Contáctanos
  • Open Business
  • ¿Qué es?
  • Soluciones
  • Productos
  • Soporte
Registro Login
Open Business Open Business by Santander
  • Hola , esta es tu área privada
    Mi cuenta Mis aplicaciones Mi organización Cerrar sesion
    Salir
  • Registro Login
  • Contáctanos
  • Open Business Open Business by Santander
  • ¿Qué es?
  • Soluciones
  • Productos
  • Soporte
Contáctanos
  • Login 1.1.0
  • APIs
  • Oauth Token Open Business 1.0.1
  • Oauth Revoke 1.0.1
  • Oauth Pre-Step Authorize 1.2.0
  • Introspect 1.1.0
      • Operations
      • GET /
      • Definitions
      • introspectionResponse
      • error
      • errorList

Introspect 1.1.0


Functionality

This API checks if an Oauth Prestep Token is valid or not and in case it is the API returns some information about the access limits of this token. This data includes the scope, expiration date, an unique user identifier in UUID format and the client identifier. <br><br>

Security

The security of the API is based on the OAuth protocol. Specifically it is secured with an Oauth Access Token which the TPP has to obtain. So the TPP have to complete the Prestep Authorization flow in order to get this Token (see Oauth Pre-step Authorize API and Oauth Token API documentation for more information). Then, with the token, the TPP can consume this API sending the token in the request headers. <br><br>

Output Example

This is an example of the output of this API with information about the Prestep Access Token sent:

{
    &quot;client_id&quot;: &quot;a6343a2f-a3b9-4adb-bcc3-0ac31bb0afae&quot;,
    &quot;user_id&quot;: &quot;842a49cd-d9ae-4dad-a01f-b54fdaa78117&quot;,
    &quot;expiration_date&quot;: &quot;2019-09-23T12:03:42&quot;,
    &quot;scope&quot;: &quot;identity&quot;
}

<br><br>


  • cURL
  • Ruby
  • Python
  • PHP
  • Java
  • Node
  • Go
  • Swift
Subscribe
production
https://apis-sandbox.bancosantander.es/canales-digitales/sb

Paths

/

get /

Endpoint for Access Token Introspection

clientIdHeader
X-IBM-Client-Id
(apiKey located in header)

This parameter is the ID that identifies the TPP that has been registered in the API Portal previously.

Authorization
Required in header
string

Header that includes an Oauth Access Token

Accept
Optional in header
string
application/json
200

200 OK

introspectionResponse
Example Request
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Example Response
GET https://apis-sandbox.bancosantander.es/canales-digitales/sb/introspect/
Show more open_in_new
                                          
                                        

x
Try this operation
https://apis-sandbox.bancosantander.es/canales-digitales/sb/introspect/
Login to test this API.
Login to test this API.
accept
Authorization

                        
No response. This is a mixed content call. It is not possible to test HTTP APIs from an HTTPS secured Portal site and vice versa. No response. This is a cross-origin call. Make sure the server accepts requests from this portal. Or if using self-signed SSL certificates then paste the URL above into your browser to accept the certificate before trying again (On Internet Explorer it must be the same browser tab.).

                            

Definitions

{
    "properties": {
        "client_id": {
            "type": "string",
            "description": "Identifier for the third-party app"
        },
        "user_id": {
            "type": "string",
            "description": "User identifier calculated as a hash of the username and the issuer"
        },
        "expiration_date": {
            "type": "string",
            "description": "The expiration date of the inspected token"
        },
        "scope": {
            "type": "string",
            "description": "Indicates the resources that the token enables the access"
        }
    },
    "additionalProperties": false
}
              

Information about a single error that occurs during the API execution.

{
    "properties": {
        "developerMessage": {
            "type": "string",
            "description": "Message that is sent to the developer.",
            "example": "ClientId in signature token differs from the ClientId associated to the access token"
        },
        "userMessage": {
            "type": "string",
            "description": "Message that is sent to the user.",
            "example": "The operation can not be reached."
        },
        "status": {
            "type": "string",
            "description": "HTTP Status of the error.",
            "example": "403"
        },
        "moreInfo": {
            "type": "string",
            "description": "More information related to the errors.",
            "example": "https://developer.bancosantander.es/api/errors/GOIT_001"
        },
        "code": {
            "type": "string",
            "description": "Unique identifier for the error code.",
            "example": "FORBIDDEN"
        }
    },
    "additionalProperties": false,
    "required": [
        "code",
        "userMessage",
        "moreInfo",
        "status",
        "developerMessage"
    ]
}
              

List of errors occured during the API execution

{
    "type": "array",
    "items": {
        "$ref": "#/definitions/error"
    }
}
              
  • Share this
Open Business
Soluciones
Productos
Soporte
by Santander
Política de Cookies Términos y condiciones
  X  

¿Hacemos negocios juntos?

Contáctanos