--- swagger: "2.0" info: title: ConsumerDataStandards_DynamicClientRegistration_OBD_Digital_Regulatory description: '

Microservice name : ConsumerDataStandards_DynamicClientRegistration_OBD_Digital_Regulatory
Deployment reference : XP-R-ConsumerDataStd-CLRG-OB-DGL-EM

' version: 1.0.0 x-ibm-name: ConsumerDataStandards_DynamicClientRegistration_OBD_Digital_Regulatory host: 127.0.0.1 schemes: - https consumes: - application/jwt produces: - application/json basePath: /api paths: /v1/gb/auth/clients/register/{countryCode}/{businessCode}: post: summary: Register a client by way of a Software Statement Assertion description: Endpoint will be secured by way of Mutual Authentication over TLS tags: - Regulatory operationId: DynamicClientRegistration parameters: - name: Authorization in: header description: HTTP Basic authentication by passing base64 encoded value of the access_token. type: string required: true - name: Accept in: header description: Content-Type that are acceptable for the response. type: string required: true - name: client_id in: header description: Client ID generated during application registration. required: true type: string - name: Content-Type in: header description: application/json required: true type: string - name: businessCode type: string required: true in: path description: businessCode - name: countryCode type: string required: true in: path - name: DynamicClientRegistrationRequest in: body description: DynamicClientRegistrationRequest required: true schema: $ref: '#/definitions/DynamicClientRegistrationRequest' responses: 201: description: Successful operation. schema: $ref: '#/definitions/DynamicClientRegistrationResponse' 400: $ref: '#/responses/400Error' security: - [] /v1/gb/auth/clients/register/{client_id}: get: summary: Get a client by way of Client ID tags: - Regulatory operationId: RetrieveDynamicClientGbRegistration parameters: - name: Authorization in: header description: HTTP Basic authentication by passing base64 encoded value of the access_token. type: string required: true - name: Accept in: header description: Content-Type that are acceptable for the response. type: string required: true - name: client_id in: header description: Client ID generated during application registration. required: true type: string - name: Content-Type in: header description: application/json required: true type: string - name: client_id in: path description: This refer to the unique client id for this information is require type: string required: true responses: 200: description: Successful operation. schema: $ref: '#/definitions/RetrieveDynamicClientGbRegistrationResponse' 401: $ref: '#/responses/401Error' 403: $ref: '#/responses/403Error' put: summary: Update a client by way of Client ID tags: - Regulatory operationId: UpdateDynamicClientGbRegistration parameters: - name: UpdateDynamicClientGbRegistrationRequest in: body description: UpdateDynamicClientGbRegistrationRequest required: true schema: $ref: '#/definitions/UpdateDynamicClientGbRegistrationRequest' - name: client_id in: path description: Client ID generated during application registration. required: true type: string - $ref: '#/parameters/Authorization' responses: 200: description: Successful operation. schema: $ref: '#/definitions/UpdateDynamicClientGbRegistrationResponse' 400: $ref: '#/responses/400Error' 401: $ref: '#/responses/401Error' 403: $ref: '#/responses/403Error' delete: summary: Delete a client by way of Client ID tags: - Regulatory operationId: DeleteDynamicClientGbRegistration parameters: - name: Authorization in: header description: HTTP Basic authentication by passing base64 encoded value of the access_token. type: string required: true - name: Accept in: header description: Content-Type that are acceptable for the response. type: string required: true - name: client_id in: header description: Client ID generated during application registration. required: true type: string - name: Content-Type in: header description: application/json required: true type: string - name: client_id in: path description: This refer to the unique client id for this information is require type: string required: true responses: 204: description: Client deleted 401: $ref: '#/responses/401Error' 403: $ref: '#/responses/403Error' 405: $ref: '#/responses/403Error' parameters: Authorization: in: header name: Authorization type: string required: true description: An Authorisation Token as per https://tools.ietf.org/html/rfc6750 ClientId: name: ClientId description: The client ID in: path type: string required: true ClientRegistration: name: requestBody description: A request to register a Software Statement Assertion with an ASPSP in: body schema: type: string format: OBClientRegistration1 DynamicClientRegistrationRequest: name: DynamicClientRegistrationRequest description: A request to register a Software Statement Assertion with an ASPSP in: body schema: type: string format: OBClientRegistration1 DynamicClientRegistrationUpdateRequest: name: DynamicClientRegistrationRequest description: A request to register a Software Statement Assertion with an ASPSP in: body schema: type: string format: OBClientRegistration1 responses: OBClientRegistration1: description: Client registration schema: allOf: - $ref: '#/definitions/OBRegistrationProperties1' - required: - client_id 400Error: description: Request failed due to client error schema: $ref: '#/definitions/RegistrationError' 401Error: description: Request failed due to unknown or invalid Client or invalid access token headers: WWW-Authenticate: description: Response header field specified in https://tools.ietf.org/html/rfc6750 type: string pattern: ^Bearer .* 403Error: description: The client does not have permission to read, update or delete the Client 405Error: description: Method Not Allowed definitions: SupportedAlgorithms: type: string enum: - RS256 - PS256 - ES256 OBRegistrationProperties1: type: object required: - redirect_uris - token_endpoint_auth_method - grant_types - scope - software_statement - application_type - id_token_signed_response_alg - request_object_signing_alg properties: client_id: description: OAuth 2.0 client identifier string type: string minLength: 1 maxLength: 36 client_secret: description: OAuth 2.0 client secret string type: string minLength: 1 maxLength: 36 client_id_issued_at: description: Time at which the client identifier was issued expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC type: integer format: int32 minimum: 0 client_secret_expires_at: description: Time at which the client secret will expire expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC. Set to 0 if does not expire type: integer format: int32 minimum: 0 redirect_uris: type: array items: type: string format: uri minLength: 1 maxLength: 256 token_endpoint_auth_method: type: string enum: - private_key_jwt - client_secret_jwt - client_secret_basic - client_secret_post - tls_client_auth grant_types: type: array items: type: string enum: - client_credentials - authorization_code - refresh_token minItems: 1 response_types: type: array items: type: string enum: - code - code id_token software_id: type: string minLength: 1 maxLength: 22 pattern: ^[0-9a-zA-Z]{1,22}$ scope: type: string minLength: 1 maxLength: 256 software_statement: type: string format: JWT application_type: type: string enum: - web - mobile id_token_signed_response_alg: $ref: '#/definitions/SupportedAlgorithms' request_object_signing_alg: $ref: '#/definitions/SupportedAlgorithms' token_endpoint_auth_signing_alg: $ref: '#/definitions/SupportedAlgorithms' tls_client_auth_subject_dn: type: string minLength: 1 maxLength: 128 OBClientRegistration1: allOf: - type: object required: - iss - iat - exp - aud - jti properties: iss: description: Unique identifier for the TPP. Implemented as Base62 encoded GUID type: string pattern: ^[0-9a-zA-Z]{1,22}$ minLength: 1 maxLength: 22 iat: description: The time at which the request was issued by the TPP expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC type: integer format: int32 exp: description: The time at which the request expires expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC type: integer format: int32 aud: description: | The audience for the request. This should be the unique identifier for the ASPSP issued by the issuer of the software statement. Implemented as Base62 encoded GUID type: string pattern: ^[0-9a-zA-Z]{1,18}$ minLength: 1 maxLength: 18 jti: description: Unique identifier for the JWT implemented as UUID v4 type: string pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$ minLength: 36 maxLength: 36 - $ref: '#/definitions/OBRegistrationProperties1' RegistrationError: type: object required: - error properties: error: type: string enum: - invalid_redirect_uri - invalid_client_metadata - invalid_software_statement - unapproved_software_statement error_description: type: string minLength: 1 maxLength: 500 DynamicClientRegistrationRequest: type: string format: OBClientRegistration1 description: JWT format of OBClientRegistration1 DynamicClientRegistrationResponse: description: Client registration allOf: - $ref: '#/definitions/OBRegistrationProperties1' RetrieveDynamicClientGbRegistrationResponse: description: Client registration allOf: - $ref: '#/definitions/OBRegistrationProperties1' UpdateDynamicClientGbRegistrationRequest: type: string format: OBClientRegistration1 description: JWT format of OBClientRegistration1 UpdateDynamicClientGbRegistrationResponse: description: Client registration allOf: - $ref: '#/definitions/OBRegistrationProperties1' securityDefinitions: oauth-1: type: oauth2 description: "" flow: application scopes: /api: "" tokenUrl: https://emea.sandbox.api.citigroup.net/gcb/internal/confidential/clientCredentials/oauth2/token/gb/ipb x-tokenIntrospect: url: https://emea.sandbox.api.citigroup.net/gcb/internal/confidential/clientCredentials/oauth2/introspect x-ibm-configuration: enforced: true testable: true phase: realized security: - oauth-1: [] x-ibm-endpoints: - endpointUrl: https://emea.sandbox.api.citi.com/gcb description: Custom Gateway API Endpoint type: - production - development ...