---
swagger: "2.0"
info:
x-ibm-name: introspect
title: Introspect
version: 1.1.0
description: "___\n## **Functionality**\n\nThis API checks if an Oauth Prestep Token
is valid or not and in case it is the API returns some information about the access
limits of this token. This data includes the scope, expiration date, an unique
user identifier in UUID format and the client identifier. \n
\n\n## **Security**\n\nThe
security of the API is based on the **OAuth** protocol. Specifically it is secured
with an Oauth Access Token which the TPP has to obtain. So the TPP have to complete
the Prestep Authorization flow in order to get this Token (see Oauth Pre-step
Authorize API and Oauth Token API documentation for more information). Then, with
the token, the TPP can consume this API sending the token in the request headers.
\n
\n\n## **Output Example**\n\nThis is an example of the output of this
API with information about the Prestep Access Token sent:\n\n {\n \"client_id\":
\"a6343a2f-a3b9-4adb-bcc3-0ac31bb0afae\",\n \"user_id\": \"842a49cd-d9ae-4dad-a01f-b54fdaa78117\",\n
\ \"expiration_date\": \"2019-09-23T12:03:42\",\n \"scope\": \"identity\"\n
\ }\n
\n\n___"
schemes:
- https
basePath: /introspect
consumes:
- application/json
produces:
- application/json
securityDefinitions:
clientIdHeader:
type: apiKey
in: header
name: X-IBM-Client-Id
description: This parameter is the ID that identifies the TPP that has been registered
in the API Portal previously.
OAuth Server CC:
type: oauth2
description: OAuth 2.0 Security. Client credentials flow.
flow: application
x-santander-refresh-token: true
scopes:
identity: Permitir el acceso a la informacion de consentimientos y su peticion
x-tokenIntrospect:
url: ""
tokenUrl: https://sos-psd2-gateway-san-estruc-api-dev.appls.boaw.paas.gsnetcloud.corp/oauth/token
OAuth Server:
type: oauth2
description: OAuth 2.0 Security. Authorization flow credentials.
flow: accessCode
x-santander-refresh-token: true
scopes:
identity: Permitir el acceso a la informacion de consentimientos y su peticion
tokenUrl: https://sos-psd2-gateway-san-estruc-api-dev.appls.boaw.paas.gsnetcloud.corp/oauth/token
authorizationUrl: https://sos-psd2-gateway-san-estruc-api-dev.appls.boaw.paas.gsnetcloud.corp/authorize
security:
- clientIdHeader: []
x-ibm-configuration:
testable: true
enforced: true
phase: realized
paths:
/:
get:
responses:
200:
description: 200 OK
schema:
$ref: '#/definitions/introspectionResponse'
summary: Endpoint for Access Token Introspection
x-santander-security:
- OAuth2_Access-Code:
- identity
parameters:
- name: Authorization
type: string
required: true
in: header
description: Header that includes an Oauth Access Token
definitions:
introspectionResponse:
properties:
client_id:
type: string
description: Identifier for the third-party app
user_id:
type: string
description: User identifier calculated as a hash of the username and the
issuer
expiration_date:
type: string
description: The expiration date of the inspected token
scope:
type: string
description: Indicates the resources that the token enables the access
additionalProperties: false
error:
properties:
developerMessage:
type: string
description: Message that is sent to the developer.
example: ClientId in signature token differs from the ClientId associated
to the access token
userMessage:
type: string
description: Message that is sent to the user.
example: The operation can not be reached.
status:
type: string
description: HTTP Status of the error.
example: "403"
moreInfo:
type: string
description: More information related to the errors.
example: https://developer.bancosantander.es/api/errors/GOIT_001
code:
type: string
description: Unique identifier for the error code.
example: FORBIDDEN
additionalProperties: false
required:
- code
- userMessage
- moreInfo
- status
- developerMessage
description: Information about a single error that occurs during the API execution.
errorList:
description: List of errors occured during the API execution
type: array
items:
$ref: '#/definitions/error'
tags: []
x-ibm-endpoints:
- endpointUrl: https://apis-sandbox.bancosantander.es/canales-digitales/sb
type:
- production
...