---
swagger: "2.0"
info:
version: 1.0.0
title: xlg-pat-p-e2e-gateway-management
description: This microservice is used as an auxiliar of the services of E2EE microservice.
Is focused on redirect requests to each corresponding service instance depending
on consumer channel.
x-ibm-name: xlg-pat-p-e2e-gateway-management
host: 127.0.0.1
schemes:
- https
basePath: /api
produces:
- application/json
paths:
/v1/x-global/security/e2e-gateway/public-key/retrieve:
get:
tags:
- retrieve-public-key-e2e-gateway
operationId: retrieve-public-key-e2e-gateway
summary: LOB - Security, Feature - E2EE, Functionality - Key Generation
description: This API is going to invoke corresponding channel instance service
to generate a new RSA key pair for each session and save them in session.
Then shares the modulus and exponent of public key with the consumers. If
consumers invokes this api multiple times in the same session then it will
return the same key all the times.
consumes:
- application/json
produces:
- application/json
parameters:
- name: client_id
in: header
required: true
type: string
description: Client ID generated during application registration
- name: Authorization
in: header
required: true
type: string
description: The Authorization Token received during login
- name: Accept
in: header
required: true
type: string
description: Content-Types that are acceptable for the response
- name: uuid
in: header
required: true
type: string
description: 128 bit UUID that you generate for every request
- name: Accept-Language
in: header
required: false
type: string
description: List of acceptable human languages for response
- name: Content-Type
in: header
required: false
type: string
description: Content-Types that are sent in the request
- name: countryCode
in: header
required: true
type: string
description: Country code in 2 character ISO 3166 format
default: MX
- name: businessCode
in: header
required: true
type: string
description: Business code identified during application registration
- name: ChannelId
in: header
required: true
type: string
description: Channel where request originated
- name: sid
in: header
required: true
type: string
description: SessionId sent by Consumer
responses:
200:
description: Successful operation.
schema:
$ref: '#/definitions/KeyEncryptionKeyDetailsResponse'
400:
description:
Type | Code | Details |
error | invalidRequest | Missing
or invalid Parameters |
schema:
$ref: '#/definitions/ErrorResponse'
401:
description: Type | Code | Details |
error | unAuthorized | Authorization
credentials are missing or invalid |
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: Type | Code | Details | More
Info |
error | accessNotConfigured | The request
operation is not configured to access this resource | Channel/Country/Business
provided in the request is not supported currently |
schema:
$ref: '#/definitions/ErrorResponse'
404:
description: Type | Code | Details | More
Info |
error | resourceNotFound | The requested
resource was not found | Empty resource/resource not found |
schema:
$ref: '#/definitions/ErrorResponse'
422:
description: Type | Code | Details |
error | businessValidationFailed | Business
validation error occured on one or more parameters |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: Type | Code | Details |
fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
schema:
$ref: '#/definitions/ErrorResponse'
/v1/x-global/security/e2e-gateway/symmetric-key/exchange:
post:
tags:
- symmetric-key-exchange-e2e-gateway
operationId: symmetric-key-exchange-e2e-gateway
summary: LOB - Security, Feature - E2EE, Functionality - Key Exchange
description: This API is going to invoke corresponding channel instance service
to accept the session key in the request and save them in the session. This
key will be used for all E2E cryptographic operations between client and server.
consumes:
- application/json
produces:
- application/json
parameters:
- name: client_id
in: header
required: true
type: string
description: Client ID generated during application registration
- name: Authorization
in: header
required: true
type: string
description: The Authorization Token received during login
- name: Accept
in: header
required: true
type: string
description: Content-Types that are acceptable for the response
- name: uuid
in: header
required: true
type: string
description: 128 bit UUID that you generate for every request
- name: Accept-Language
in: header
required: false
type: string
description: List of acceptable human languages for response
- name: Content-Type
in: header
required: true
type: string
description: Content-Types that are sent in the request
- name: countryCode
in: header
required: true
type: string
description: Country code in 2 character ISO 3166 format
default: MX
- name: businessCode
in: header
required: true
type: string
description: Business code identified during application registration
- name: ChannelId
in: header
required: true
type: string
description: Channel where request originated
- name: sid
in: header
required: true
type: string
description: SessionId sent by Consumer
- name: sessionKeyDetailsRequest
in: body
description: Session key details for exchanging with the server.
required: true
schema:
$ref: '#/definitions/SessionKeyDetailsRequest'
responses:
200:
description: Successful operation.
schema:
$ref: '#/definitions/SessionKeyDetailsResponse'
400:
description: Type | Code | Details |
error | invalidRequest | Missing
or invalid Parameters |
schema:
$ref: '#/definitions/ErrorResponse'
401:
description: Type | Code | Details |
error | unAuthorized | Authorization
credentials are missing or invalid |
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: Type | Code | Details | More
Info |
error | accessNotConfigured | The request
operation is not configured to access this resource | Channel/Country/Business
provided in the request is not supported currently |
schema:
$ref: '#/definitions/ErrorResponse'
404:
description: Type | Code | Details | More
Info |
error | resourceNotFound | The requested
resource was not found | Empty resource/resource not found |
schema:
$ref: '#/definitions/ErrorResponse'
422:
description: Type | Code | Details |
error | businessValidationFailed | Business
validation error occured on one or more parameters |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: Type | Code | Details |
fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
schema:
$ref: '#/definitions/ErrorResponse'
/v1/x-global/security/e2e-gateway/encryption:
post:
tags:
- encrypt-payload-e2e-gateway
summary: LOB - Security, Feature - E2EE, Functionality - Payload Encryption
operationId: encrypt-payload-e2e-gateway
description: This API is going to invoke corresponding channel instance service
to encrypt user/business sensitive data.
consumes:
- application/json
produces:
- application/json
parameters:
- name: client_id
in: header
required: true
type: string
description: Client ID generated during application registration
- name: Authorization
in: header
required: true
type: string
description: The Authorization Token received during login
- name: Accept
in: header
required: true
type: string
description: Content-Types that are acceptable for the response
- name: uuid
in: header
required: true
type: string
description: 128 bit UUID that you generate for every request
- name: Accept-Language
in: header
required: false
type: string
description: List of acceptable human languages for response
- name: Content-Type
in: header
required: true
type: string
description: Content-Types that are sent in the request
- name: countryCode
in: header
required: true
type: string
description: Country code in 2 character ISO 3166 format
default: MX
- name: businessCode
in: header
required: true
type: string
description: Business code identified during application registration
- name: ChannelId
in: header
required: true
type: string
description: Channel where request originated
- name: sid
in: header
required: true
type: string
description: SessionId sent by Consumer
- name: encryptDataRequest
in: body
description: Session key details for exchanging with the server.
required: true
schema:
$ref: '#/definitions/EncryptDataRequest'
responses:
200:
description: Success.
schema:
$ref: '#/definitions/EncryptDataResponse'
400:
description: Type | Code | Details |
error | invalidRequest | Missing
or invalid Parameters |
schema:
$ref: '#/definitions/ErrorResponse'
401:
description: Type | Code | Details |
error | unAuthorized | Authorization
credentials are missing or invalid |
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: Type | Code | Details | More
Info |
error | accessNotConfigured | The request
operation is not configured to access this resource | Channel/Country/Business
provided in the request is not supported currently |
schema:
$ref: '#/definitions/ErrorResponse'
404:
description: Type | Code | Details | More
Info |
error | resourceNotFound | The requested
resource was not found | Empty resource/resource not found |
schema:
$ref: '#/definitions/ErrorResponse'
422:
description: Type | Code | Details |
error | businessValidationFailed | Business
validation error occured on one or more parameters |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: Type | Code | Details |
fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
schema:
$ref: '#/definitions/ErrorResponse'
/v1/x-global/security/e2e-gateway/decryption:
post:
tags:
- decrypt-payload-e2e-gateway
operationId: decrypt-payload-e2e-gateway
summary: LOB - Security, Feature - E2EE, Functionality - Payload Decryption
description: This API is going to invoke corresponding channel instance service
to decrypt the data and returns the value in clear.
consumes:
- application/json
produces:
- application/json
parameters:
- name: client_id
in: header
required: true
type: string
description: Client ID generated during application registration
- name: Authorization
in: header
required: true
type: string
description: The Authorization Token received during login
- name: Accept
in: header
required: true
type: string
description: Content-Types that are acceptable for the response
- name: uuid
in: header
required: true
type: string
description: 128 bit UUID that you generate for every request
- name: Accept-Language
in: header
required: false
type: string
description: List of acceptable human languages for response
- name: Content-Type
in: header
required: true
type: string
description: Content-Types that are sent in the request
- name: countryCode
in: header
required: true
type: string
description: Country code in 2 character ISO 3166 format
default: MX
- name: businessCode
in: header
required: true
type: string
description: Business code identified during application registration
- name: ChannelId
in: header
required: true
type: string
description: Channel where request originated
- name: sid
in: header
required: true
type: string
description: SessionId sent by Consumer
- name: decryptDataRequest
in: body
description: Session key details for exchanging with the server.
required: true
schema:
$ref: '#/definitions/DecryptDataRequest'
responses:
200:
description: Success.
schema:
$ref: '#/definitions/DecryptDataResponse'
400:
description: Type | Code | Details |
error | invalidRequest | Missing
or invalid Parameters |
schema:
$ref: '#/definitions/ErrorResponse'
401:
description: Type | Code | Details |
error | unAuthorized | Authorization
credentials are missing or invalid |
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: Type | Code | Details | More
Info |
error | accessNotConfigured | The request
operation is not configured to access this resource | Channel/Country/Business
provided in the request is not supported currently |
schema:
$ref: '#/definitions/ErrorResponse'
404:
description: Type | Code | Details | More
Info |
error | resourceNotFound | The requested
resource was not found | Empty resource/resource not found |
schema:
$ref: '#/definitions/ErrorResponse'
422:
description: Type | Code | Details |
error | businessValidationFailed | Business
validation error occured on one or more parameters |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: Type | Code | Details |
fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
schema:
$ref: '#/definitions/ErrorResponse'
definitions:
SessionKeyDetailsRequest:
required:
- encryptedDekSecurityPayload
- encryptedHmacSecurityPayload
- securityEventId
type: object
properties:
encryptedDekSecurityPayload:
type: string
description: Contains KEK encrypted DEK hex coded, DEK encrypted initialization
vector hex coded & DEK check digit hex coded. These 3 values are concatenated
and contained in this value.
example: jlijsdifjosigjo32oie52goijwogwe342ngwij4o9ojowjoegj
encryptedHmacSecurityPayload:
type: string
description: Contains DEK encrypted Hmac Key hex coded & Hmac Key check digit
hex coded. These 2 values are concatenated and contained in this value.
example: wertewtetryytr
securityEventId:
type: string
description: Identifier considering Client random & Server random.
example: wertewtetryytr
SessionKeyDetailsResponse:
type: object
properties:
securityEventId:
type: string
description: Identifier considering Client random & Server random.
example: wertewtetryytr
KeyEncryptionKeyDetailsResponse:
type: object
properties:
kekModulus:
type: string
description: The Modulus part of the public key is generated during RSA key
pair creation. This value is the product of two prime numbers used to reconstruct
the key pair.
example: "31753"
kekExponent:
type: string
description: The Exponent part of the public key is generated during RSA key
pair creation. This value is used to reconstruct public key.
example: "65537"
EncryptDataRequest:
required:
- data
- securityEventId
- serviceId
type: object
properties:
securityEventId:
type: string
description: Identifier considering Client random & Server random.
example: wertewtetryytr
serviceId:
type: string
description: Identifier assigned to microservice consumer for service instances
routing enabling.
data:
type: array
items:
$ref: '#/definitions/Data'
EncryptDataResponse:
type: object
properties:
securityEventId:
type: string
description: Identifier considering Client random & Server random.
example: wertewtetryytr
data:
type: array
items:
$ref: '#/definitions/EncryptedData'
DecryptDataRequest:
required:
- data
- securityEventId
- serviceId
type: object
properties:
securityEventId:
type: string
description: Identifier considering Client random & Server random.
example: wertewtetryytr
serviceId:
type: string
description: Identifier assigned to microservice consumer for service instances
routing enabling.
data:
type: array
items:
$ref: '#/definitions/EncryptedData'
DecryptDataResponse:
type: object
properties:
securityEventId:
type: string
description: Identifier considering Client random & Server random.
example: wertewtetryytr
data:
type: array
items:
$ref: '#/definitions/Data'
Data:
type: object
properties:
fieldName:
type: string
description: Name of the field
example: token1
fieldValue:
type: string
description: Value of the field
example: Mensaje de prueba
EncryptedData:
type: object
properties:
fieldName:
type: string
description: Name of the field
example: token1
encryptedFieldValue:
type: string
description: Encrypted value of the field
example: a77efca453673ffaabce3434434ef4520983ae
encryptedFieldValueHmac:
type: string
description: Value generated Hmac used as check integrity
example: a77efca453673ffaabce3434434ef4520983ae
ErrorResponse:
properties:
type:
description: Invalid - Request did not confirm to the specification and was
unprocessed and rejected. Please fix the value and try again
enum:
- error
- warn
- invalid
- fatal
type: string
timestamp:
description: Timestamp of the error response
type: string
uuid:
description: Uuid used in the request
type: string
code:
description: Error code which qualifies the error
type: string
details:
description: Human readable explanation specific to the occurrence of the
problem
type: string
location:
description: The name of the field that resulted in the error
type: string
moreInfo:
description: URI to human readable documentation of the error
type: string
x-ibm-configuration:
enforced: true
testable: true
phase: realized
securityDefinitions:
OAuth2 Application Flow:
type: oauth2
description: ""
flow: application
scopes:
/api/v1: ""
tokenUrl: https://api.banamex.com/mx-gcgapi/api/v1/oauth/token
Client ID:
type: apiKey
description: ""
in: header
name: X-IBM-Client-Id
security:
- OAuth2 Application Flow:
- /api/v1
Client ID: []
x-ibm-endpoints:
- endpointUrl: https://api.banamex.com/mx-gcgapi
type:
- production
- development
...