---
swagger: "2.0"
info:
description: Authorize is our implementation of the OAuth 2.0 framework. It enables
secure authorization using standard methods that can easily be integrated in your
app. PCF EMEA - AUTH-O-PartyAuth-Partner-DGL-EM
title: PartyAuthentication_PartnerSession_Authorize_Digital_Orchestration
version: 1.0.0
x-ibm-name: PartyAuthentication_PartnerSession_Authorize_Digital_Orchestration
basePath: /openapi
host: 127.0.0.1
consumes:
- application/x-www-form-urlencoded
produces:
- application/json
schemes:
- https
definitions:
RevokeAuthCodeTokenResponse:
properties:
status:
description: The status of the token revocation request.
type: string
example: success
RefreshAuthCodeTokenResponse:
properties:
access_token:
description: This field should be passed as Authorization header in API request
calls
type: string
example: AAEkYzFjMDQ0Y2UtNTBmMy00NmY4LWI4YjEtYmQ5ODJkMWZiNGZh3xGP85xjqyxoHR7pXxzQJf223kWPL-HyWHD4zrRCvHZUkeBkTgxppbmpFtmWeVmjzDOxs1wFzI4s45YDS15eYmyuxzLbVog4d8H9pYSelrvL6naDYOLL9U16EaY0iyAMPBGX1H7RhCqtmd-7u_Eanw7QshbruLaZh2stOrdq2thC5CCSwW2r0e8PM1QbWubJOcMp8UGv-zNc0I3cTSihymSCF44HJ_yeuPAcXJ7kj-iPzQqxaO6FiWPmIsIh2YSxdGYo8alTyjJfG5AQDnM0HA
refresh_token:
description: The refresh token value
type: string
example: AAGsyASCzlBplxGvA-5CFCkLhNinu6-0HQt-y7PuzsRLVAHok6yYs6KS2Np4t7bL0R8FMeT62wYXFxxY6F7LU_cc00QTXPfoQFFtay2tu3eGpBAGDg07ll_vNk_AEJo9l1GaEKYev7Q7drDOeRCDRqcD12zJzk36PsQEM6j1txFV2jR3snW5PLs3HVjxNRjUHWLR5IoI2qfb8zCZNahrFCRQ7T7ZVB_-E6Qk22tN3hZkZH7_kB3bZjtVoNxyjJ6qBDcrYdgtAvPvBV-xXDBmfUXD44JBYiZffHjEr2dFb_e3yA
refreshTokenExpiresIn:
description: This refer to the time in refersh token expiry
type: number
example: 2678400
consentedOn:
description: This refer to the customer consent time for authorization
type: number
scope:
description: The list of scopes separated by space
type: string
example: /dda/customer /dda/accountlist /dda/account /dda/accountsdetails
/dda/account/transactions
token_type:
description: The token type
type: string
example: bearer
expires_in:
description: The access token expiry time (in seconds)
type: number
example: 1800
required:
- access_token
- token_type
- expires_in
- scope
- refresh_token
AccessAuthCodeTokenResponse:
properties:
access_token:
description: The access token value received after exchanging the authorization
token. This field should be passed as Authorization header in API request
calls
type: string
example: AAEkYzFjMDQ0Y2UtNTBmMy00NmY4LWI4YjEtYmQ5ODJkMWZiNGZh3xGP85xjqyxoHR7pXxzQJf223kWPL-HyWHD4zrRCvHZUkeBkTgxppbmpFtmWeVmjzDOxs1wFzI4s45YDS15eYmyuxzLbVog4d8H9pYSelrvL6naDYOLL9U16EaY0iyAMPBGX1H7RhCqtmd-7u_Eanw7QshbruLaZh2stOrdq2thC5CCSwW2r0e8PM1QbWubJOcMp8UGv-zNc0I3cTSihymSCF44HJ_yeuPAcXJ7kj-iPzQqxaO6FiWPmIsIh2YSxdGYo8alTyjJfG5AQDnM0HA
refresh_token:
description: You can use this token to refresh an expired access_token.
type: string
example: AAGsyASCzlBplxGvA-5CFCkLhNinu6-0HQt-y7PuzsRLVAHok6yYs6KS2Np4t7bL0R8FMeT62wYXFxxY6F7LU_cc00QTXPfoQFFtay2tu3eGpBAGDg07ll_vNk_AEJo9l1GaEKYev7Q7drDOeRCDRqcD12zJzk36PsQEM6j1txFV2jR3snW5PLs3HVjxNRjUHWLR5IoI2qfb8zCZNahrFCRQ7T7ZVB_-E6Qk22tN3hZkZH7_kB3bZjtVoNxyjJ6qBDcrYdgtAvPvBV-xXDBmfUXD44JBYiZffHjEr2dFb_e3yA
refreshTokenExpiresIn:
description: This refer to the time in refersh token expiry
type: number
example: 2678400
consentedOn:
description: This refer to the customer consent time for authorization
type: number
scope:
description: Set of scopes allowed by customer and separated by space
type: string
example: /dda/customer /dda/accountlist /dda/account /dda/accountsdetails
/dda/account/transactions
token_type:
description: Type of the access token issued. This is bearer token for authorization_code
grant type
type: string
example: bearer
expires_in:
description: Validity of access token in seconds
type: number
example: 1800
required:
- access_token
- token_type
- expires_in
- scope
- refresh_token
ErrorResponse:
properties:
type:
description: Invalid - Request did not confirm to the specification and was
unprocessed and rejected. Please fix the value and try again
enum:
- error
- warn
- invalid
- fatal
type: string
code:
description: Error code which qualifies the error
type: string
details:
description: Human readable explanation specific to the occurrence of the
problem
type: string
location:
description: The name of the field that resulted in the error
type: string
moreInfo:
description: URI to human readable documentation of the error
type: object
required:
- type
- code
paths:
/partyAuthentication/partnerSession/authCode/authorize:
get:
summary: 'Authorization code grant: Retrieve authorization code'
description: To retrieve an authorization code, call the authorize endpoint
by passing the required query parameters.
This authorization code is valid
for a very short period of time and should be immediately exchanged for access
token.
responses:
200:
description: An HTML form for authentication or authorization of this request.
302:
description: Redirect to the clients redirect_uri
parameters:
- in: query
name: response_type
description: Value MUST be set to "code"
type: string
required: true
- in: query
name: client_id
description: Client ID generated during application registration.
type: string
required: true
- in: query
name: scope
description: The set of scopes required to make the API calls. Scope is case
insensitive and multiple values can be passed using space delimiter.
type: string
required: true
- in: query
name: countryCode
description: Country code in 2 character ISO 3166 format (upper case)
type: string
required: true
- in: query
name: businessCode
description: The 3 character business code. Use GCB for consumer banking (upper
case)
type: string
required: true
- in: query
name: locale
description: Locale identify a specific language and geographic region, it
shoule follow [language[_territory]. eg - en_US, en_SG
type: string
required: true
- in: query
name: defaultPage
description: Used to identify the incoming request. eg -login
type: string
required: false
- in: query
name: state
description: Opaque value to maintain the state between request and call back.
This will be used to prevent cross-site request forgery.
type: string
required: false
- in: query
name: redirect_uri
description: Absolute uri for user-agent redirection.You should provide the
uri used during client registration process.
type: string
required: true
tags: []
security:
- client_id (Query): []
/partyAuthentication/partnerSession/authCode/token/{countryCode}/{businessCode}:
post:
summary: 'Authorization code grant: Retrieve access token'
description: Get an access token issued by calling our token endpoint and passing
the authorization code from the previous call. The issued access token will
have an expiry, and it will be valid only for the scope for which the consent
has been provided by the customer. You can call the APIs by passing this token
in Authorization header.
You also get a refresh token that can be used
to get a new access token in case the original one expires.
responses:
200:
description: Successful operation.
schema:
$ref: '#/definitions/AccessAuthCodeTokenResponse'
400:
description: | Type | Code | Details |
|
| invalid | invalidRequest | Missing
or invalid Parameters |
| invalid | invalidGrant | Grant
type is not valid |
schema:
$ref: '#/definitions/ErrorResponse'
401:
description: | Type | Code | Details |
| error | unAuthorized | Authorization
credentials are missing or invalid |
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: | Type | Code | Details |
| error | accessNotConfigured | Access
is not configured for this resource |
schema:
$ref: '#/definitions/ErrorResponse'
404:
description: | Type | Code | Details |
| error | resourceNotFound | Empty
resource/resource not found |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: | Type | Code | Details |
| fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
schema:
$ref: '#/definitions/ErrorResponse'
parameters:
- in: header
name: Authorization
description: 'HTTP Basic authentication by passing base64 encoded value of
the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret)
will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ=='
type: string
required: true
- in: header
name: Content-Type
description: Value should always be application/x-www-form-urlencoded
type: string
required: true
- in: formData
name: grant_type
description: Authentication grant type. Valid value is authorization_code
type: string
required: true
- in: formData
name: code
description: The code from the response of GET /authCode/oauth2/authorize
type: string
required: true
- in: formData
name: redirect_uri
description: Absolute uri for user-agent redirection. You should provide the
uri passed in GET /authCode/oauth2/authorize request
type: string
required: true
- name: countryCode
in: path
type: string
required: true
- name: businessCode
in: path
type: string
required: true
tags: []
/partyAuthentication/partnerSession/authCode/refresh:
post:
summary: 'Authorization code grant: Refresh access token'
description: If your access token has expired and you still have a valid refresh
token, you can exchange it for a new set of valid access and refresh tokens.
responses:
200:
description: Successful operation.
schema:
$ref: '#/definitions/RefreshAuthCodeTokenResponse'
400:
description: | Type | Code | Details |
|
| invalid | invalidRequest | Missing
or invalid Parameters |
| invalid | invalidGrant | Grant
type is not valid |
schema:
$ref: '#/definitions/ErrorResponse'
401:
description: | Type | Code | Details |
| error | unAuthorized | Authorization
credentials are missing or invalid |
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: | Type | Code | Details |
| error | accessNotConfigured | Access
is not configured for this resource |
schema:
$ref: '#/definitions/ErrorResponse'
404:
description: | Type | Code | Details |
| error | resourceNotFound | Empty
resource/resource not found |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: | Type | Code | Details |
| fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
schema:
$ref: '#/definitions/ErrorResponse'
parameters:
- in: header
name: Authorization
description: 'HTTP Basic authentication by passing base64 encoded value of
the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret)
will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ=='
type: string
required: true
- in: header
name: Content-Type
description: Content type. Value is application/x-www-form-urlencoded
type: string
required: true
- in: formData
name: grant_type
description: The grant type. Valid value is refresh_token.
type: string
required: true
- in: formData
name: refresh_token
description: The refresh token issued to the client
type: string
required: true
tags: []
/partyAuthentication/partnerSession/authCode/revoke:
post:
summary: 'Authorization code grant: Revoke access'
description: The revoke call will terminate the access granted by citi customer
to your application.
responses:
200:
schema:
$ref: '#/definitions/RevokeAuthCodeTokenResponse'
description: The request has succeeded
400:
description: | Type | Code | Details |
|
| invalid | invalidRequest | Missing
or invalid Parameters |
schema:
$ref: '#/definitions/ErrorResponse'
401:
description: | Type | Code | Details |
| error | unAuthorized | Authorization
credentials are missing or invalid |
schema:
$ref: '#/definitions/ErrorResponse'
403:
description: | Type | Code | Details |
| error | accessNotConfigured | Access
is not configured for this resource |
schema:
$ref: '#/definitions/ErrorResponse'
404:
description: | Type | Code | Details |
| error | resourceNotFound | Empty
resource/resource not found |
schema:
$ref: '#/definitions/ErrorResponse'
500:
description: | Type | Code | Details |
| fatal | serverUnavailable | The
request failed due to an internal error/server unavailability |
schema:
$ref: '#/definitions/ErrorResponse'
parameters:
- in: header
name: Authorization
description: 'HTTP Basic authentication by passing base64 encoded value of
the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret)
will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ=='
type: string
required: true
- in: header
name: Content-Type
description: Content type. Value is application/x-www-form-urlencoded
type: string
required: true
- in: formData
name: token
description: The token to be revoked
type: string
required: true
- in: formData
name: token_type_hint
description: A hint about the type of the token submitted for revocation.
Clients MAY pass this parameter in order to help the authorization server
to optimize the token lookup. Valid values are access_token, refresh_token
type: string
required: true
tags: []
x-ibm-configuration:
testable: true
enforced: true
phase: realized
securityDefinitions:
client_secret:
type: apiKey
description: ""
in: header
name: X-IBM-Client-Secret
client_id (Query):
type: apiKey
description: ""
in: query
name: client_id
client_id:
type: apiKey
name: X-IBM-Client-Id
in: header
description: ""
security:
- client_id: []
- client_id (Query): []
- client_secret: []
client_id: []
x-ibm-endpoints:
- endpointUrl: https://emea.sandbox.api.citi.com/gcb
description: Custom Gateway API Endpoint
type:
- production
- development
...