API Authorize

Authorize es nuestra implementación del marco OAuth 2.0. Permite la autorización segura utilizando métodos estándar que se pueden integrar fácilmente en tu aplicación.

Endpoints en esta página

GET

/v1/authorize

Obtén un token de acceso para las credenciales de tu aplicación

Obtén un token de acceso para las credenciales de tu aplicación

GET

/v1/authorize

Descripción

Obtén un token de acceso para las credenciales de tu aplicación

Parámetros del header

uuid

string,
Required

UUID aleatorio de 128 bits generado de forma única para cada solicitud.

Query params

response_type

string,
Required

Indica que flujo para el OAuth se desea realizar.

client_id

string,
Required

ID de cliente generado durante el registro de la aplicación.

code_challenge

string,
Optional

Genera un challenge desde el code_verifier.

code_challenge_method

string,
Optional

S256 es el método utilizado para generar el challenge.

redirect_uri

string,
Optional

Url to which Auhorization server will redirect the browser after authorization has been granted by user

scope

string,
Optional

Conjunto de scopes solicitados para realizar llamadas a la API. Puedes pasar varios valores delimitados por espacios.

state

string,
Optional

un valor que la aplicación agrega a la solicitud inicial al redirigir hacia hacia atrás de la aplicación. La aplicación debe de utilizar este valor para evitar ataques de CSRF.

businessCode

string,
Required

Código comercial que es identificado durante el registro de la solicitud.

countryCode

string,
Required

Código de país ISO a 2 caracteres.

channelId

string,
Required

Identificado durante el registro de la solicitud.

Claro
Oscuro
cURL
Ruby
Python
Ejemplo de solicitud
GET
/v1/authorize
Ejemplo de solicitud
GET
/v1/authorize
Ejemplo de solicitud
GET
/v1/authorize
Ejemplo de solicitud
                         
                             
                                 curl --request get --url https://partner.citi.com/gcgapi/sandbox/prod/atm-branch-locator/v1/atms --header 'Authorization: REPLACE_THIS_VALUE' --header 'If-Modified-Since: REPLACE_THIS_VALUE' --header 'If-None-Match: REPLACE_THIS_VALUE' --header 'client_id: REPLACE_THIS_VALUE' --header 'uuid: REPLACE_THIS_VALUE'
Ejemplo de solicitud
                         
                             
                                 require 'uri' require 'net/http' require 'openssl'  nurl = URI("https://partner.citi.com/gcgapi/sandbox/prod/atm-branch-locator/v1/atms")  http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE  request = Net::HTTP::Get.new(url) request["Authorization"] = 'REPLACE_THIS_VALUE' request["client_id"] = 'REPLACE_THIS_VALUE' request["uuid"] = 'REPLACE_THIS_VALUE' request["If-Modified-Since"] = 'REPLACE_THIS_VALUE' request["If-None-Match"] = 'REPLACE_THIS_VALUE'  response = http.request(request) puts response.read_body
Ejemplo de solicitud
                         
                             
                                 import http.client  conn = http.client.HTTPSConnection("partner.citi.com")  headers = { 'Authorization': "REPLACE_THIS_VALUE", 'client_id': "REPLACE_THIS_VALUE", 'uuid': "REPLACE_THIS_VALUE", 'If-Modified-Since': "REPLACE_THIS_VALUE", 'If-None-Match': "REPLACE_THIS_VALUE" }  conn.request("get", "/gcgapi/sandbox/prod/atm-branch-locator/v1/atms", headers=headers)  res = conn.getresponse() data = res.read()  print(data.decode("utf-8"))
Claro
Oscuro

Respuestas de APIs

Ejemplo de solicitud

GET
/v1/authorize

Ejemplo de solicitud

GET
/v1/authorize

Ejemplo de respuesta

    
    
{
  "access_token": {
    "type": "string",
    "description": "Digital object that contains information about the identity of the principal making the request and what kind of access they are authorized for. Token standards used here is JWT, JWS & JWE.",
    "example": "rtYIbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.O01BFr_XxGzKEUb_Z9vQOW3DX2cQFxojrRy2JyM5_nqKnrpAa0rvcPI_ViT2PdPRogBwjHGRDM2uNLd1BberKQlaZYuqPGXnpzDQjosF0tQlgdtY3uEZUMT-9WPP8jCxxQg0AGIm4abkp1cgzAWBQzm1QYL8fwaz16MS48ExRz41dLhA0aEWE4e7TYzjrfaK8M4wIUlQCFIl-wS1N3U8W2XeUc9MLYGmHft_Rd9KJs1c-9KKdUQf6tEzJ92TGEC7TRZX4hGdtszIq3GGGBQaW8P9jPozqaDdrikF18D0btRHNf3_57sR_CPEGYX0O4mY775CLWqB4Y1adNn-fZ0xoA.ln7IYZDF9TdBIK6i.ZhQ3Q5TY827KFQw8DdRRzQVJVFdIE03B6AxMNZ1sQIjlUB4QUxg-UYqjPJESPUmFsODeshGWLa5t4tUri5j6uC4mFDbkbemPmNKIQiY5m8yc.5KKhrggMRm7ydVRQKJaT0g",
  },
  "token_type": {
    "type": "string",
    "description": "Type of token based in oauth2 standard.",
    "example": "Bearer",
  },
  "expires_in": {
    "type": "string",
    "description": "Token expiration time in seconds",
    "example": "600",
  },
  "scope": {
    "type": "string",
    "description": "Session scope assinged to the token. This service by default will assign always a visitor scope.",
    "example": "visitor",
  },
  "opaque_token": {
    "type": "string",
    "description": "The opaque token is an identifier to relate to information allocated in Access Token. It is random unique string of characters issued by the BAS. This token does not pass any identifiable information of the user so it’s impossible for the resource server to make any authorization decisions based on the opaque token itself.",
    "example": "a998f5f8c1c158a2b816d34bec9d9ca1d44acfc794679c01b8fe3530f1f74741",
  },
}

200 OK

Successful API Prelogin

Definiciones

Digital object that contains information about the identity of the principal making the request and what kind of access they are authorized for. Token standards used here is JWT, JWS & JWE.
type: string

Type of token based in oauth2 standard.
type: string

Token expiration time in seconds
type: string

Session scope assinged to the token. This service by default will assign always a visitor scope.
type: string

The opaque token is an identifier to relate to information allocated in Access Token. It is random unique string of characters issued by the BAS. This token does not pass any identifiable information of the user so it’s impossible for the resource server to make any authorization decisions based on the opaque token itself.
type: string

Estatus

400

Titulo

Invalid Request

Descripción

Parámetros faltantes o no válidos.

Estatus

400

Titulo

Invalid Request

Descripción

Parámetros faltantes o no válidos.

Ejemplo de solicitud

GET
/v1/authorize

Ejemplo de solicitud

GET
/v1/authorize

Ejemplo de respuesta

    
    
{
  "code": {
    "description": "Error code which qualifies the error",
    "type": "string",
  },
  "details": {
    "description": "Human readable explanation specific to the occurrence of the problem",
    "type": "string",
  },
  "location": {
    "description": "The name of the field that resulted in the error",
    "type": "string",
  },
  "moreInfo": {
    "description": "More Info can be used to pass any additional details",
    "type": "string",
  },
  "timestamp": {
    "description": "Timestamp of the error",
    "type": "string",
  },
}

400 Invalid Request

Definiciones

Error code which qualifies the error
type: string

Human readable explanation specific to the occurrence of the problem
type: string

The name of the field that resulted in the error
type: string

More Info can be used to pass any additional details
type: string

Timestamp of the error
type: string

Estatus

401

Titulo

Unauthorized

Descripción

Las credenciales del cliente faltan o no son válidas.

Estatus

401

Titulo

Unauthorized

Descripción

Las credenciales del cliente faltan o no son válidas.

Ejemplo de solicitud

GET
/v1/authorize

Ejemplo de solicitud

GET
/v1/authorize

Ejemplo de respuesta

    
    
{
  "code": {
    "description": "Error code which qualifies the error",
    "type": "string",
  },
  "details": {
    "description": "Human readable explanation specific to the occurrence of the problem",
    "type": "string",
  },
  "location": {
    "description": "The name of the field that resulted in the error",
    "type": "string",
  },
  "moreInfo": {
    "description": "More Info can be used to pass any additional details",
    "type": "string",
  },
  "timestamp": {
    "description": "Timestamp of the error",
    "type": "string",
  },
}

401 Unauthorized

Definiciones

Error code which qualifies the error
type: string

Human readable explanation specific to the occurrence of the problem
type: string

The name of the field that resulted in the error
type: string

More Info can be used to pass any additional details
type: string

Timestamp of the error
type: string

Estatus

500

Titulo

Server Unavailable

Descripción

Ocurrió un error en el servidor.

Estatus

500

Titulo

Server Unavailable

Descripción

Ocurrió un error en el servidor.

Ejemplo de solicitud

GET
/v1/authorize

Ejemplo de solicitud

GET
/v1/authorize

Ejemplo de respuesta

    
    
{
  "code": {
    "description": "Error code which qualifies the error",
    "type": "string",
  },
  "details": {
    "description": "Human readable explanation specific to the occurrence of the problem",
    "type": "string",
  },
  "location": {
    "description": "The name of the field that resulted in the error",
    "type": "string",
  },
  "moreInfo": {
    "description": "More Info can be used to pass any additional details",
    "type": "string",
  },
  "timestamp": {
    "description": "Timestamp of the error",
    "type": "string",
  },
}

500 Server Unavailable

Definiciones

Error code which qualifies the error
type: string

Human readable explanation specific to the occurrence of the problem
type: string

The name of the field that resulted in the error
type: string

More Info can be used to pass any additional details
type: string

Timestamp of the error
type: string