{"swagger":"2.0","info":{"description":"Finzsoft REST Endpoints (Swagger) Description","version":"1.0.0","title":"Finzsoft REST Endpoints (Swagger)","contact":{"name":"Finzsoft Solutions Limited"},"license":{"name":"Apache 2.0 License","url":"http://www.apache.org/licenses/LICENSE-2.0.html"}},"basePath":"/MobilePROD/rsservice/v1/login_phase_1","tags":[{"name":"Auth"}],"paths":{"/token":{"post":{"tags":["Auth"],"summary":"This is the token API that allows both the Oauth2.0 Resource owner and Client Credential flow.","description":"<h2>Summary:</h2><p>Client Credential Flow is designed to authenticate a client application, mostly For System to System integrations. As per OAuth2 spec for this flow (https://tools.ietf.org/html/rfc6749#section-2.3.1),<p> OCC Token service supports both Basic Auth as well as clear text form posting ,  Input must be <B>Form-url Encoded </B> <p>  Its recommend to always use basic auth to retrieve access token for this flow.  <p>  For example, HTTP BASIC Auth header for client id: RESTUSER and credential:F1nz50ft is UkVTVFVTRVI6RjFuejUwZnQ= so this commend returns the token:<p>  <code><p> curl -X POST \"http://mobile-banking-server.com/rsservice/v1/login_phase_1/token\" -H \"accept: application/json\" -H \"Content-Type: application/x-www-form-urlencoded\" -H \"Authorization: Basic UkVTVFVTRVI6RjFuejUwZnQ=\" -d \"grant_type=client_credentials\"  </code><p> Normal form posting its still supported.  For example:<p>  <code><p>  Address: http://mobile-banking-server.com/rsservice/v1/public/token<p>  Encoding: ISO-8859-1<p>  Http-Method: POST<p>  Content-Type: application/x-www-form-urlencoded<p>  Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive], Content-Length=[88], content-type=[application/x-www-form-urlencoded], Host=[localhost:8080], Pragma=[no-cache]}<p>  Payload:<p>    mobile_app_id=OCC+AUTO+TEST&grant_type=client_credentials&mobile_app_version=Test_APP_VERSION+v1.0&client_secret=F1nz50ft&uuid=-1447387997&client_id=RESTUSER<p>  </code><p><p>    On successful authentication, this service will return response code 200 and message in this format:    <p>    <code><p>        {\"access_token\":\"70639e7e6ff2225971a5a69561244b6\",\"token_type\":\"bearer\",\"expires_in\":3600,\"terms_condition_updated\":\"false\"}<p>    </code><p>    </p>    For unsuccessful authentication, the typical response will be:    <p>    <code>        Response-Code: 400        Payload: {\"error\":\"WRONG_CREDENTIAL_1\",\"error_description\":\"Mismatching username and password.\"}    </code>    </p><p>  For applications that authenticating on behalf of end customers, we supports login via their username and password(also uuid and pin)<p>   <code><p>   Address: http://mobile-banking-server.com/rsservice/v1/public/token<p>   Encoding: ISO-8859-1<p>   Http-Method: POST<p>   Content-Type: application/x-www-form-urlencoded<p>   Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive], Content-Length=[88], content-type=[application/x-www-form-urlencoded], Host=[localhost:8080], Pragma=[no-cache]}<p>   Payload:<p>    username=jbond00001&grant_type=password&uuid=123456789&client_id=public&password=Power23<p>   </code><p><p>  <p>  Note, if username/password is used, then the token returned can only be used to access the keep question webservice;<p>  if uuid/pin is used, then the token returned is the full token so can be used to access all webservices.<p>  </p>","operationId":"handleTokenRequest","consumes":["application/x-www-form-urlencoded"],"produces":["application/json"],"parameters":[{"name":"client_id","in":"formData","description":"Client represents who's calling the API. 'public' for Resource owner flow or the name of the client for Client Credentials flow.","required":false,"type":"string","x-example":"RESTUSER"},{"name":"client_secret","in":"formData","description":"The secret/password/API Key the calling system holds. Only needed when grant type is client_credentials. 'public' for Resource owner flow or the name of the client for Client Credentials flow.","required":false,"type":"string","allowEmptyValue":true,"x-example":"F1nz50ft"},{"name":"grant_type","in":"formData","description":"The type of the Oauth2.0 flow. Supported types ATM are: client_credentials and password (resource owner flow) ","required":false,"type":"string","x-example":"F1nz50ft","enum":["client_credentials","password"]},{"name":"username","in":"formData","description":"Sovereign User Name","required":false,"type":"string","allowEmptyValue":true},{"name":"password","in":"formData","description":"The password for the user, only required when grant_type is set to password ","required":false,"type":"string","allowEmptyValue":true},{"name":"uuid","in":"formData","description":"Optional field, representing the calling App. Typically only used by customer facing app.","required":false,"type":"string","allowEmptyValue":true},{"name":"device_type","in":"formData","description":"Opitonal field, representing the device. Typically only used by customer facing app.","required":false,"type":"string","allowEmptyValue":true},{"name":"pin","in":"formData","description":"Opitonal field, used to login with uuid and pin pair. Max length 50. Primary and secondary clients (non-guest) can use pin login. Only available for resource owner flow, aka, grand_type=password.","required":false,"type":"string","allowEmptyValue":true},{"name":"bio_secret","in":"formData","description":"Opitonal field, Used for biometrics login, max length 50. Only primary client can setup biometrics login. Only available for resource owner flow, aka, grand_type=password. Pin fields must be empty.","required":false,"type":"string","allowEmptyValue":true},{"name":"guest_mode","in":"formData","description":"Guest mode will not register the device (uuid) with the user. Only used when using password to login. Only available for resource owner flow, aka, grand_type=password.","required":false,"type":"string","default":"false","allowEmptyValue":true},{"name":"mobile_app_id","in":"formData","description":"Opitonal field, only used to distinguish different client when server aggregation is used ie, multi-branded mobile banking.","required":false,"type":"string","allowEmptyValue":true},{"name":"mobile_app_version","in":"formData","description":"Opitonal field, can be used for whitelisting, blacklisting on the serverside.","required":false,"type":"string","allowEmptyValue":true}],"responses":{"200":{"description":"Success","examples":{"":"{...}"},"schema":{"$ref":"#/definitions/ClientAccessToken"}},"400":{"description":"WRONG_CREDENTIAL_1 | REQUIRED_PARMS_ERROR | PASSWORD_EXPIRED | USER_ID_ATTEMPTS_MAX | PASSWORD_ATTEMPT_MAX_BY_SAME_IP"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"404":{"description":"Not found"},"500":{"description":"Internal Server Error"}}}}},"securityDefinitions":{"systemAPIAuthentication":{"description":"OAuth2 login using grant type 'Client Credentials'","type":"oauth2","tokenUrl":" http://localhost:802/SovSE_Mobile_Banking_Server/rsservice/v1/public/token","flow":"application"},"customerAPIAuthentication":{"description":"OAuth2 login using grant type 'Username/Password Credentials'","type":"oauth2","tokenUrl":"http://mobile-banking-server.com/rsservice/v1/public/token","flow":"password"}},"definitions":{"ClientAccessToken":{"type":"object","properties":{"tokenKey":{"type":"string"},"tokenType":{"type":"string"},"refreshToken":{"type":"string"},"expiresIn":{"type":"integer","format":"int64"},"issuedAt":{"type":"integer","format":"int64"},"notBefore":{"type":"integer","format":"int64"},"issuer":{"type":"string"},"encodedToken":{"type":"string"},"parameters":{"type":"object","additionalProperties":{"type":"string"}},"approvedScope":{"type":"string"}}}}}