---
swagger: "2.0"
info:
title: xlg-pat-v-opb-transmit-access-recovery
description: This purpose of this Microservice is to perform the operations with
transmit soft token in SSS to recover customer's access. This is an Orchestrator
service.
version: 1.1.0
x-ibm-name: xlg-pat-v-opb-transmit-access-recovery
host: 127.0.0.1
schemes:
- https
basePath: /api
produces:
- application/json
paths:
/v1/open-banking/x-global/security/customers/electronic-banking/access/unlock:
post:
tags:
- opb-transmit-unlock-customer-access
operationId: opb-transmit-unlock-customer-access
summary: LOB:Security; Feature:Unlock; Functionality:transmit-soft token
description: This API is used to unlock a customer access to electronic banking
using the transmit soft token through SSS
consumes:
- application/json
produces:
- application/json
parameters:
- name: client_id
in: header
required: false
type: string
description: Client ID generated during application registration
- name: Authorization
in: header
required: false
type: string
description: The Authorization Token received during login
- name: Accept
in: header
required: true
type: string
description: Content-Types that are acceptable for the response
- name: uuid
in: header
required: true
type: string
description: 128 bit UUID that you generate for every request
- name: Accept-Language
in: header
required: false
type: string
description: List of acceptable human languages for response
- name: Content-Type
in: header
required: true
type: string
description: Content-Types that are sent in the request
- name: countryCode
in: header
required: true
type: string
description: Country code in 2 character ISO 3166 format
- name: businessCode
in: header
required: true
type: string
description: Business code identified during application registration
- name: ChannelId
in: header
required: true
type: string
description: Channel where request originated
- name: sid
in: header
required: false
type: string
description: SessionId sent by Consumer
- name: unlockCustomerRequest
in: body
required: true
schema:
$ref: '#/definitions/UnlockCustomerRequest'
responses:
204:
description: Successful operation.
headers:
Strict-Transport-Security:
type: string
description: HTTP Strict Transport Security (HSTS) is a web security
policy mechanism which helps to protect websites against protocol
downgrade attacks and cookie hijacking.
X-XSS-Protection:
type: string
description: This header enables the Cross-site scripting (XSS) filter
in your browser.
X-Content-Type-Options:
type: string
description: Setting this header will prevent MSIE and Chrome from interpreting
files as something else than declared by the content type in the HTTP
headers.
Content-Security-Policy:
type: string
description: CSP has significant impact on the way browser renders pages
(e.g., inline JavaScript disabled by default and must be explicitly
allowed in policy). CSP prevents a wide range of attacks, including
Cross-site scripting and other cross-site injections
400:
description:
Type | Code | Details |
error | invalidRequest | Missing or invalid Parameters |
error | cannotDecryptData | 620-Cannot decrypt, please
re-check the encrypted value |
headers:
Strict-Transport-Security:
type: string
description: HTTP Strict Transport Security (HSTS) is a web security
policy mechanism which helps to protect websites against protocol
downgrade attacks and cookie hijacking.
X-XSS-Protection:
type: string
description: This header enables the Cross-site scripting (XSS) filter
in your browser.
X-Content-Type-Options:
type: string
description: Setting this header will prevent MSIE and Chrome from interpreting
files as something else than declared by the content type in the HTTP
headers.
Content-Security-Policy:
type: string
description: CSP has significant impact on the way browser renders pages
(e.g., inline JavaScript disabled by default and must be explicitly
allowed in policy). CSP prevents a wide range of attacks, including
Cross-site scripting and other cross-site injections
schema:
$ref: '#/definitions/ErrorResponse'
401:
description: Type | Code | Details |
error | unAuthorized | Authorization
credentials are missing or invalid |
headers:
Strict-Transport-Security:
type: string
description: HTTP Strict Transport Security (HSTS) is a web security
policy mechanism which helps to protect websites against protocol
downgrade attacks and cookie hijacking.
X-XSS-Protection:
type: string
description: This header enables the Cross-site scripting (XSS) filter
in your browser.
X-Content-Type-Options:
type: string
description: Setting this header will prevent MSIE and Chrome from interpreting
files as something else than declared by the content type in the HTTP
headers.
Content-Security-Policy:
type: string
description: CSP has significant impact on the way browser renders pages
(e.g., inline JavaScript disabled by default and must be explicitly
allowed in policy). CSP prevents a wide range of attacks, including
Cross-site scripting and other cross-site injections
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: Type | Code | Details | More
Info |
error | accessNotConfigured | The request
operation is not configured to access this resource | Channel/Country/Business
provided in the request is not supported currently |
headers:
Strict-Transport-Security:
type: string
description: HTTP Strict Transport Security (HSTS) is a web security
policy mechanism which helps to protect websites against protocol
downgrade attacks and cookie hijacking.
X-XSS-Protection:
type: string
description: This header enables the Cross-site scripting (XSS) filter
in your browser.
X-Content-Type-Options:
type: string
description: Setting this header will prevent MSIE and Chrome from interpreting
files as something else than declared by the content type in the HTTP
headers.
Content-Security-Policy:
type: string
description: CSP has significant impact on the way browser renders pages
(e.g., inline JavaScript disabled by default and must be explicitly
allowed in policy). CSP prevents a wide range of attacks, including
Cross-site scripting and other cross-site injections
schema:
$ref: '#/definitions/ErrorResponse'
404:
description: Type | Code | Details | More
Info |
error | resourceNotFound | The requested
resource was not found | Empty resource/resource not found |
headers:
Strict-Transport-Security:
type: string
description: HTTP Strict Transport Security (HSTS) is a web security
policy mechanism which helps to protect websites against protocol
downgrade attacks and cookie hijacking.
X-XSS-Protection:
type: string
description: This header enables the Cross-site scripting (XSS) filter
in your browser.
X-Content-Type-Options:
type: string
description: Setting this header will prevent MSIE and Chrome from interpreting
files as something else than declared by the content type in the HTTP
headers.
Content-Security-Policy:
type: string
description: CSP has significant impact on the way browser renders pages
(e.g., inline JavaScript disabled by default and must be explicitly
allowed in policy). CSP prevents a wide range of attacks, including
Cross-site scripting and other cross-site injections
schema:
$ref: '#/definitions/ErrorResponse'
422:
description: Type | Code | Details |
error | businessValidationFailed | Business
validation error occured on one or more parameters |
headers:
Strict-Transport-Security:
type: string
description: HTTP Strict Transport Security (HSTS) is a web security
policy mechanism which helps to protect websites against protocol
downgrade attacks and cookie hijacking.
X-XSS-Protection:
type: string
description: This header enables the Cross-site scripting (XSS) filter
in your browser.
X-Content-Type-Options:
type: string
description: Setting this header will prevent MSIE and Chrome from interpreting
files as something else than declared by the content type in the HTTP
headers.
Content-Security-Policy:
type: string
description: CSP has significant impact on the way browser renders pages
(e.g., inline JavaScript disabled by default and must be explicitly
allowed in policy). CSP prevents a wide range of attacks, including
Cross-site scripting and other cross-site injections
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: Type | Code | Details |
fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
headers:
Strict-Transport-Security:
type: string
description: HTTP Strict Transport Security (HSTS) is a web security
policy mechanism which helps to protect websites against protocol
downgrade attacks and cookie hijacking.
X-XSS-Protection:
type: string
description: This header enables the Cross-site scripting (XSS) filter
in your browser.
X-Content-Type-Options:
type: string
description: Setting this header will prevent MSIE and Chrome from interpreting
files as something else than declared by the content type in the HTTP
headers.
Content-Security-Policy:
type: string
description: CSP has significant impact on the way browser renders pages
(e.g., inline JavaScript disabled by default and must be explicitly
allowed in policy). CSP prevents a wide range of attacks, including
Cross-site scripting and other cross-site injections
schema:
$ref: '#/definitions/ErrorResponse'
definitions:
UnlockCustomerRequest:
type: object
properties:
jwtToken:
type: string
example: kkhljsdf87sdifskjfsdhkf8fsdf
description: JWT to validate customer email.
grantType:
type: string
example: "2"
maxLength: 2
pattern: ^[0-9]{1,2}$
description: Id of the token, used for identifying the kind of functional
Id also known as applicationId for calling the transmit JWT validator service
tokenId | Details |
1 | SMS-OTP
functional Id |
2 | binding functional Id |
3 | New
Online Transaction functional Id |
4 | Avatar Transaction
functional Id |
5 | IVR Transaction functional ID |
6 | AcciTrade
Transaction functional ID |
7 | Directo Transaction
functional ID |
customer:
$ref: '#/definitions/Customer'
required:
- jwtToken
- customer
Customer:
type: object
properties:
encryptedCustomerId:
description: Unique identifier of the customer. This value must be encrypted
with AES key shared previously using E2E-Encryption API's.
type: string
example: LHU52hAAkRgjsNf/ZWTDOhgpUMJsovFTTenIRyOu6y1hKqeoBzlzHbstxSdTN2cCDdGevF0IRlzaGiRuNQSftVu5dQVh8IBCx2hV8bAtMXE=.GmVNmN8A08OEl5uqAgI6I9iVmuADxnm103Cpj1+hxFk=
legalRepresentativeId:
description: Unique identifier for corporate legal Representative. Only for
Corporate customers
type: string
pattern: ^[0-9]{1,2}$
example: "1"
maxLength: 2
required:
- encryptedCustomerId
ErrorResponse:
properties:
type:
type: string
description: Invalid - Request did not confirm to the specification and was
unprocessed and rejected. Please fix the value and try again
enum:
- error
- warn
- invalid
- fatal
code:
description: Error code which qualifies the error
type: string
details:
description: Human readable explanation specific to the occurrence of the
problem
type: string
location:
description: The name of the field that resulted in the error
type: string
moreInfo:
description: More Info can be used to pass any additional details
type: string
uuid:
description: 128 bit UUID that you generate for every request
type: string
timestamp:
description: Timestamp of the error
type: string
required:
- type
- code
x-ibm-configuration:
enforced: true
testable: true
phase: realized
securityDefinitions:
Client ID:
type: apiKey
description: ""
in: header
name: X-IBM-Client-Id
security:
- Client ID: []
x-ibm-endpoints:
- endpointUrl: https://perf.api.externalapib2b.wlb.lac.nsroot.net:7100/mx-gcgapi/perfext
type:
- production
- development
...