Paths
/v1/x-global/security/e2e-gateway/public-key/retrieve
LOB - Security, Feature - E2EE, Functionality - Key Generation
This API is going to invoke corresponding channel instance service to generate a new RSA key pair for each session and save them in session. Then shares the modulus and exponent of public key with the consumers. If consumers invokes this api multiple times in the same session then it will return the same key all the times.
Client ID generated during application registration
The Authorization Token received during login
Content-Types that are acceptable for the response
128 bit UUID that you generate for every request
List of acceptable human languages for response
Content-Types that are sent in the request
Country code in 2 character ISO 3166 format
{
"default": "MX"
}Business code identified during application registration
Channel where request originated
SessionId sent by Consumer
Successful operation.
| Type | Code | Details |
| error | invalidRequest | Missing or invalid Parameters |
| Type | Code | Details |
| error | unAuthorized | Authorization credentials are missing or invalid |
| Type | Code | Details | More Info |
| error | accessNotConfigured | The request operation is not configured to access this resource | Channel/Country/Business provided in the request is not supported currently |
| Type | Code | Details | More Info |
| error | resourceNotFound | The requested resource was not found | Empty resource/resource not found |
| Type | Code | Details |
| error | businessValidationFailed | Business validation error occured on one or more parameters |
| Type | Code | Details |
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability |
/v1/x-global/security/e2e-gateway/symmetric-key/exchange
LOB - Security, Feature - E2EE, Functionality - Key Exchange
This API is going to invoke corresponding channel instance service to accept the session key in the request and save them in the session. This key will be used for all E2E cryptographic operations between client and server.
Client ID generated during application registration
The Authorization Token received during login
Content-Types that are acceptable for the response
128 bit UUID that you generate for every request
List of acceptable human languages for response
Content-Types that are sent in the request
Country code in 2 character ISO 3166 format
{
"default": "MX"
}Business code identified during application registration
Channel where request originated
SessionId sent by Consumer
Session key details for exchanging with the server.
Successful operation.
| Type | Code | Details |
| error | invalidRequest | Missing or invalid Parameters |
| Type | Code | Details |
| error | unAuthorized | Authorization credentials are missing or invalid |
| Type | Code | Details | More Info |
| error | accessNotConfigured | The request operation is not configured to access this resource | Channel/Country/Business provided in the request is not supported currently |
| Type | Code | Details | More Info |
| error | resourceNotFound | The requested resource was not found | Empty resource/resource not found |
| Type | Code | Details |
| error | businessValidationFailed | Business validation error occured on one or more parameters |
| Type | Code | Details |
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability |
/v1/x-global/security/e2e-gateway/encryption
LOB - Security, Feature - E2EE, Functionality - Payload Encryption
This API is going to invoke corresponding channel instance service to encrypt user/business sensitive data.
Client ID generated during application registration
The Authorization Token received during login
Content-Types that are acceptable for the response
128 bit UUID that you generate for every request
List of acceptable human languages for response
Content-Types that are sent in the request
Country code in 2 character ISO 3166 format
{
"default": "MX"
}Business code identified during application registration
Channel where request originated
SessionId sent by Consumer
Session key details for exchanging with the server.
Success.
| Type | Code | Details |
| error | invalidRequest | Missing or invalid Parameters |
| Type | Code | Details |
| error | unAuthorized | Authorization credentials are missing or invalid |
| Type | Code | Details | More Info |
| error | accessNotConfigured | The request operation is not configured to access this resource | Channel/Country/Business provided in the request is not supported currently |
| Type | Code | Details | More Info |
| error | resourceNotFound | The requested resource was not found | Empty resource/resource not found |
| Type | Code | Details |
| error | businessValidationFailed | Business validation error occured on one or more parameters |
| Type | Code | Details |
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability |
/v1/x-global/security/e2e-gateway/decryption
LOB - Security, Feature - E2EE, Functionality - Payload Decryption
This API is going to invoke corresponding channel instance service to decrypt the data and returns the value in clear.
Client ID generated during application registration
The Authorization Token received during login
Content-Types that are acceptable for the response
128 bit UUID that you generate for every request
List of acceptable human languages for response
Content-Types that are sent in the request
Country code in 2 character ISO 3166 format
{
"default": "MX"
}Business code identified during application registration
Channel where request originated
SessionId sent by Consumer
Session key details for exchanging with the server.
Success.
| Type | Code | Details |
| error | invalidRequest | Missing or invalid Parameters |
| Type | Code | Details |
| error | unAuthorized | Authorization credentials are missing or invalid |
| Type | Code | Details | More Info |
| error | accessNotConfigured | The request operation is not configured to access this resource | Channel/Country/Business provided in the request is not supported currently |
| Type | Code | Details | More Info |
| error | resourceNotFound | The requested resource was not found | Empty resource/resource not found |
| Type | Code | Details |
| error | businessValidationFailed | Business validation error occured on one or more parameters |
| Type | Code | Details |
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability |
Definitions
{
"required": [
"encryptedDekSecurityPayload",
"encryptedHmacSecurityPayload",
"securityEventId"
],
"type": "object",
"properties": {
"encryptedDekSecurityPayload": {
"type": "string",
"description": "Contains KEK encrypted DEK hex coded, DEK encrypted initialization vector hex coded & DEK check digit hex coded. These 3 values are concatenated and contained in this value.",
"example": "jlijsdifjosigjo32oie52goijwogwe342ngwij4o9ojowjoegj"
},
"encryptedHmacSecurityPayload": {
"type": "string",
"description": "Contains DEK encrypted Hmac Key hex coded & Hmac Key check digit hex coded. These 2 values are concatenated and contained in this value.",
"example": "wertewtetryytr"
},
"securityEventId": {
"type": "string",
"description": "Identifier considering Client random & Server random.",
"example": "wertewtetryytr"
}
}
}
{
"type": "object",
"properties": {
"securityEventId": {
"type": "string",
"description": "Identifier considering Client random & Server random.",
"example": "wertewtetryytr"
}
}
}
{
"type": "object",
"properties": {
"kekModulus": {
"type": "string",
"description": "The Modulus part of the public key is generated during RSA key pair creation. This value is the product of two prime numbers used to reconstruct the key pair.",
"example": "31753"
},
"kekExponent": {
"type": "string",
"description": "The Exponent part of the public key is generated during RSA key pair creation. This value is used to reconstruct public key.",
"example": "65537"
}
}
}
{
"required": [
"data",
"securityEventId",
"serviceId"
],
"type": "object",
"properties": {
"securityEventId": {
"type": "string",
"description": "Identifier considering Client random & Server random.",
"example": "wertewtetryytr"
},
"serviceId": {
"type": "string",
"description": "Identifier assigned to microservice consumer for service instances routing enabling."
},
"data": {
"type": "array",
"items": {
"$ref": "#/definitions/Data"
}
}
}
}
{
"type": "object",
"properties": {
"securityEventId": {
"type": "string",
"description": "Identifier considering Client random & Server random.",
"example": "wertewtetryytr"
},
"data": {
"type": "array",
"items": {
"$ref": "#/definitions/EncryptedData"
}
}
}
}
{
"required": [
"data",
"securityEventId",
"serviceId"
],
"type": "object",
"properties": {
"securityEventId": {
"type": "string",
"description": "Identifier considering Client random & Server random.",
"example": "wertewtetryytr"
},
"serviceId": {
"type": "string",
"description": "Identifier assigned to microservice consumer for service instances routing enabling."
},
"data": {
"type": "array",
"items": {
"$ref": "#/definitions/EncryptedData"
}
}
}
}
{
"type": "object",
"properties": {
"securityEventId": {
"type": "string",
"description": "Identifier considering Client random & Server random.",
"example": "wertewtetryytr"
},
"data": {
"type": "array",
"items": {
"$ref": "#/definitions/Data"
}
}
}
}
{
"type": "object",
"properties": {
"fieldName": {
"type": "string",
"description": "Name of the field",
"example": "token1"
},
"fieldValue": {
"type": "string",
"description": "Value of the field",
"example": "Mensaje de prueba"
}
}
}
{
"type": "object",
"properties": {
"fieldName": {
"type": "string",
"description": "Name of the field",
"example": "token1"
},
"encryptedFieldValue": {
"type": "string",
"description": "Encrypted value of the field",
"example": "a77efca453673ffaabce3434434ef4520983ae"
},
"encryptedFieldValueHmac": {
"type": "string",
"description": "Value generated Hmac used as check integrity",
"example": "a77efca453673ffaabce3434434ef4520983ae"
}
}
}
{
"properties": {
"type": {
"description": "Invalid - Request did not confirm to the specification and was unprocessed and rejected. Please fix the value and try again",
"enum": [
"error",
"warn",
"invalid",
"fatal"
],
"type": "string"
},
"timestamp": {
"description": "Timestamp of the error response",
"type": "string"
},
"uuid": {
"description": "Uuid used in the request",
"type": "string"
},
"code": {
"description": "Error code which qualifies the error",
"type": "string"
},
"details": {
"description": "Human readable explanation specific to the occurrence of the problem",
"type": "string"
},
"location": {
"description": "The name of the field that resulted in the error",
"type": "string"
},
"moreInfo": {
"description": "URI to human readable documentation of the error",
"type": "string"
}
}
}