--- swagger: "2.0" info: x-ibm-name: introspect title: Introspect version: 1.1.0 description: "___\n## **Functionality**\n\nThis API checks if an Oauth Prestep Token is valid or not and in case it is the API returns some information about the access limits of this token. This data includes the scope, expiration date, an unique user identifier in UUID format and the client identifier. \n

\n\n## **Security**\n\nThe security of the API is based on the **OAuth** protocol. Specifically it is secured with an Oauth Access Token which the TPP has to obtain. So the TPP have to complete the Prestep Authorization flow in order to get this Token (see Oauth Pre-step Authorize API and Oauth Token API documentation for more information). Then, with the token, the TPP can consume this API sending the token in the request headers. \n

\n\n## **Output Example**\n\nThis is an example of the output of this API with information about the Prestep Access Token sent:\n\n {\n \"client_id\": \"a6343a2f-a3b9-4adb-bcc3-0ac31bb0afae\",\n \"user_id\": \"842a49cd-d9ae-4dad-a01f-b54fdaa78117\",\n \ \"expiration_date\": \"2019-09-23T12:03:42\",\n \"scope\": \"identity\"\n \ }\n

\n\n___" schemes: - https basePath: /introspect consumes: - application/json produces: - application/json securityDefinitions: clientIdHeader: type: apiKey in: header name: X-IBM-Client-Id description: This parameter is the ID that identifies the TPP that has been registered in the API Portal previously. OAuth Server CC: type: oauth2 description: OAuth 2.0 Security. Client credentials flow. flow: application x-santander-refresh-token: true scopes: identity: Permitir el acceso a la informacion de consentimientos y su peticion x-tokenIntrospect: url: "" tokenUrl: https://sos-psd2-gateway-san-estruc-api-dev.appls.boaw.paas.gsnetcloud.corp/oauth/token OAuth Server: type: oauth2 description: OAuth 2.0 Security. Authorization flow credentials. flow: accessCode x-santander-refresh-token: true scopes: identity: Permitir el acceso a la informacion de consentimientos y su peticion tokenUrl: https://sos-psd2-gateway-san-estruc-api-dev.appls.boaw.paas.gsnetcloud.corp/oauth/token authorizationUrl: https://sos-psd2-gateway-san-estruc-api-dev.appls.boaw.paas.gsnetcloud.corp/authorize security: - clientIdHeader: [] x-ibm-configuration: testable: true enforced: true phase: realized paths: /: get: responses: 200: description: 200 OK schema: $ref: '#/definitions/introspectionResponse' summary: Endpoint for Access Token Introspection x-santander-security: - OAuth2_Access-Code: - identity parameters: - name: Authorization type: string required: true in: header description: Header that includes an Oauth Access Token definitions: introspectionResponse: properties: client_id: type: string description: Identifier for the third-party app user_id: type: string description: User identifier calculated as a hash of the username and the issuer expiration_date: type: string description: The expiration date of the inspected token scope: type: string description: Indicates the resources that the token enables the access additionalProperties: false error: properties: developerMessage: type: string description: Message that is sent to the developer. example: ClientId in signature token differs from the ClientId associated to the access token userMessage: type: string description: Message that is sent to the user. example: The operation can not be reached. status: type: string description: HTTP Status of the error. example: "403" moreInfo: type: string description: More information related to the errors. example: https://developer.bancosantander.es/api/errors/GOIT_001 code: type: string description: Unique identifier for the error code. example: FORBIDDEN additionalProperties: false required: - code - userMessage - moreInfo - status - developerMessage description: Information about a single error that occurs during the API execution. errorList: description: List of errors occured during the API execution type: array items: $ref: '#/definitions/error' tags: [] x-ibm-endpoints: - endpointUrl: https://apis-sandbox.bancosantander.es/canales-digitales/sb type: - production ...