--- swagger: "2.0" info: description: This Microservice is intended to retrieve dynamic generated CVV2 and 2FA to support online shopping and non-present card transactions version: 1.0.0 title: CRDS-CAU-V-CardPymtAhr x-ibm-name: crds-cau-v-cardpymtahr host: 127.0.0.1 basePath: /api schemes: - https produces: - application/json paths: /v1/cards/cvv2/information/retrieve: post: tags: - retrieve-dynamic-CVV2-2FA-information operationId: retrieve-dynamic-CVV2-2FA-information summary: To retrieve the digitally generated CVV2 and 2FA using debit or credit card parameters and store the information in Teradata. description: This API is used to retrieve the digitally generated CVV2 and 2FA (Second Factor of Authentication) using debit or credit card parameters and store the information in Teradata. It returns the digitally generated CVV2 from ECS backend for Credit card and S045 for Debit card. consumes: - application/json produces: - application/json parameters: - name: client_id in: header description: The client ID you received during application registration in the developer portal required: true type: string - name: Authorization in: header description: Bearer token aquired from APIM token endpoint required: true type: string - name: uuid in: header description: Random 128 bit UUID generated uniquely for every request from the Customer, which will represent transaction unique identifier and it is recommended to send. required: true type: string - name: sid in: header description: Sessionid value from E2EE Key Exchange response. required: true type: string - name: Accept in: header required: true type: string description: Content-Types that are acceptable for the response - name: Accept-Language in: header description: Language to be send to the backend systems must be 'es' for spanish and 'en' for english required: false type: string default: es - name: ChannelId in: header description: channel ID used by the user, it is required for the first call in a new session. required: true type: string - name: countryCode in: header description: 2 character ISO country code required: true type: string default: MX - name: businessCode in: header description: 3 character business code required: true type: string default: GCB - name: Content-Type in: header description: Content-Types that are sent in the request required: true type: string default: application/json - in: body name: dynamicCvvRequest description: This request is to retrieve dynamically generated CVV2 and 2FA. required: true schema: $ref: '#/definitions/DynamicCvvRequest' responses: 200: description: CVV2 and 2FA retrieved successfully schema: $ref: '#/definitions/DynamicCvvResponse' 400: description:
TypeCodeDetails
errorinvalidRequestMissing or invalid Parameters
errorcannotDecryptData620-Cannot decrypt, please re-check the encrypted value
schema: $ref: '#/definitions/ErrorResponse' 401: description:
TypeCodeDetails
errorunAuthorizedAuthorization credentials are missing or invalid
schema: $ref: '#/definitions/ErrorResponse' 403: description:
TypeCodeDetails
erroraccessNotConfiguredThe request operation is not configured to access this resource
errorproductNotAllowedThe card is not allowed to issue CVV2 and 2FA.
schema: $ref: '#/definitions/ErrorResponse' 404: description:
TypeCodeDetailsMore Info
errorresourceNotFoundThe requested resource was not foundEmpty resource/resource not found
schema: $ref: '#/definitions/ErrorResponse' 422: description:
TypeCodeDetails
errorbusinessValidationFailedBusiness validation error occured on one or more parameters
schema: $ref: '#/definitions/ErrorResponse' 500: description: |-
TypeCodeDetails
errorbackendErrorFailed during a call to backend service
errortimeoutErrorTime to complete a transaction is over
fatalserverUnavailableThe request failed due to an internal error/server unavailability
schema: $ref: '#/definitions/ErrorResponse' /v1/cards/usage-info/encrypted/retrieve: post: tags: - retrieve-encrypted-card-usage-info operationId: retrieve-encrypted-card-usage-info summary: To retrieve the encrypted card information, once a 2FA (Second Factor of Authentication) is validated description: This API is used to retrieve the encrypted card information, once a 2FA (Second Factor of Authentication) is validated. The 2FA could be an OTP/HardToken/SoftToken/JWT consumes: - application/json produces: - application/json parameters: - name: client_id in: header description: The client ID you received during application registration in the developer portal required: true type: string - name: Authorization in: header description: Bearer token aquired from APIM token endpoint required: true type: string - name: uuid in: header description: Random 128 bit UUID generated uniquely for every request from the Customer, which will represent transaction unique identifier and it is recommended to send. required: true type: string - name: sid in: header description: Sessionid value from E2EE Key Exchange response. required: true type: string - name: Accept in: header required: true type: string description: Content-Types that are acceptable for the response - name: Accept-Language in: header description: Language to be send to the backend systems must be 'es' for spanish and 'en' for english required: false type: string default: es - name: ChannelId in: header description: channel ID used by the user, it is required for the first call in a new session. required: true type: string - name: countryCode in: header description: 2 character ISO country code required: true type: string default: MX - name: businessCode in: header description: 3 character business code required: true type: string default: GCB - name: Content-Type in: header description: Content-Types that are sent in the request required: true type: string default: application/json - in: body name: retrieveEncryptedCardRequest required: true schema: $ref: '#/definitions/RetrieveEncryptedCardRequest' responses: 200: description: Sensitive Card Information encrypted schema: $ref: '#/definitions/RetrieveEncryptedCardResponse' 400: description:
TypeCodeDetails
errorinvalidRequestMissing or invalid Parameters
errorcannotDecryptData620-Cannot decrypt, please re-check the encrypted value
schema: $ref: '#/definitions/ErrorResponse' 401: description:
TypeCodeDetails
errorunAuthorizedAuthorization credentials are missing or invalid
schema: $ref: '#/definitions/ErrorResponse' 403: description:
TypeCodeDetails
erroraccessNotConfiguredThe request operation is not configured to access this resource
errorproductNotAllowedThe card is not allowed to issue CVV2 and 2FA.
schema: $ref: '#/definitions/ErrorResponse' 404: description:
TypeCodeDetailsMore Info
errorresourceNotFoundThe requested resource was not foundEmpty resource/resource not found
schema: $ref: '#/definitions/ErrorResponse' 422: description:
TypeCodeDetails
errorbusinessValidationFailedBusiness validation error occured on one or more parameters
schema: $ref: '#/definitions/ErrorResponse' 500: description: |-
TypeCodeDetails
errorbackendErrorFailed during a call to backend service
errortimeoutErrorTime to complete a transaction is over
fatalserverUnavailableThe request failed due to an internal error/server unavailability
schema: $ref: '#/definitions/ErrorResponse' definitions: DynamicCvvRequest: type: object properties: accountId: description: Unique ID used by front end to indentify the account type: string example: "123456" cardAuthorization: $ref: '#/definitions/CardAuthorization' required: - accountId - cardAuthorization CardAuthorization: type: object properties: authenticationType: description: Authetication type used by the customer. 1 - UserId and Password, 2 - Softtoken, 3 - HardToken type: string example: "1" encryptedDevice: $ref: '#/definitions/EncryptedDevice' required: - authenticationType - encryptedDevice EncryptedDevice: type: object properties: osId: description: The Id of the operating system type: string example: "10" osName: description: Device operating system name type: string example: Android osVersion: description: Version of the operating system that is running on the device type: string example: 1.0.11 deviceModel: description: Name of the device model. This value is set by the device manufacturer and may be different across versions of the same device type: string example: SM-G935F ipAddress: description: Ip address of the device type: string example: 100.200.102.500 required: - osId - osName - osVersion - deviceModel - ipAddress DynamicCvvResponse: type: object properties: encryptedDigitalCvvNumber: type: string format: string example: 123345fygfugui357353 description: Dynamically generated CVV2. This value will be returned encrypted with previously shared AES key, so once decrypted the max length is 3 digits. encryptedAuthenticationFactor: type: string example: 12346dhfje537474gd description: Second factor of authentication. This value will be returned encrypted with previously shared AES key, so once decrypted the max length is 6 digits. required: - encryptedDigitalCvvNumber RetrieveEncryptedCardRequest: type: object properties: accountId: description: Unique ID used by front end to indentify the account type: string example: "123456" security: $ref: '#/definitions/Security' cardAuthorization: $ref: '#/definitions/CardAuthorizationInfo' required: - accountId - security - cardAuthorization Security: type: object properties: challengeQuestion: type: string example: "87295410" description: Challenge previously received (must be same as the given from get challenge service), composed by 8 digit numbers. oneTimePasswordToken: description: One time password Text that is generated and sent to User's registered communication device. type: string example: "17364892" jwtToken: type: string example: kkhljsdf87sdifskjfsdhkf8fsdf description: JWT to be validated when customer has being migrated to transmit platform grantType: description: Id of the token, used for identifying the kind of functional Id also known as applicationId for calling the transmit JWT validator service
tokenIdDetails
1SMS-OTP functional Id
2binding functional Id
3New Online Transaction functional Id
4Avatar Transaction functional Id
5IVR Transaction functional ID
6AcciTrade Transaction functional ID
7Directo Transaction functional ID
type: string example: "2" CardAuthorizationInfo: type: object properties: authenticationType: description: Authetication type used by the customer. 1 - UserId and Password, 2 - Softtoken, 3 - HardToken type: string example: "1" encryptedDevice: $ref: '#/definitions/EncryptedDeviceInfo' required: - authenticationType - encryptedDevice EncryptedDeviceInfo: type: object properties: osId: description: The Id of the operating system type: string example: "10" osName: description: Device operating system name type: string example: Android osVersion: description: Version of the operating system that is running on the device type: string example: 1.0.11 deviceModel: description: Name of the device model. This value is set by the device manufacturer and may be different across versions of the same device type: string example: SM-G935F ipAddress: description: Ip address of the device type: string example: 100.200.102.500 required: - osId - osName - osVersion - deviceModel - ipAddress RetrieveEncryptedCardResponse: type: object properties: encryptedCardPlastic: $ref: '#/definitions/EncryptedCardPlasticInfo' EncryptedCardPlasticInfo: type: object properties: cardNumber: description: Card number that is visible in the plastic type: string maxLength: 16 example: "6758968312457638" expiryDate: description: The date on which the card becomes invalid/expired. type: string format: date example: 09-21 required: - cardNumber - expiryDate ErrorResponse: required: - code - details - location - moreInfo - timestamp - type properties: type: type: string description: Invalid - Request did not confirm to the specification and was unprocessed and rejected. Please fix the value and try again enum: - error - warn - invalid - fatal code: type: string description: Error code which qualifies the error details: type: string description: Human readable explanation specific to the occurrence of the problem location: type: string description: The name of the field that resulted in the error moreInfo: type: string description: URI to human readable documentation of the error timestamp: type: string description: Timestamp of the error x-ibm-configuration: enforced: true testable: true phase: realized securityDefinitions: OAuth2 Application Flow: type: oauth2 description: "" flow: application scopes: /api/v1: "" tokenUrl: https://perf.api.externalapib2b.wlb.lac.nsroot.net:7100/mx-gcgapi/perfext/api/v1/oauth/token Client ID: type: apiKey description: "" in: header name: X-IBM-Client-Id security: - OAuth2 Application Flow: - /api/v1 Client ID: [] x-ibm-endpoints: - endpointUrl: https://perf.api.externalapib2b.wlb.lac.nsroot.net:7100/mx-gcgapi/perfext type: - production - development ...