--- swagger: "2.0" info: title: xlg-pat-v-bne-screen-challenge description: This microservice will be used for challenge validation/generation of BNE customers, when they need a Second Authentication Factor version: 1.0.0 x-ibm-name: xlg-pat-v-bne-screen-challenge host: 127.0.0.1 schemes: - https basePath: /api produces: - application/json paths: /v1/x-global/bne/security/authenticate/challenge/info/validate: post: tags: - bne-validate-challenge-info operationId: bne-validate-challenge-info summary: 'LOB: BNE, feature: login challenge, functionality: validate' description: This API is used to send the information of the authenticate customer by validating the challenge code for BNE consumes: - application/json produces: - application/json parameters: - name: client_id in: header required: true type: string description: Client ID generated during application registration - name: Authorization in: header required: true type: string description: The Authorization Token received during login - name: Accept in: header required: true type: string description: Content-Types that are acceptable for the response - name: uuid in: header required: true type: string description: 128 bit UUID that you generate for every request - name: Accept-Language in: header required: false type: string description: List of acceptable human languages for response - name: Content-Type in: header required: true type: string description: Content-Types that are sent in the request - name: countryCode in: header required: true type: string description: Country code in 2 character ISO 3166 format - name: businessCode in: header required: true type: string description: Business code identified durin application registration - name: ChannelId in: header required: true type: string description: Channel where request originated - name: sid in: header required: true type: string description: Session is generated and returned on the first API call of the key exchange (GET e2e call) as response header, which needs to be resent on succesive calls of same session. - name: validateCustomerChallengeRequest in: body schema: $ref: '#/definitions/BneValidateChallengeInfoRequest' responses: 200: description: Successful operation. 400: description:
TypeCodeDetails
errorinvalidRequestMissing or invalid Parameters
schema: $ref: '#/definitions/ErrorResponse' 401: description:
TypeCodeDetails
errorunAuthorizedAuthorization credentials are missing or invalid
schema: $ref: '#/definitions/ErrorResponse' 403: description:
TypeCodeDetailsMore Info
erroraccessNotConfiguredThe request operation is not configured to access this resourceChannel/Country/Business provided in the request is not supported currently
schema: $ref: '#/definitions/ErrorResponse' 404: description:
TypeCodeDetailsMore Info
errorresourceNotFoundThe requested resource was not foundEmpty resource/resource not found
schema: $ref: '#/definitions/ErrorResponse' 422: description:
TypeCodeDetails
errorbusinessValidationFailedBusiness validation error occured on one or more parameters
schema: $ref: '#/definitions/ErrorResponse' 500: description:
TypeCodeDetails
fatalserverUnavailableThe request failed due to an internal error/server unavailability
schema: $ref: '#/definitions/ErrorResponse' definitions: BneValidateChallengeInfoRequest: type: object required: - oneTimePasswordToken - mfaTransactionType - mfaTransactionId properties: oneTimePasswordToken: description: Validation code generated by hardware token type: string example: "123456" mfaTransactionType: description: Field indicates the transaction type for which the authentication is requested, for Login or Risk Transaction type: string enum: - LOGIN - RISK default: LOGIN mfaTransactionId: description: The transaction to apply the challenge type: string example: "1234567890" arcsight: $ref: '#/definitions/Arcsight' Arcsight: type: object properties: applicationName: description: Name of the application or in its absence the simple name of the browser. type: string example: bpm applicationPlatformName: description: Platform and version used by the application. type: string example: BackBase 5.7.3 arcsightActionCode: description: Code for arcsight repository 0 - backup, log file 1 - send, log file 2 - disable arcsight. enum: - "0" - "1" - "2" type: string example: "0" dataCenterLocation: description: Data center location type: string example: "1234" destinationIpAddress: description: IP address of the destination API server. type: string example: 169.193.251.49 destinationPort: description: Destination port information used to identify the application/web server service. type: string example: "443" hardwareId: description: Mobile Hardware Id type: string example: 098H52ST479QE053V2 hostName: description: Hostname associated with the Destination IP address. type: string example: olb-mxmtu1ap1.nam.nsroot.net legalRepresentativeId: description: Unique identifier for corporate legal Representative. type: string example: "01" userAgent: description: User Agent of the device. Browser Type e.g Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36 type: string example: Mozilla userId: description: Id to uniquely Identify the user. Value- Customer number. type: string example: "123456789012" maxLength: 12 aliasName: description: Name or email of the user. type: string example: hugo.enrique.wilthewestefan@citi.com maxLength: 150 userIdType: description: Type of login ID used to authenticate type: string enum: - ALIAS - CUSTOMER_NUM example: CUSTOMER_NUM deviceTokenCookie: description: The value of the cookie. Device token cookie is to be passed for all the requests excluding the first request. type: string example: "123456789" ipAddress: description: Ip address of the device. type: string example: 192.168.0.0 operationDate: description: Exact time in which the operation was sent, including the time zone. type: string format: date-time example: May 24 2019 13:12:09 CST required: - applicationName - applicationPlatformName - arcsightActionCode - dataCenterLocation - destinationIpAddress - destinationPort - hardwareId - hostName - legalRepresentativeId - userAgent - userId - deviceTokenCookie - ipAddress - operationDate ErrorResponse: properties: type: type: string description: Invalid - Request did not confirm to the specification and was unprocessed and rejected. Please fix the value and try again enum: - error - warn - invalid - fatal code: description: Error code which qualifies the error type: string details: description: Human readable explanation specific to the occurrence of the problem type: string location: description: The name of the field that resulted in the error type: string moreInfo: description: URI to human readable documentation or detailed description of the error type: string uuid: description: 128 bit UUID that you generate for every request type: string timestamp: description: Timestamp of the error type: string required: - type - code x-ibm-configuration: enforced: true testable: true phase: realized securityDefinitions: OAuth2 Application Flow: type: oauth2 description: "" flow: application scopes: /api/v1: "" tokenUrl: https://api.banamex.com/mx-gcgapi/api/v1/oauth/token Client ID: type: apiKey description: "" in: header name: X-IBM-Client-Id security: - OAuth2 Application Flow: - /api/v1 Client ID: [] x-ibm-endpoints: - endpointUrl: https://api.banamex.com/mx-gcgapi type: - production - development ...