--- swagger: "2.0" info: x-ibm-name: ob-security-utils-api title: OB Security Utils API version: 1.0.15 description: This product will contain a single API that will sign the incoming request payload with the Santander JWS signature policy. This is being built in the "intra-core" catalogue in order to facilitate the Confirmation Of Payee outbound calls. Currently this is in testing. contact: name: OpenBanking Security Project email: OpenBankingAPIsecurityteam@santander.co.uk url: http://info.contact.url license: name: info.license.name url: info.license.url termsOfService: http://info.contact.url schemes: - https basePath: /openbanking/security-utils/v1 consumes: - application/json produces: - application/json securityDefinitions: clientSecretHeader: type: apiKey description: "" in: header name: X-IBM-Client-Secret clientIdHeader: type: apiKey in: header name: X-IBM-Client-Id security: - clientIdHeader: [] clientSecretHeader: [] x-ibm-configuration: testable: true enforced: true phase: realized categories: - Type / Core - SanUK Business Domain / Common Services & Guidance / Fraud - BIAN Business Area / Operations and Execution / Fraud Prevention paths: /sign-payload: post: responses: 200: description: 200 OK 400: description: 400 Bad Request 401: description: 401 Unauthorized 403: description: 403 Forbidden 404: description: 404 Not Found 500: description: 500 Internal Server Error 503: description: 503 Service Unavailable parameters: - name: request required: false in: body schema: $ref: '#/definitions/samplePayload' description: sample payload description: This endpoint is used to get the JWS value for the outbound call parameters: - $ref: '#/parameters/X-IBM-Client-Id' - $ref: '#/parameters/X-IBM-Client-Secret' - $ref: '#/parameters/Authorization' - $ref: '#/parameters/iss' - $ref: '#/parameters/kid' - $ref: '#/parameters/cryptoKeyName' - $ref: '#/parameters/alg' - $ref: '#/parameters/tan' - $ref: '#/parameters/cty' - $ref: '#/parameters/typ' - $ref: '#/parameters/Content-Type' /validatepayloadsignature: post: responses: 200: description: 200 OK 400: description: 400 Bad Request 401: description: 401 Unauthorized 403: description: 403 Forbidden 404: description: 404 Not Found 500: description: 500 Internal Server Error parameters: - name: request required: false in: body schema: $ref: '#/definitions/samplePayload' description: sample pay load parameters: - $ref: '#/parameters/X-IBM-Client-Id' - $ref: '#/parameters/X-IBM-Client-Secret' - $ref: '#/parameters/x-jws-signature' - $ref: '#/parameters/Content-Type' - $ref: '#/parameters/Authorization' /private-key-jwt: post: responses: 200: description: 200 OK 400: description: 400 Bad Request 401: description: 401 Unauthorized 403: description: 403 Forbidden 404: description: 404 Not Found 500: description: 500 Internal Server Error parameters: - name: request required: false in: body schema: $ref: '#/definitions/privateKeyJwtRequest' parameters: - $ref: '#/parameters/Authorization' - $ref: '#/parameters/X-IBM-Client-Id' - $ref: '#/parameters/X-IBM-Client-Secret' - $ref: '#/parameters/kid' - $ref: '#/parameters/cryptoKeyName' - $ref: '#/parameters/Content-Type' tags: [] parameters: X-IBM-Client-Id: name: X-IBM-Client-Id type: string required: true in: header description: Valid client ID header Authorization: name: Authorization type: string required: true in: header description: Valid JWT kid: name: kid type: string required: false in: header description: kid (key ID) Header Parameter is a hint indicating which public key was used to secure the JWS. cryptoKeyName: name: cryptoKeyName type: string required: false in: header description: Reference name to crypto key object used to sing the detached payload iss: name: iss type: string required: true in: header description: Issuer(iss) claim string used in the jwt alg: name: alg type: string required: false in: header description: Cryptographic Algorithm used to create the jwt. default PS256 tan: name: tan type: string required: false in: header description: Domain name for Trust Anchor. For OB must be openbanking.org.uk X-IBM-Client-Secret: name: X-IBM-Client-Secret type: string required: true in: header description: Valid secret in header cty: name: cty type: string required: false in: header description: Content type typ: name: typ type: string required: false in: header description: type x-jws-signature: name: x-jws-signature type: string required: true in: header description: jws signature Content-Type: name: Content-Type type: string required: true in: header description: Content Type payUkRequest: name: payUkRequest type: boolean required: false in: header description: indicate if its a payUk auth server request definitions: privateKeyJwtRequest: properties: iss: type: string description: Issuer(iss) claim string used in the jwt example: 8-OZA8bdIUEcWH0oFFZVZGwt sub: type: string description: Subject(sub) claim identifying the principal that is the subject of the JWT example: 9-IFFZVZGwt0oOZA8bdUEcWH aud: type: string description: Audience(aud) claim containing a value that identifies the authorization server as an intended audience example: https://secure1.coutts.com exp: type: integer description: Expiration Time (exp) claim that limits the time window during which the JWT can be used example: 1595582756 format: int64 nbf: type: integer description: not before (nbf) claim that identifies the time before which the token MUST NOT be accepted for processing example: 234234234 format: int64 iat: type: integer description: not before (nbf) claim that identifies the time before which the token MUST NOT be accepted for processing example: 1595499626 format: int64 jti: type: string description: JWT ID(jti) claim that provides a unique identifier for the token example: "234234" additionalProperties: false samplePayload: properties: AanyKey: type: string description: any json key value example: any value additionalProperties: false x-ibm-endpoints: - endpointUrl: https://openbanking-ma.santander.co.uk/sanuk/external description: Endpoint for Open Banking TLS MA only type: - production ...