Functionality
This API checks if an Oauth Prestep Token is valid or not and in case it is the API returns some information about the access limits of this token. This data includes the scope, expiration date, an unique user identifier in UUID format and the client identifier. <br><br>
Security
The security of the API is based on the OAuth protocol. Specifically it is secured with an Oauth Access Token which the TPP has to obtain. So the TPP have to complete the Prestep Authorization flow in order to get this Token (see Oauth Pre-step Authorize API and Oauth Token API documentation for more information). Then, with the token, the TPP can consume this API sending the token in the request headers. <br><br>
Output Example
This is an example of the output of this API with information about the Prestep Access Token sent:
{
"client_id": "a6343a2f-a3b9-4adb-bcc3-0ac31bb0afae",
"user_id": "842a49cd-d9ae-4dad-a01f-b54fdaa78117",
"expiration_date": "2019-09-23T12:03:42",
"scope": "identity"
}
<br><br>
Paths
/
Endpoint for Access Token Introspection
This parameter is the ID that identifies the TPP that has been registered in the API Portal previously.
Header that includes an Oauth Access Token
200 OK
Definitions
{
"properties": {
"client_id": {
"type": "string",
"description": "Identifier for the third-party app"
},
"user_id": {
"type": "string",
"description": "User identifier calculated as a hash of the username and the issuer"
},
"expiration_date": {
"type": "string",
"description": "The expiration date of the inspected token"
},
"scope": {
"type": "string",
"description": "Indicates the resources that the token enables the access"
}
},
"additionalProperties": false
}
Information about a single error that occurs during the API execution.
{
"properties": {
"developerMessage": {
"type": "string",
"description": "Message that is sent to the developer.",
"example": "ClientId in signature token differs from the ClientId associated to the access token"
},
"userMessage": {
"type": "string",
"description": "Message that is sent to the user.",
"example": "The operation can not be reached."
},
"status": {
"type": "string",
"description": "HTTP Status of the error.",
"example": "403"
},
"moreInfo": {
"type": "string",
"description": "More information related to the errors.",
"example": "https://developer.bancosantander.es/api/errors/GOIT_001"
},
"code": {
"type": "string",
"description": "Unique identifier for the error code.",
"example": "FORBIDDEN"
}
},
"additionalProperties": false,
"required": [
"code",
"userMessage",
"moreInfo",
"status",
"developerMessage"
]
}
List of errors occured during the API execution
{
"type": "array",
"items": {
"$ref": "#/definitions/error"
}
}