{
"openapi": "3.0.0",
"info": {
"contact": {
"name": "stephane.chretien@thalesgroup.com"
},
"title": "Inbound Card API",
"version": "1.0",
"description": "API set dedicated to core banking and card management system.\n\nThis API is used by the bank to:\n- get 3-D Secure operations\n- manage application instance (delete)"
},
"servers": [
{
"url": "https://api.d1.thalescloud.io/banking/v1",
"description": "Production server"
},
{
"url": "https://api.d1-stg.thalescloud.io/banking/v1",
"description": "Staging server"
}
],
"security": [
{
"bearerAuth": []
}
],
"tags": [
{
"name": "3-D Secure Operations",
"description": "Different operations linked to 3-D secure."
},
{
"name": "Application Instance",
"description": "Different operations that can be done on an application instance."
}
],
"paths": {
"/issuers/{issuerId}/cards/{cardId}/3ds/operations": {
"parameters": [
{
"$ref": "#/components/parameters/issuer-id-path"
},
{
"$ref": "#/components/parameters/card-id-path"
},
{
"$ref": "#/components/parameters/x-correlation-id"
}
],
"get": {
"summary": "Get all 3-D Secure operations",
"responses": {
"200": {
"description": "Successful",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"operations": {
"type": "array",
"items": {
"$ref": "#/components/schemas/3dsCardOperation"
}
},
"remainingOperations": {
"type": "integer"
}
}
}
}
}
},
"400": {
"$ref": "#/components/responses/BadRequest"
},
"401": {
"$ref": "#/components/responses/Unauthorized"
},
"404": {
"$ref": "#/components/responses/NotFound"
},
"500": {
"$ref": "#/components/responses/InternalServerError"
}
},
"tags": [
"3-D Secure Operations"
],
"operationId": "get-all-card-3ds-operations-by-cardId",
"parameters": [
{
"$ref": "#/components/parameters/offset-query-no-max"
},
{
"$ref": "#/components/parameters/limit-query"
}
],
"description": "This request is used by the issuer backend to retrieve all operations related to a card. The API specifies the starting point (offset) and the number of operations (limit) to be retrieved. Offset 0 (the default) corresponds to the most recent operation. For example a limit of 5 and an offset of 2 would return the five most recent operations before the most recent two”.\n\nIf no operations are available for the given cardId, an empty list is returned.\n\nOperations that are older than one year are removed."
}
},
"/issuers/{issuerId}/cards/{cardId}/3ds/operations/{operationId}": {
"parameters": [
{
"$ref": "#/components/parameters/issuer-id-path"
},
{
"$ref": "#/components/parameters/card-id-path"
},
{
"$ref": "#/components/parameters/operation-id-path"
},
{
"$ref": "#/components/parameters/x-correlation-id"
}
],
"get": {
"summary": "Get 3-D Secure operation",
"tags": [
"3-D Secure Operations"
],
"operationId": "get-card-3ds-operation-operationId",
"description": "This request is used by the issuer backend to retrieve the information related to a 3-D Secure operation on a card.\n\nGetting an operation older than one year will return an error.\n",
"responses": {
"200": {
"description": "Successful",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/3dsCardOperation"
}
}
}
},
"400": {
"$ref": "#/components/responses/BadRequest"
},
"401": {
"$ref": "#/components/responses/Unauthorized"
},
"404": {
"$ref": "#/components/responses/NotFound"
},
"500": {
"$ref": "#/components/responses/InternalServerError"
}
}
}
},
"/issuers/{issuerId}/appInstances/{appInstanceId}/authnCredentials/operations:delete": {
"parameters": [
{
"$ref": "#/components/parameters/issuer-id-path"
},
{
"$ref": "#/components/parameters/application-instance-id-path"
},
{
"$ref": "#/components/parameters/x-correlation-id"
}
],
"post": {
"description": "This request is used by the issuer backend to delete the authentication\ncredentials from an application instance.
If these credentials were\nthe only ones the user had for the 3DS service, the action cascades to\ndeactivate the 3DS service for all the user's 3DS-eligible\ncards.
The application instance is also deleted when it doesn't have\nany other associated resources.
Note: The deletion cannot be\nreversed.",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/reasonBody"
}
}
}
},
"responses": {
"200": {
"description": "Deletion was successful.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/operationStatusSuccessful"
}
}
}
},
"400": {
"description": "Bad Request, Invalid request URI or header, or unsupported nonstandard parameter",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/errorGeneric"
}
}
}
},
"401": {
"description": "The provided Authorization header is missing or invalid",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/errorGeneric"
}
}
}
},
"404": {
"description": "Resource not found, Unknown issuerId or appInstanceId",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/notFound"
}
}
}
},
"500": {
"$ref": "#/components/responses/InternalServerError"
}
},
"summary": "Delete",
"tags": [
"Application Instance"
]
}
}
},
"components": {
"securitySchemes": {
"bearerAuth": {
"description": "A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.",
"type": "http",
"scheme": "bearer",
"bearerFormat": "JWT"
}
},
"schemas": {
"reasonBody": {
"type": "object",
"properties": {
"reason": {
"$ref": "#/components/schemas/reason"
},
"reasonCode": {
"type": "string",
"description": "The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.",
"enum": [
"USER_DECISION",
"ISSUER_DECISION"
]
}
}
},
"operationStatusSuccessful": {
"title": "operation",
"type": "object",
"description": "Operation result information.",
"properties": {
"operationId": {
"$ref": "#/components/schemas/operationId"
},
"status": {
"type": "string",
"description": "Status of the operation",
"enum": [
"SUCCESSFUL"
]
}
}
},
"notFound": {
"type": "object",
"properties": {
"error": {
"type": "string",
"description": "Description of the error",
"example": "application instance not exist"
}
}
},
"issuerId": {
"maxLength": 10,
"minLength": 10,
"type": "string"
},
"cardId": {
"type": "string",
"description": "Unique identifier of the card.",
"minLength": 1,
"maxLength": 48,
"pattern": "^[A-Za-z0-9_-]{1,48}$"
},
"operationId": {
"type": "string",
"description": "Unique identifier of the operation",
"minLength": 1,
"maxLength": 64,
"pattern": "^[A-Za-z0-9_-]{1,64}$"
},
"operationStatusSuccessfulFailed": {
"type": "string",
"description": "Status of the operation",
"enum": [
"SUCCESSFUL",
"FAILED"
]
},
"operationStartTime": {
"type": "string",
"title": "Operation Start Time",
"description": "The time the request has been processed.\nFormat ISO 8601 YYYY-MM-DDThh:mm:ssTZD",
"minLength": 1,
"maxLength": 64,
"example": "2022-06-16T06:28:02.492Z"
},
"consumerId": {
"type": "string",
"description": "Unique identifier of the consumer. ",
"minLength": 1,
"maxLength": 64,
"pattern": "^[A-Za-z0-9_-]{1,64}$"
},
"appInstanceId": {
"description": "Unique identifier of the issuer application instance.",
"type": "string"
},
"authnType": {
"type": "string",
"enum": [
"BIOMETRIC",
"PLATFORM"
]
},
"operationError": {
"type": "string",
"description": "Human readable string representing the error, only present in case of operation failure"
},
"3dsCardOperation": {
"title": "3-D Secure Operation",
"type": "object",
"description": "Details about a 3-D Secure operation.",
"properties": {
"operationId": {
"$ref": "#/components/schemas/operationId"
},
"operation": {
"type": "string",
"description": "The operation type.",
"enum": [
"3DS_FRICTIONLESS",
"3DS_CHALLENGE_OOB",
"3DS_CHALLENGE_OOB_ISSUER",
"3DS_CHALLENGE_OTP_SMS"
]
},
"status": {
"$ref": "#/components/schemas/operationStatusSuccessfulFailed"
},
"startTime": {
"$ref": "#/components/schemas/operationStartTime"
},
"consumerId": {
"$ref": "#/components/schemas/consumerId"
},
"details": {
"oneOf": [
{
"title": "3DS_FRICTIONLESS, 3DS_CHALLENGE_OOB, 3DS_CHALLENGE_OOB_ISSUER, 3DS_CHALLENGE_OTP_SMS operations",
"properties": {
"acsTransactionId": {
"description": "The ACS transaction identifier.",
"type": "string"
},
"threeDSServerTransId": {
"description": "The authentication session identifier from the 3DS server.",
"type": "string"
},
"dsTransId": {
"description": "The authentication session identifier from the directory server.",
"type": "string"
},
"purchase": {
"type": "object",
"properties": {
"merchantName": {
"description": "The merchant name.",
"type": "string"
},
"merchantType": {
"description": "The merchant category code.",
"type": "string",
"minLength": 4,
"maxLength": 4
},
"amount": {
"description": "The nominal transaction amount value. Value without the decimal operator. Use the currency exponent to display amount with decimal. For example, an display amount of 789.99€ Euro is sent as 78999.",
"type": "string"
},
"currencyCode": {
"description": "The transaction currency code. Currency code in ISO 4217 alpha code format.",
"type": "string",
"minLength": 3,
"maxLength": 3
},
"merchantId": {
"description": "The acquirer merchantId.",
"type": "string"
},
"countryCode": {
"description": "The merchant country code.",
"type": "string",
"minLength": 2,
"maxLength": 2
},
"merchantUrl": {
"description": "The merchant URL.",
"type": "string",
"format": "uri"
}
}
},
"acquirer": {
"type": "object",
"properties": {
"bin": {
"type": "string",
"maxLength": 16
},
"countryCode": {
"description": "The merchant country code.",
"type": "string",
"minLength": 2,
"maxLength": 2
}
}
},
"device": {
"type": "object",
"properties": {
"deviceChannel": {
"description": "The device channel. '01' is App-based, '02' is Browser, '03' is 3DS Requestor Initiated.",
"enum": [
"01",
"02",
"03"
],
"type": "string"
},
"appInstanceId": {
"$ref": "#/components/schemas/appInstanceId"
},
"authnType": {
"$ref": "#/components/schemas/authnType"
}
}
},
"eci": {
"description": "The Electronic Commerce Indicator.",
"type": "string"
},
"authenticationMethod": {
"description": "The Authentication method used in case of challenge flow.",
"type": "string",
"enum": [
"02",
"07",
"09"
]
},
"transStatus": {
"description": "Indicates whether a transaction qualifies as an authenticated transaction or account verification.\r\n\r\n|Operation Status|TransStatus Possible Values|\r\n|----|----|\r\n|SUCCESSFUL|Y|\r\n|FAILED|N, U, R|\r\n",
"type": "string",
"enum": [
"Y",
"N",
"U",
"R"
]
},
"transStatusReason": {
"description": "Provides information on why the Transaction Status field has the specified value.",
"type": "string",
"minLength": 2,
"maxLength": 2
},
"rba": {
"type": "object",
"properties": {
"evaluatedRule": {
"type": "array",
"items": {}
},
"selectedRule": {
"type": "array",
"items": {}
},
"appliedExemption": {
"type": "array",
"items": {}
}
}
}
}
}
],
"type": "object"
},
"error": {
"$ref": "#/components/schemas/operationError"
}
},
"required": [
"operationId",
"operation",
"status",
"startTime"
]
},
"errorGeneric": {
"additionalProperties": false,
"type": "object",
"description": "Generic error returned by the APIs.",
"properties": {
"errorCode": {
"type": "string",
"description": "The type of the error",
"example": "FIELD_INVALID_FORMAT"
},
"error": {
"type": "string",
"description": "Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users.",
"example": "consumerId"
}
}
},
"reason": {
"type": "string",
"title": "reason",
"example": "customer was contacted on June 28",
"pattern": "^[a-zA-Z0-9 ]{1,64}$",
"description": "The reason why the action is performed. \n\nThis a free text field in case the bank wants to send details, that will be returned in the operations list. "
}
},
"parameters": {
"issuer-id-path": {
"description": "The id of the issuer",
"in": "path",
"name": "issuerId",
"required": true,
"schema": {
"$ref": "#/components/schemas/issuerId"
}
},
"card-id-path": {
"description": "The id of the card",
"in": "path",
"name": "cardId",
"required": true,
"schema": {
"$ref": "#/components/schemas/cardId"
}
},
"x-correlation-id": {
"description": "Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.\n\n**Warning:** This identifier should not be derived from sensitive personal data, as its value will be logged in clear.\n\nThere is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.",
"in": "header",
"name": "x-correlation-id",
"schema": {
"type": "string",
"pattern": "^[A-Za-z0-9_-]{1,64}$"
}
},
"offset-query-no-max": {
"name": "offset",
"in": "query",
"schema": {
"type": "integer",
"minimum": 0
},
"description": "Index from which the query starts returning operations (default value: 0)"
},
"limit-query": {
"name": "limit",
"in": "query",
"schema": {
"type": "integer",
"minimum": 1,
"maximum": 50,
"default": 10
},
"description": "Upper limit of the query"
},
"operation-id-path": {
"description": "The id of the operation",
"in": "path",
"name": "operationId",
"required": true,
"schema": {
"$ref": "#/components/schemas/operationId"
}
},
"application-instance-id-path": {
"description": "The id of the application instance",
"in": "path",
"name": "appInstanceId",
"required": true,
"schema": {
"$ref": "#/components/schemas/appInstanceId"
}
}
},
"responses": {
"BadRequest": {
"description": "Malformed request",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/errorGeneric"
}
}
}
},
"Unauthorized": {
"description": "The provided Authorization header is missing or invalid",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/errorGeneric"
}
}
}
},
"NotFound": {
"description": "Resource not found, Unknown issuerId or consumerId or accountId or digital card id",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/errorGeneric"
}
}
}
},
"InternalServerError": {
"description": "Internal Server Error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/errorGeneric"
}
}
}
}
}
}
}