---
openapi: 3.0.3
info:
  title: AFCU Security API
  contact:
    name: Naveen Sisupalan
    email: nsisupalan@americafirst.com
  version: 1.0.0
servers:
- url: "http://localhost:9080/{basePath}"
  description: The Local API server
  variables:
    basePath:
      default: ""
- url: "https://security-api-core-dev.apps.ocp-test.afcucorp.test/{basePath}"
  description: The DEV API server
  variables:
    basePath:
      default: ""
- url: "https://security-api-core-uat.apps.ocp-test.afcucorp.test/{basePath}"
  description: The UAT API server
  variables:
    basePath:
      default: ""
tags:
- name: security
  description: Operations about API Security
- name: health
  description: To administer API Readiness state
paths:
  /api/health/{status}:
    get:
      tags:
      - health
      summary: Manage API readiness state
      description: API to change API readiness state
      parameters:
      - name: status
        in: path
        description: Health Status
        required: true
        schema:
          description: Health Status
          enum:
          - UP
          - DOWN
          type: string
          example: UP
      responses:
        "200":
          description: OK
      security:
      - JWT: []
  /api/v1/access-token:
    get:
      tags:
      - security
      summary: Generate Access Token
      description: Generate access token for given application
      parameters:
      - name: Origin
        in: header
        schema:
          type: string
      - name: X-App-Alias
        in: header
        schema:
          type: string
      - name: X-Branch-Id
        in: header
        schema:
          type: string
      - name: X-Expiry
        in: header
        schema:
          type: string
      - name: X-Teller-Id
        in: header
        schema:
          type: string
      responses:
        "403":
          description: Unauthorized access
        "500":
          description: Unexpected error
        "200":
          description: JWT Token
          content:
            text/plain: {}
      security:
      - JWT: []
  /api/v1/id-token:
    get:
      tags:
      - security
      summary: Generate ID token
      description: Authenticate provide user credentials against configured federated
        registries and issue an ID Token
      parameters:
      - name: X-Expiry
        in: header
        schema:
          type: string
      responses:
        "200":
          description: OK
      security:
      - BASIC: []
    post:
      tags:
      - security
      summary: Generate ID token
      description: Authenticate provide user credentials against configured federated
        registries and issue an ID Token
      parameters:
      - name: X-Expiry
        in: header
        schema:
          type: string
      responses:
        "200":
          description: OK
      security:
      - BASIC: []
  /api/v1/pem/encrypt:
    post:
      tags:
      - security
      requestBody:
        content:
          text/plain:
            schema:
              type: string
      responses:
        "200":
          description: OK
  /api/v1/pem/id-token:
    get:
      tags:
      - security
      summary: Generate ID token
      description: Authenticate provide user credentials against configured federated
        registries and issue an ID Token
      parameters:
      - name: X-Expiry
        in: header
        schema:
          type: string
      responses:
        "200":
          description: OK
      security:
      - RSA: []
components:
  securitySchemes:
    BASIC:
      type: http
      description: BASIC Authentication
      scheme: basic
    JWT:
      type: http
      description: JWT Authentication
      scheme: bearer
      bearerFormat: JWT
    RSA:
      type: http
      description: RSA Encrypted Token
      in: header
      scheme: bearer
      bearerFormat: RSA