Open Business
Contáctanos

Introspect 1.1.0

Functionality

This API checks if an Oauth Prestep Token is valid or not and in case it is the API returns some information about the access limits of this token. This data includes the scope, expiration date, an unique user identifier in UUID format and the client identifier. <br><br>

Security

The security of the API is based on the OAuth protocol. Specifically it is secured with an Oauth Access Token which the TPP has to obtain. So the TPP have to complete the Prestep Authorization flow in order to get this Token (see Oauth Pre-step Authorize API and Oauth Token API documentation for more information). Then, with the token, the TPP can consume this API sending the token in the request headers. <br><br>

Output Example

This is an example of the output of this API with information about the Prestep Access Token sent:

{
    &quot;client_id&quot;: &quot;a6343a2f-a3b9-4adb-bcc3-0ac31bb0afae&quot;,
    &quot;user_id&quot;: &quot;842a49cd-d9ae-4dad-a01f-b54fdaa78117&quot;,
    &quot;expiration_date&quot;: &quot;2019-09-23T12:03:42&quot;,
    &quot;scope&quot;: &quot;identity&quot;
}

<br><br>

production
https://apis-sandbox.bancosantander.es/canales-digitales/sb

Paths

/

get /

Endpoint for Access Token Introspection

clientIdHeader
X-IBM-Client-Id
(apiKey located in header)

This parameter is the ID that identifies the TPP that has been registered in the API Portal previously.

Authorization
Required in header
string

Header that includes an Oauth Access Token

Accept
Optional in header
string
application/json
200

200 OK

introspectionResponse
Example Request
Example Response
GET https://apis-sandbox.bancosantander.es/canales-digitales/sb/introspect/
Try this operation
https://apis-sandbox.bancosantander.es/canales-digitales/sb/introspect/
accept
Authorization

Definitions 

{
    "properties": {
        "client_id": {
            "type": "string",
            "description": "Identifier for the third-party app"
        },
        "user_id": {
            "type": "string",
            "description": "User identifier calculated as a hash of the username and the issuer"
        },
        "expiration_date": {
            "type": "string",
            "description": "The expiration date of the inspected token"
        },
        "scope": {
            "type": "string",
            "description": "Indicates the resources that the token enables the access"
        }
    },
    "additionalProperties": false
}

Information about a single error that occurs during the API execution.

{
    "properties": {
        "developerMessage": {
            "type": "string",
            "description": "Message that is sent to the developer.",
            "example": "ClientId in signature token differs from the ClientId associated to the access token"
        },
        "userMessage": {
            "type": "string",
            "description": "Message that is sent to the user.",
            "example": "The operation can not be reached."
        },
        "status": {
            "type": "string",
            "description": "HTTP Status of the error.",
            "example": "403"
        },
        "moreInfo": {
            "type": "string",
            "description": "More information related to the errors.",
            "example": "https://developer.bancosantander.es/api/errors/GOIT_001"
        },
        "code": {
            "type": "string",
            "description": "Unique identifier for the error code.",
            "example": "FORBIDDEN"
        }
    },
    "additionalProperties": false,
    "required": [
        "code",
        "userMessage",
        "moreInfo",
        "status",
        "developerMessage"
    ]
}

List of errors occured during the API execution

{
    "type": "array",
    "items": {
        "$ref": "#/definitions/error"
    }
}
Open Business
Soluciones
Productos
Soporte
Política de Cookies Términos y condiciones