--- swagger: "2.0" info: version: 1.0.0 title: xlg-pat-p-e2e-gateway-management description: This microservice is used as an auxiliar of the services of E2EE microservice. Is focused on redirect requests to each corresponding service instance depending on consumer channel. x-ibm-name: xlg-pat-p-e2e-gateway-management host: 127.0.0.1 schemes: - https basePath: /api produces: - application/json paths: /v1/x-global/security/e2e-gateway/public-key/retrieve: get: tags: - retrieve-public-key-e2e-gateway operationId: retrieve-public-key-e2e-gateway summary: LOB - Security, Feature - E2EE, Functionality - Key Generation description: This API is going to invoke corresponding channel instance service to generate a new RSA key pair for each session and save them in session. Then shares the modulus and exponent of public key with the consumers. If consumers invokes this api multiple times in the same session then it will return the same key all the times. consumes: - application/json produces: - application/json parameters: - name: client_id in: header required: true type: string description: Client ID generated during application registration - name: Authorization in: header required: true type: string description: The Authorization Token received during login - name: Accept in: header required: true type: string description: Content-Types that are acceptable for the response - name: uuid in: header required: true type: string description: 128 bit UUID that you generate for every request - name: Accept-Language in: header required: false type: string description: List of acceptable human languages for response - name: Content-Type in: header required: false type: string description: Content-Types that are sent in the request - name: countryCode in: header required: true type: string description: Country code in 2 character ISO 3166 format default: MX - name: businessCode in: header required: true type: string description: Business code identified during application registration - name: ChannelId in: header required: true type: string description: Channel where request originated - name: sid in: header required: true type: string description: SessionId sent by Consumer responses: 200: description: Successful operation. schema: $ref: '#/definitions/KeyEncryptionKeyDetailsResponse' 400: description:
TypeCodeDetails
errorinvalidRequestMissing or invalid Parameters
schema: $ref: '#/definitions/ErrorResponse' 401: description:
TypeCodeDetails
errorunAuthorizedAuthorization credentials are missing or invalid
schema: $ref: '#/definitions/ErrorResponse' 403: description:
TypeCodeDetailsMore Info
erroraccessNotConfiguredThe request operation is not configured to access this resourceChannel/Country/Business provided in the request is not supported currently
schema: $ref: '#/definitions/ErrorResponse' 404: description:
TypeCodeDetailsMore Info
errorresourceNotFoundThe requested resource was not foundEmpty resource/resource not found
schema: $ref: '#/definitions/ErrorResponse' 422: description:
TypeCodeDetails
errorbusinessValidationFailedBusiness validation error occured on one or more parameters
schema: $ref: '#/definitions/ErrorResponse' 500: description:
TypeCodeDetails
fatalserverUnavailableThe request failed due to an internal error/server unavailability
schema: $ref: '#/definitions/ErrorResponse' /v1/x-global/security/e2e-gateway/symmetric-key/exchange: post: tags: - symmetric-key-exchange-e2e-gateway operationId: symmetric-key-exchange-e2e-gateway summary: LOB - Security, Feature - E2EE, Functionality - Key Exchange description: This API is going to invoke corresponding channel instance service to accept the session key in the request and save them in the session. This key will be used for all E2E cryptographic operations between client and server. consumes: - application/json produces: - application/json parameters: - name: client_id in: header required: true type: string description: Client ID generated during application registration - name: Authorization in: header required: true type: string description: The Authorization Token received during login - name: Accept in: header required: true type: string description: Content-Types that are acceptable for the response - name: uuid in: header required: true type: string description: 128 bit UUID that you generate for every request - name: Accept-Language in: header required: false type: string description: List of acceptable human languages for response - name: Content-Type in: header required: true type: string description: Content-Types that are sent in the request - name: countryCode in: header required: true type: string description: Country code in 2 character ISO 3166 format default: MX - name: businessCode in: header required: true type: string description: Business code identified during application registration - name: ChannelId in: header required: true type: string description: Channel where request originated - name: sid in: header required: true type: string description: SessionId sent by Consumer - name: sessionKeyDetailsRequest in: body description: Session key details for exchanging with the server. required: true schema: $ref: '#/definitions/SessionKeyDetailsRequest' responses: 200: description: Successful operation. schema: $ref: '#/definitions/SessionKeyDetailsResponse' 400: description:
TypeCodeDetails
errorinvalidRequestMissing or invalid Parameters
schema: $ref: '#/definitions/ErrorResponse' 401: description:
TypeCodeDetails
errorunAuthorizedAuthorization credentials are missing or invalid
schema: $ref: '#/definitions/ErrorResponse' 403: description:
TypeCodeDetailsMore Info
erroraccessNotConfiguredThe request operation is not configured to access this resourceChannel/Country/Business provided in the request is not supported currently
schema: $ref: '#/definitions/ErrorResponse' 404: description:
TypeCodeDetailsMore Info
errorresourceNotFoundThe requested resource was not foundEmpty resource/resource not found
schema: $ref: '#/definitions/ErrorResponse' 422: description:
TypeCodeDetails
errorbusinessValidationFailedBusiness validation error occured on one or more parameters
schema: $ref: '#/definitions/ErrorResponse' 500: description:
TypeCodeDetails
fatalserverUnavailableThe request failed due to an internal error/server unavailability
schema: $ref: '#/definitions/ErrorResponse' /v1/x-global/security/e2e-gateway/encryption: post: tags: - encrypt-payload-e2e-gateway summary: LOB - Security, Feature - E2EE, Functionality - Payload Encryption operationId: encrypt-payload-e2e-gateway description: This API is going to invoke corresponding channel instance service to encrypt user/business sensitive data. consumes: - application/json produces: - application/json parameters: - name: client_id in: header required: true type: string description: Client ID generated during application registration - name: Authorization in: header required: true type: string description: The Authorization Token received during login - name: Accept in: header required: true type: string description: Content-Types that are acceptable for the response - name: uuid in: header required: true type: string description: 128 bit UUID that you generate for every request - name: Accept-Language in: header required: false type: string description: List of acceptable human languages for response - name: Content-Type in: header required: true type: string description: Content-Types that are sent in the request - name: countryCode in: header required: true type: string description: Country code in 2 character ISO 3166 format default: MX - name: businessCode in: header required: true type: string description: Business code identified during application registration - name: ChannelId in: header required: true type: string description: Channel where request originated - name: sid in: header required: true type: string description: SessionId sent by Consumer - name: encryptDataRequest in: body description: Session key details for exchanging with the server. required: true schema: $ref: '#/definitions/EncryptDataRequest' responses: 200: description: Success. schema: $ref: '#/definitions/EncryptDataResponse' 400: description:
TypeCodeDetails
errorinvalidRequestMissing or invalid Parameters
schema: $ref: '#/definitions/ErrorResponse' 401: description:
TypeCodeDetails
errorunAuthorizedAuthorization credentials are missing or invalid
schema: $ref: '#/definitions/ErrorResponse' 403: description:
TypeCodeDetailsMore Info
erroraccessNotConfiguredThe request operation is not configured to access this resourceChannel/Country/Business provided in the request is not supported currently
schema: $ref: '#/definitions/ErrorResponse' 404: description:
TypeCodeDetailsMore Info
errorresourceNotFoundThe requested resource was not foundEmpty resource/resource not found
schema: $ref: '#/definitions/ErrorResponse' 422: description:
TypeCodeDetails
errorbusinessValidationFailedBusiness validation error occured on one or more parameters
schema: $ref: '#/definitions/ErrorResponse' 500: description:
TypeCodeDetails
fatalserverUnavailableThe request failed due to an internal error/server unavailability
schema: $ref: '#/definitions/ErrorResponse' /v1/x-global/security/e2e-gateway/decryption: post: tags: - decrypt-payload-e2e-gateway operationId: decrypt-payload-e2e-gateway summary: LOB - Security, Feature - E2EE, Functionality - Payload Decryption description: This API is going to invoke corresponding channel instance service to decrypt the data and returns the value in clear. consumes: - application/json produces: - application/json parameters: - name: client_id in: header required: true type: string description: Client ID generated during application registration - name: Authorization in: header required: true type: string description: The Authorization Token received during login - name: Accept in: header required: true type: string description: Content-Types that are acceptable for the response - name: uuid in: header required: true type: string description: 128 bit UUID that you generate for every request - name: Accept-Language in: header required: false type: string description: List of acceptable human languages for response - name: Content-Type in: header required: true type: string description: Content-Types that are sent in the request - name: countryCode in: header required: true type: string description: Country code in 2 character ISO 3166 format default: MX - name: businessCode in: header required: true type: string description: Business code identified during application registration - name: ChannelId in: header required: true type: string description: Channel where request originated - name: sid in: header required: true type: string description: SessionId sent by Consumer - name: decryptDataRequest in: body description: Session key details for exchanging with the server. required: true schema: $ref: '#/definitions/DecryptDataRequest' responses: 200: description: Success. schema: $ref: '#/definitions/DecryptDataResponse' 400: description:
TypeCodeDetails
errorinvalidRequestMissing or invalid Parameters
schema: $ref: '#/definitions/ErrorResponse' 401: description:
TypeCodeDetails
errorunAuthorizedAuthorization credentials are missing or invalid
schema: $ref: '#/definitions/ErrorResponse' 403: description:
TypeCodeDetailsMore Info
erroraccessNotConfiguredThe request operation is not configured to access this resourceChannel/Country/Business provided in the request is not supported currently
schema: $ref: '#/definitions/ErrorResponse' 404: description:
TypeCodeDetailsMore Info
errorresourceNotFoundThe requested resource was not foundEmpty resource/resource not found
schema: $ref: '#/definitions/ErrorResponse' 422: description:
TypeCodeDetails
errorbusinessValidationFailedBusiness validation error occured on one or more parameters
schema: $ref: '#/definitions/ErrorResponse' 500: description:
TypeCodeDetails
fatalserverUnavailableThe request failed due to an internal error/server unavailability
schema: $ref: '#/definitions/ErrorResponse' definitions: SessionKeyDetailsRequest: required: - encryptedDekSecurityPayload - encryptedHmacSecurityPayload - securityEventId type: object properties: encryptedDekSecurityPayload: type: string description: Contains KEK encrypted DEK hex coded, DEK encrypted initialization vector hex coded & DEK check digit hex coded. These 3 values are concatenated and contained in this value. example: jlijsdifjosigjo32oie52goijwogwe342ngwij4o9ojowjoegj encryptedHmacSecurityPayload: type: string description: Contains DEK encrypted Hmac Key hex coded & Hmac Key check digit hex coded. These 2 values are concatenated and contained in this value. example: wertewtetryytr securityEventId: type: string description: Identifier considering Client random & Server random. example: wertewtetryytr SessionKeyDetailsResponse: type: object properties: securityEventId: type: string description: Identifier considering Client random & Server random. example: wertewtetryytr KeyEncryptionKeyDetailsResponse: type: object properties: kekModulus: type: string description: The Modulus part of the public key is generated during RSA key pair creation. This value is the product of two prime numbers used to reconstruct the key pair. example: "31753" kekExponent: type: string description: The Exponent part of the public key is generated during RSA key pair creation. This value is used to reconstruct public key. example: "65537" EncryptDataRequest: required: - data - securityEventId - serviceId type: object properties: securityEventId: type: string description: Identifier considering Client random & Server random. example: wertewtetryytr serviceId: type: string description: Identifier assigned to microservice consumer for service instances routing enabling. data: type: array items: $ref: '#/definitions/Data' EncryptDataResponse: type: object properties: securityEventId: type: string description: Identifier considering Client random & Server random. example: wertewtetryytr data: type: array items: $ref: '#/definitions/EncryptedData' DecryptDataRequest: required: - data - securityEventId - serviceId type: object properties: securityEventId: type: string description: Identifier considering Client random & Server random. example: wertewtetryytr serviceId: type: string description: Identifier assigned to microservice consumer for service instances routing enabling. data: type: array items: $ref: '#/definitions/EncryptedData' DecryptDataResponse: type: object properties: securityEventId: type: string description: Identifier considering Client random & Server random. example: wertewtetryytr data: type: array items: $ref: '#/definitions/Data' Data: type: object properties: fieldName: type: string description: Name of the field example: token1 fieldValue: type: string description: Value of the field example: Mensaje de prueba EncryptedData: type: object properties: fieldName: type: string description: Name of the field example: token1 encryptedFieldValue: type: string description: Encrypted value of the field example: a77efca453673ffaabce3434434ef4520983ae encryptedFieldValueHmac: type: string description: Value generated Hmac used as check integrity example: a77efca453673ffaabce3434434ef4520983ae ErrorResponse: properties: type: description: Invalid - Request did not confirm to the specification and was unprocessed and rejected. Please fix the value and try again enum: - error - warn - invalid - fatal type: string timestamp: description: Timestamp of the error response type: string uuid: description: Uuid used in the request type: string code: description: Error code which qualifies the error type: string details: description: Human readable explanation specific to the occurrence of the problem type: string location: description: The name of the field that resulted in the error type: string moreInfo: description: URI to human readable documentation of the error type: string x-ibm-configuration: enforced: true testable: true phase: realized securityDefinitions: OAuth2 Application Flow: type: oauth2 description: "" flow: application scopes: /api/v1: "" tokenUrl: https://api.banamex.com/mx-gcgapi/api/v1/oauth/token Client ID: type: apiKey description: "" in: header name: X-IBM-Client-Id security: - OAuth2 Application Flow: - /api/v1 Client ID: [] x-ibm-endpoints: - endpointUrl: https://api.banamex.com/mx-gcgapi type: - production - development ...