masstack

V1
API Overview Resources Schemas

Authentication

API related with the Authentication.

Parameters

Name In Type Required Description
Authorization header string false Basic <base64(client_id:client_secret)>
body body object false ‘none’

Request body - Content-Type: application/x-www-form-urlencoded

Custom schema example

1
2
3
4
5
6
7

login_hint: tel:+34xxxxxxx
scope: string
binding_message: usuario@gmail.com
client_id: M7p4ae2yWH7SymwbUYGq2UuweVjzXNOG
client_assertion_type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer
client_assertion: string
Name Type Required Description
login_hint string true A hint to the OpenID Provider regarding the end-user for whom authentication is being requested. The value contains a msisdn, which identifies the end-user to the OP. RFC 3966 The tel URI for Telephone Numbers
scope string true Scope of permissions
binding_message string false A human-readable identifier or message intended to be displayed on both the consumption device and the authentication device to interlock them together for the transaction by way of a visual cue for the end-user. This interlocking message enables the end-user to ensure that the action taken on the authentication device is related to the request initiated by the consumption device.
client_id string false The client identifier (required when using client_assertion)
client_assertion_type string false Must be urn:ietf:params:oauth:client-assertion-type:jwt-bearer (if you use client_assertion authorization)
client_assertion string false The signed JWT

Request example

1
2
3
4
5
6
7


curl -X POST https://apimanager-opengateway.sta.k8s.masmovil.com/bc-authorize \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "Accept: application/json" \
  -H "Authorization: string" \
  -d "login_hint=tel:+34xxxxxxx&scope=undefined&binding_message=usuario@gmail.com&client_id=M7p4ae2yWH7SymwbUYGq2UuweVjzXNOG&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion=undefined&"

Responses

Code Meaning Description Schema
200 OK OK bcAuthorizeResponse
400 Bad Request Bad Request errorAccessTokenResponse
401 Unauthorized Unauthorized errorAccessTokenResponse

Parameters

Name In Type Required Description
Authorization header string false Basic <base64(client_id:client_secret)>
body body object false ‘none’

Request body - Content-Type: application/x-www-form-urlencoded

Custom schema example

1
2
3
4
5
6
7
8
9

grant_type: urn:openid:params:grant-type:ciba
assertion: string
auth_req_id: d221eb9b-9d33-4fe9-ba41-9711ed0309ce
code: SplxlOBeZQQYbYS6WxSbIA
redirect_uri: https://myapp.com/callback
client_id: M7p4ae2yWH7SymwbUYGq2UuweVjzXNOG
client_assertion_type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer
client_assertion: string
Name Type Required Description
grant_type string true Grant type
assertion string false Assertion with which to get an access_token (required for grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer).
auth_req_id string false It is the unique identifier to identify the authentication request (transaction) made by the Client.
code string false It is the authorization code received from the /authorize endpoint.
redirect_uri string false It is the redirection URI used in the /authorize endpoint.
client_id string false The client identifier
client_assertion_type string false Must be urn:ietf:params:oauth:client-assertion-type:jwt-bearer (if you use client_assertion authorization)
client_assertion string false The signed JWT

Request example

1
2
3
4
5
6
7


curl -X POST https://apimanager-opengateway.sta.k8s.masmovil.com/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "Accept: application/json" \
  -H "Authorization: string" \
  -d "grant_type=urn:openid:params:grant-type:ciba&assertion=undefined&auth_req_id=d221eb9b-9d33-4fe9-ba41-9711ed0309ce&code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=https://myapp.com/callback&client_id=M7p4ae2yWH7SymwbUYGq2UuweVjzXNOG&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion=undefined&"

Responses

Code Meaning Description Schema
200 OK OK postTokenResponse
400 Bad Request Bad Request errorPostTokenResponse
401 Unauthorized Unauthorized errorPostTokenResponse

Parameters

Name In Type Required Description
client_id query string true The identifier of the client representing the app.
response_type query string true Which in a basic authorization code flow request should be code. Authn only support code
redirect_uri query string false Should be the HTTP endpoint on your server that will receive the response from Authn. The value must exactly match one of the authorized redirect URIs for the OAuth 2.0 client, which you configured in the register of application. If this value doesn’t match an authorized URI, the request will fail with a 401 error.
state query string true Should include the value of the anti-forgery unique session token, as well as any other information needed to recover the context when the user returns to your application, e.g., the starting URL.
login_hint query string false If your application knows which user is trying to authenticate, it can use this parameter to provide a hint to the Authentication Server. The server uses the hint to simplify the login flow either by prefilling the email field in the sign-in form or by selecting the appropriate multi-login session.
groups_hint query string false The sub string is equivalent to the groups in the provider (only support Google ). If you do not provide a groups_hint and the user is currently logged in, in the next request of token, the access_token will not contain claim groups
access_type query string false The allowed values are offline and online. If an access token is being requested, the client does not receive a refresh token unless a value of offline is specified.
code_challenge query string false Specifies an encoded code_verifier that will be used as a server-side challenge during authorization code exchange. This string helps mitigating against the threat usually through the use of Proof Key for Code Exchange (PKCE)
code_challenge_method query string false Specifies what method was used to encode a code_verifier that will be used during authorization code exchange. This parameter must be used with the code_challenge parameter. The value of the code_challenge_method defaults to plain if not present in the request that includes a code_challenge. The only supported values for this parameter are S256 or plain.
scopes query string false ‘none’

Enumerated Values

Property Values
response_type one of [token, code]

Request example

1
2
3
4


curl -X GET https://apimanager-opengateway.sta.k8s.masmovil.com/authorize?client_id='TtsdmebPcQtEnvLsKw7x'&response_type='token'&redirect_uri='https://masmovil.com/login/callback'&state='0AxLygT73V6kreKzkQySOjfYShIvK/TR'&login_hint='my_user@masmovil.com'&groups_hint='group1+group2'&access_type='online'&code_challenge='5VTycQU924SQ3jHp5g9zcvMF2ai3aN89kxzB2D5QJUrejxam3jddqFUugD8F'&code_challenge_method='S256'&scopes='openiddpv:FraudPreventionAndDetectionnumber-verification:verify'?client_id=TtsdmebPcQtEnvLsKw7x&response_type=token&state=0AxLygT73V6kreKzkQySOjfYShIvK%2FTR \
  -H "Accept: */*"

Responses

Code Meaning Description Schema
302 Found Authorization code/Implicit grant response None
400 Bad Request Bad Request errorAccessTokenResponse
401 Unauthorized Unauthorized errorAccessTokenResponse

Endpoints

Phone number verify

    Sim Swap

      Device Swap

        KYC Match

          KYC Age Verification

            Consent Information

              Authentication

                Phone number share