This header enables the Cross-site scripting (XSS) filter
                in your browser.
            X-Content-Type-Options:
              type: string
              description: Setting this header will prevent MSIE and Chrome from interpreting
                files as something else than declared by the content type in the HTTP
                headers.
            Content-Security-Policy:
              type: string
              description: CSP has significant impact on the way browser renders pages
                (e.g., inline JavaScript disabled by default and must be explicitly
                allowed in policy). CSP prevents a wide range of attacks, including
                Cross-site scripting and other cross-site injections
          schema:
            $ref: '#/definitions/ErrorResponse'
        404:
          description: <table><tr><td>Type</td><td>Code</td><td>Details</td><td>More
            Info</td></tr><tr><td>error</td><td>resourceNotFound</td><td>The requested
            resource was not found</td><td>Empty resource/resource not found</td></tr></table>
          headers:
            Strict-Transport-Security:
              type: string
              description: HTTP Strict Transport Security (HSTS) is a web security
                policy mechanism which helps to protect websites against protocol
                downgrade attacks and cookie hijacking.
            X-XSS-Protection:
              type: string
              description: This header enables the Cross-site scripting (XSS) filter
                in your browser.
            X-Content-Type-Options:
              type: string
              description: Setting this header will prevent MSIE and Chrome from interpreting
                files as something else than declared by the content type in the HTTP
                headers.
            Content-Security-Policy:
              type: string
              description: CSP has significant impact on the way browser renders pages
                (e.g., inline JavaScript disabled by default and must be explicitly
                allowed in policy). CSP prevents a wide range of attacks, including
                Cross-site scripting and other cross-site injections
          schema:
            $ref: '#/definitions/ErrorResponse'
        422:
          description: <table><table><tr><td>Type</td><td>Code</td><td>Details</td></tr><tr><td>error</td><td>businessValidationFailed</td><td>Business
            validation error occured on one or more parameters</td></tr></table>
          headers:
            Strict-Transport-Security:
              type: string
              description: HTTP Strict Transport Security (HSTS) is a web security
                policy mechanism which helps to protect websites against protocol
                downgrade attacks and cookie hijacking.
            X-XSS-Protection:
              type: string
              description: This header enables the Cross-site scripting (XSS) filter
                in your browser.
            X-Content-Type-Options:
              type: string
              description: Setting this header will prevent MSIE and Chrome from interpreting
                files as something else than declared by the content type in the HTTP
                headers.
            Content-Security-Policy:
              type: string
              description: CSP has significant impact on the way browser renders pages
                (e.g., inline JavaScript disabled by default and must be explicitly
                allowed in policy). CSP prevents a wide range of attacks, including
                Cross-site scripting and other cross-site injections
          schema:
            $ref: '#/definitions/ErrorResponse'
        500:
          description: <table><tr><td>Type</td><td>Code</td><td>Details</td></tr><tr><td>fatal</td><td>serverUnavailable</td><td>The
            request failed due to an internal error/server unavailability</td></tr></table>
          headers:
            Strict-Transport-Security:
              type: string
              description: HTTP Strict Transport Security (HSTS) is a web security
                policy mechanism which helps to protect websites against protocol
                downgrade attacks and cookie hijacking.
            X-XSS-Protection:
              type: string
              description: This header enables the Cross-site scripting (XSS) filter
                in your browser.
            X-Content-Type-Options:
              type: string
              description: Setting this header will prevent MSIE and Chrome from interpreting
                files as something else than declared by the content type in the HTTP
                headers.
            Content-Security-Policy:
              type: string
              description: CSP has significant impact on the way browser renders pages
                (e.g., inline JavaScript disabled by default and must be explicitly
                allowed in policy). CSP prevents a wide range of attacks, including
                Cross-site scripting and other cross-site injections
          schema:
            $ref: '#/definitions/ErrorResponse'
definitions:
  UnlockCustomerRequest:
    type: object
    properties:
      jwtToken:
        type: string
        example: kkhljsdf87sdifskjfsdhkf8fsdf
        description: JWT to validate customer email.
      grantType:
        type: string
        example: "2"
        maxLength: 2
        pattern: ^[0-9]{1,2}$
        description: Id of the token, used for identifying the kind of functional
          Id also known as applicationId for calling the transmit JWT validator service
          <table><tr><td>tokenId</td><td>Details</td></tr><tr><td>1</td><td>SMS-OTP
          functional Id</td></tr><tr><td>2</td><td>binding functional Id</td></tr><tr><td>3</td><td>New
          Online Transaction functional Id</td></tr><tr><td>4</td><td>Avatar Transaction
          functional Id</td></tr><tr><td>5</td><td>IVR Transaction functional ID</td></tr><tr><td>6</td><td>AcciTrade
          Transaction functional ID</td></tr><tr><td>7</td><td>Directo Transaction
          functional ID</td></tr></table>
      customer:
        $ref: '#/definitions/Customer'
    required:
    - jwtToken
    - customer
  Customer:
    type: object
    properties:
      encryptedCustomerId:
        description: Unique identifier of the customer. This value must be encrypted
          with AES key shared previously using E2E-Encryption API's.
        type: string
        example: LHU52hAAkRgjsNf/ZWTDOhgpUMJsovFTTenIRyOu6y1hKqeoBzlzHbstxSdTN2cCDdGevF0IRlzaGiRuNQSftVu5dQVh8IBCx2hV8bAtMXE=.GmVNmN8A08OEl5uqAgI6I9iVmuADxnm103Cpj1+hxFk=
      legalRepresentativeId:
        description: Unique identifier for corporate legal Representative. Only for
          Corporate customers
        type: string
        pattern: ^[0-9]{1,2}$
        example: "1"
        maxLength: 2
    required:
    - encryptedCustomerId
  ErrorResponse:
    properties:
      type:
        type: string
        description: Invalid - Request did not confirm to the specification and was
          unprocessed and rejected. Please fix the value and try again
        enum:
        - error
        - warn
        - invalid
        - fatal
      code:
        description: Error code which qualifies the error
        type: string
      details:
        description: Human readable explanation specific to the occurrence of the
          problem
        type: string
      location:
        description: The name of the field that resulted in the error
        type: string
      moreInfo:
        description: More Info can be used to pass any additional details
        type: string
      uuid:
        description: 128 bit UUID that you generate for every request
        type: string
      timestamp:
        description: Timestamp of the error
        type: string
    required:
    - type
    - code
x-ibm-configuration:
  enforced: true
  testable: true
  phase: realized
securityDefinitions:
  Client ID:
    type: apiKey
    description: ""
    in: header
    name: X-IBM-Client-Id
security:
- Client ID: []
x-ibm-endpoints:
- endpointUrl: https://api.banamex.com/mx-gcgapi
  type:
  - production
  - development
...