--- swagger: "2.0" info: description: This Microservice is intended to retrieve dynamic generated CVV2 and 2FA to support online shopping and non-present card transactions. version: 1.0.0 title: CRDS-CAU-D-CardPaymentAuthorization x-ibm-name: crds-cau-d-cardpaymentauthorization basePath: /api schemes: - https produces: - application/json paths: /v1/cards/plastic/cvv2/retrieve: post: tags: - retrieve-dynamic-CVV2-2FA operationId: retrieve-dynamic-CVV2-2FA summary: To retrieve dynamically generated CVV2 and 2FA using debit or credit card parameters. description: This API returns a dynamically generated CVV2 from ECS backend for Credit and S045 for Debit. This API returns also a 2FA (Second Factor of Authentication). This API is Post-login so SCOPE is `VISITOR` and SID is required which was provided in previous E2EE APIs interaction. consumes: - application/json produces: - application/json parameters: - name: client_id in: header description: The client ID you received during application registration in the developer portal required: true type: string - name: Authorization in: header description: Bearer token aquired from APIM token endpoint required: true type: string - name: uuid in: header description: Random 128 bit UUID generated uniquely for every request from the Customer, which will represent transaction unique identifier and it is recommended to send. required: true type: string - name: sid in: header description: Session is generated and returned on the first API call as response header, which needs to be present on succesive calls of the same session. required: true type: string - name: Accept in: header required: true type: string description: Content-Types that are acceptable for the response - name: Accept-Language in: header description: Language to be send to the backend systems must be 'es' for spanish and 'en' for english required: false type: string default: es - name: channelId in: header description: channel ID used by the user, it is required for the first call in a new session. required: true type: string - name: Content-Type in: header description: Content-Types that are sent in the request required: true type: string default: application/json - in: body name: dynamicCvvRequest description: This request is to retrieve dynamically generated CVV2 and 2FA. required: true schema: $ref: '#/definitions/DynamicCvvRequest' responses: 200: description: CVV2 and 2FA retrieved successfully schema: $ref: '#/definitions/DynamicCvvResponse' 400: description:
TypeCodeDetails
errorinvalidRequestMissing or invalid Parameters
errorcannotDecryptData620-Cannot decrypt, please re-check the encrypted value
schema: $ref: '#/definitions/ErrorResponse' 403: description:
TypeCodeDetails
erroraccessNotConfiguredThe request operation is not configured to access this resource
errorproductNotAllowedThe card is not allowed to issue CVV2 and 2FA.
schema: $ref: '#/definitions/ErrorResponse' 500: description: |-
TypeCodeDetails
errorbackendErrorFailed during a call to backend service
errortimeoutErrorTime to complete a transaction is over
fatalserverUnavailableThe request failed due to an internal error/server unavailability
schema: $ref: '#/definitions/ErrorResponse' definitions: DynamicCvvRequest: type: object required: - cardType - encryptedCardNumber - encryptedExpiryDate properties: encryptedCardNumber: type: string description: Card number for which the CVV2 and 2FA is generated. This value must be encrypted with AES key shared previously using E2E-Encryption API's. example: "1234567890123456" encryptedExpiryDate: type: string format: date description: The expiration date of the card in format MMYY. This value must be encrypted with AES key shared previously using E2E-Encryption API's. example: "2019-06-22" maxLength: 10 cardType: type: string description: | Identifier that indicate the type of the card:
  • DEBIT for debit card
  • CREDIT for credit card default: CREDIT enum: - CREDIT - DEBIT DynamicCvvResponse: type: object properties: digitalCvvNumber: type: string format: string example: "1234" description: Dynamically generated CVV2. This value will be returned encrypted with previously shared AES key, so once decrypted the max length is 4 digits. maxLength: 4 authenticationFactor: type: string example: "213515" description: Second factor of authentication. This value will be returned encrypted with previously shared AES key, so once decrypted the max length is 6 digits. maxLength: 6 ErrorResponse: required: - code - details - location - moreInfo - timestamp - type properties: type: type: string description: Invalid - Request did not confirm to the specification and was unprocessed and rejected. Please fix the value and try again enum: - error - warn - invalid - fatal code: type: string description: Error code which qualifies the error details: type: string description: Human readable explanation specific to the occurrence of the problem location: type: string description: The name of the field that resulted in the error moreInfo: type: string description: URI to human readable documentation of the error timestamp: type: string description: Timestamp of the error x-ibm-configuration: enforced: true testable: true phase: realized securityDefinitions: OAuth2 Application Flow: type: oauth2 description: "" flow: application scopes: /api/v1: "" tokenUrl: https://perf.api.externalapib2b.wlb.lac.nsroot.net:7100/mx-gcgapi/perfext/api/v1/oauth/token Client ID: type: apiKey description: "" in: header name: X-IBM-Client-Id security: - OAuth2 Application Flow: - /api/v1 Client ID: [] x-ibm-endpoints: - endpointUrl: https://perf.api.externalapib2b.wlb.lac.nsroot.net:7100/mx-gcgapi/perfext type: - production - development ...