production
development
https://api.banamex.com/mx-gcgapi
Paths
/v1/x-global/bne/security/user/session
post /v1/x-global/bne/security/user/session
bne-open-user-session
To authenticate user with alias and RSA using STS E2E encryption in BNE
This API is used to authenticate customer using STS E2EE for password encryption in BNE
OAuth2 Application Flow
OAuth2 Application Flow
(oauth2 application)
Token URL
https://api.banamex.com/mx-gcgapi/api/v1/oauth/token
Scopes
/api/v1
Client ID
X-IBM-Client-Id
(apiKey located in header)
client_id
Required in header
string
Client ID generated during application registration
Authorization
Required in header
string
The Authorization Token received during login
Accept
Required in header
string
Content-Types that are acceptable for the response
uuid
Required in header
string
128 bit UUID that you generate for every request
Accept-Language
Optional in header
string
List of acceptable human languages for response
Content-Type
Required in header
string
Content-Types that are sent in the request
countryCode
Required in header
string
Country code in 2 character ISO 3166 format
businessCode
Required in header
string
Business code identified durin application registration
ChannelId
Required in header
string
Channel where request originated
sid
Required in header
string
Session is generated and returned on the first API call of the key exchange (GET e2e call) as response header, which needs to be resent on succesive calls of same session.
openSessionRequest
Optional in body
object
200
Successful operation.
400
| Type | Code | Details |
| error | invalidRequest | Missing or invalid Parameters |
401
| Type | Code | Details |
| error | unAuthorized | Authorization credentials are missing or invalid |
403
| Type | Code | Details | More Info |
| error | accessNotConfigured | The request operation is not configured to access this resource | Channel/Country/Business provided in the request is not supported currently |
404
| Type | Code | Details | More Info |
| error | resourceNotFound | The requested resource was not found | Empty resource/resource not found |
422
| Type | Code | Details |
| error | businessValidationFailed | Business validation error occured on one or more parameters |
500
| Type | Code | Details |
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability |
Example Request
Example Response
POST https://api.banamex.com/mx-gcgapi/api/v1/x-global/bne/security/user/session
Try this operation
delete /v1/x-global/bne/security/user/session
bne-close-user-session
To logout the customer from NGA and S15 session. Session id will become invalid after this is succesful
This API will logout the customer from NGA and S15 session. Session id will become invalid after this is succesful
OAuth2 Application Flow
OAuth2 Application Flow
(oauth2 application)
Token URL
https://api.banamex.com/mx-gcgapi/api/v1/oauth/token
Scopes
/api/v1
Client ID
X-IBM-Client-Id
(apiKey located in header)
client_id
Required in header
string
Client ID generated during application registration
Authorization
Required in header
string
The Authorization Token received during login
Accept
Required in header
string
Content-Types that are acceptable for the response
uuid
Required in header
string
128 bit UUID that you generate for every request
Accept-Language
Optional in header
string
List of acceptable human languages for response
Content-Type
Optional in header
string
Content-Types that are sent in the request
countryCode
Required in header
string
Country code in 2 character ISO 3166 format
businessCode
Required in header
string
Business code identified durin application registration
ChannelId
Required in header
string
Channel where request originated
sid
Required in header
string
Session is generated and returned on the first API call of the key exchange (GET e2e call) as response header, which needs to be resent on succesive calls of same session.
200
Successful operation.
400
| Type | Code | Details |
| error | invalidRequest | Missing or invalid Parameters |
401
| Type | Code | Details |
| error | unAuthorized | Authorization credentials are missing or invalid |
403
| Type | Code | Details | More Info |
| error | accessNotConfigured | The request operation is not configured to access this resource | Channel/Country/Business provided in the request is not supported currently |
404
| Type | Code | Details | More Info |
| error | resourceNotFound | The requested resource was not found | Empty resource/resource not found |
422
| Type | Code | Details |
| error | businessValidationFailed | Business validation error occured on one or more parameters |
500
| Type | Code | Details |
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability |
Example Request
Example Response
DELETE https://api.banamex.com/mx-gcgapi/api/v1/x-global/bne/security/user/session
Try this operation
Definitions
{
"type": "object",
"properties": {
"dataCenterLocation": {
"description": "Data Center location (CSI)",
"type": "string",
"example": "10"
},
"sessionRequiredFlag": {
"description": "To create a session in Backend Systems, this is always true",
"type": "boolean",
"default": true
},
"userAuthentication": {
"$ref": "#/definitions/UserAuthentication"
}
},
"required": [
"userAuthentication",
"sessionRequiredFlag",
"dataCenterLocation"
]
}
{
"type": "object",
"properties": {
"userId": {
"description": "Customer client number or alias",
"type": "string",
"example": "493885731234",
"maxLength": 12
},
"userIdType": {
"description": "Type of login ID used to authenticate",
"type": "string",
"enum": [
"ALIAS",
"CUSTOMER_NUM"
],
"example": "CUSTOMER_NUM"
},
"legalRepresentativeId": {
"description": "Unique identifier for corporate legal Representative.",
"type": "string",
"example": "01",
"maxLength": 2,
"minLength": 2
},
"encryptedPasswordText": {
"description": "\"E2EE encrypted customer password, must be Alphanumeric. The first 2 must be numeric and the last 6 must be alphanumeric\"\n",
"type": "string",
"example": "Y&GGH$?eeMKS;zLRAbei"
},
"applicationUrl": {
"description": "Application url",
"type": "string",
"example": "www.applicationUrl.com"
},
"device": {
"$ref": "#/definitions/Device"
}
},
"required": [
"userId",
"userIdType",
"legalRepresentativeId",
"encryptedPasswordText"
]
}
{
"type": "object",
"properties": {
"devicePrint": {
"description": "The device printId for Cyota request. Encapsulates all parameters obtained by device fingerprint gathering code.",
"type": "string",
"example": "12345"
},
"deviceTokenCookie": {
"description": "The value of the cookie. Device token cookie is to be passed for all the requests excluding the first request.",
"type": "string",
"example": "123456789"
},
"userAgent": {
"description": "User Agent of the device. Browser Type e.g Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36",
"type": "string",
"example": "Mozilla"
},
"ipAddress": {
"description": "Ip address of the device.",
"type": "string",
"example": "192.168.0.0"
},
"hardwareId": {
"description": "Mobile Hardware Id",
"type": "string",
"example": "098H52ST479QE053V2"
},
"simId": {
"description": "Mobile Sim Id. The SUBSCRIBER IDENTITY MODULE Serial Number (SSN), or Integrated Circuit Card Id (ICC-Id). Or a unique hash value.",
"type": "string",
"example": "1234567890ADFGHJKIU"
}
}
}
{
"type": "object",
"properties": {
"passwordExpiryDate": {
"description": "Password expiration date in format YYYY-MM-DD",
"type": "string",
"format": "date",
"example": "2020-04-22"
},
"challengeServiceCode": {
"description": "Field to determine whether the SPA service is down and you have to send a dummy Challenge",
"type": "string",
"enum": [
"OK",
"DUMMY"
],
"default": "OK"
},
"lastLoginDate": {
"description": "Date of last customer login access in format YYYY-MM-DD",
"type": "string",
"format": "date",
"example": "2020-04-2"
},
"lastLoginTime": {
"description": "Time of last customer login access in format HH:mm",
"type": "string",
"example": "06:22"
},
"channelId": {
"description": "Channel Id that customer last logged in to.",
"type": "string",
"example": "1234"
},
"stationName": {
"description": "Station Name to use in challenge",
"type": "string",
"example": "12"
},
"dataCenterLocation": {
"description": "Data center location",
"type": "string",
"example": "1234"
},
"customerName": {
"description": "Customer full name",
"type": "string",
"example": "Jose Luis Zepeda"
},
"virtualAccountExistFlag": {
"description": "Field to know if the Customer have Virtual Accounts",
"type": "boolean",
"example": true
},
"lastUpdatedDate": {
"description": "Last Updated Date of the customer information",
"type": "string",
"format": "date",
"example": "2020-05-22"
},
"products": {
"type": "array",
"items": {
"$ref": "#/definitions/Product"
}
},
"legalRepresentative": {
"$ref": "#/definitions/LegalRepresentative"
},
"customerService": {
"type": "array",
"items": {
"$ref": "#/definitions/CustomerService"
}
}
},
"required": [
"passwordExpiryDate",
"challengeServiceCode",
"lastLoginDate",
"lastLoginTime",
"lastChannelId",
"stationName",
"virtualAccountExistFlag",
"dataCenterLocation",
"customerService",
"products",
"customerName"
]
}
{
"properties": {
"productCode": {
"description": "Product code classifies a product based upon its inherent characteristics, structure, and the market needs it addresses. Ex- Credit Card",
"type": "string",
"example": "111"
},
"productSubCode": {
"description": "Product Sub Code. Ex- CitiGold",
"type": "string",
"example": "144"
},
"relatedAccountCount": {
"description": "Total accounts related to the same productCode and productSubCode.",
"type": "integer",
"example": 5
}
}
}
{
"properties": {
"fullName": {
"description": "Name of corporate legal Representative",
"type": "string",
"example": "Juan Carlos Rivera"
},
"legalRepresentativeId": {
"description": "Unique identifier for corporate legal Representative.",
"type": "string",
"example": "01"
}
}
}
{
"required": [
"customerServiceNumber",
"customerServiceType"
],
"properties": {
"customerServiceNumber": {
"description": "Id of the bank service used by customer",
"type": "string",
"example": "515"
},
"customerServiceType": {
"description": "Type of the bank service used by customer",
"type": "string",
"example": "60"
}
}
}
{
"properties": {
"type": {
"type": "string",
"description": "Invalid - Request did not confirm to the specification and was unprocessed and rejected. Please fix the value and try again",
"enum": [
"error",
"warn",
"invalid",
"fatal"
]
},
"code": {
"description": "Error code which qualifies the error",
"type": "string"
},
"details": {
"description": "Human readable explanation specific to the occurrence of the problem",
"type": "string"
},
"location": {
"description": "The name of the field that resulted in the error",
"type": "string"
},
"moreInfo": {
"description": "URI to human readable documentation or detailed description of the error",
"type": "string"
},
"uuid": {
"description": "128 bit UUID that you generate for every request",
"type": "string"
},
"timestamp": {
"description": "Timestamp of the error",
"type": "string"
}
},
"required": [
"type",
"code"
]
}