swagger: "2.0"
info:
  description: This API will create a unique chase reference number for a given Card Account.The identifier can be used by merchant in subsequent API calls to uniquely refer to that account.
  version: 1.5.0
  title: Card Loyalty Merchant Relationship Manager API for PCI Compliant Merchants
host: "api-sandbox.chase.com"
basePath: /card/loyalty/benefits-management/pci-merchants/v1
x-chase-info: "24380//External///Product"
schemes:
  - https
consumes:
  - application/json
produces:
  - application/json
paths:
  /accounts/merchant-references:
    post:
      summary: This API will create a unique chase reference number for a given Card Account for PCI Compliant Merchants.

      description: This API will create a unique chase reference number for a given Card Account. Chase reference number will be unique for each merchant. The API accepts a card-number which the reference identifier will be created.

      parameters:
        - name: "authorization"
          in: "header"
          description: "OAuth bearer token will be sent in this header as per the OAuth2 spec. This header will be used by the API gateway. The API does not need to do anything with this header"
          required: true
          type: "string"
          maxLength: 8000
        - name: "authorization2"
          in: "header"
          description: "Additional authorization on top of standard OAuth token in the Authorization Header. The use of this header is different for 3-legged and 2-legged use cases"
          required: true
          type: "string"
          maxLength: 8000
        - name: "request-id"
          in: "header"
          description: "A unique Request Id for every Request. This SHOULD be unique for every Request and a 128 bit number encoded as 32 lower-hex characters. Used to support idempotency of services. Example Usage-> If the client is unsure of the successful processing of a POST or PUT request on the server (i. e. timeouts) the client should re-send the request with the same request-id ."
          required: false
          type: "string"
          maxLength: 32
        - name: "channel-type"
          in: "header"
          description: "Digital channel type indicates where the request originated from."
          required: false
          type: "string"
          maxLength: 15
        - name: "trace-id"
          in: "header"
          description: "A unique transaction id for every request. Note that even though the Request-id might be same on the retried requests, the Unique-Tran-Id should be unique for each request."
          required: true
          type: "string"
          maxLength: 32
        - name: "merchantreferencerequestPCI"
          in: body
          required: true
          description: "Request body for the PCI enabled merchant"
          schema:
            $ref: "#/definitions/merchantReferenceRequestPCI"
      responses:
        "201":
          description: >-
            Chase Reference Identifier found/created
          schema:
            $ref: "#/definitions/merchantReferenceResponse"
        "400":
          description: >-
            `9013/9104/9105/9106/9107/9108: Invalid Request.Required data is missing or data is not consistent.`
          schema:
            $ref: "#/definitions/Error"
        "401":
          description: >-
            9011/9012: Authorization Failure. Invalid access token or inactive client application.
          schema:
            $ref: "#/definitions/Error"
        "404":
          description: "The {resourceId} being requested is not found."
          schema:
            $ref: "#/definitions/Error"
        "405":
          description: >-
            Operation /method not allowed
          schema:
            $ref: "#/definitions/Error"
        "409":
          description: >-
            `9113: Card is not eligible.`
          schema:
            $ref: "#/definitions/Error"
        "500":
          description: >-
            9108/9109: Internal Server Error.`
          schema:
            $ref: "#/definitions/Error"
        "503":
          description: >-
            `9112: Downstream service is unavailable.`
          schema:
            $ref: "#/definitions/Error"
  /ping:
    get:
      summary: "ping"
      description: "This method is used to get health check of the service"
      operationId: "ping"
      parameters: []
      responses:
        200:
          description: "successful operation"
          schema:
            type: "array"
            items:
              type: "string"
definitions:
  merchantReferenceRequestPCI:
    description: Request body for the PCI enabled merchant
    type: object
    required:
      - cardNumber
    properties:
      cardNumber:
        type: string
        description: The Card Number is a number recognized by various payment systems to route debit card, ATM and credit Card transactions to an issuer and to identify the underlying account to which each transaction should be applied. Transactions may be initiated from physical or non physical devices (e.g. debit card, ATM, credit card, Single Use Account (SUA), Near Field Communication (NFC), etc.).
        maxLength: 19
        x-chase-dataelem: VCONF/197/Y/N
  Error:
    description: base object for the error response
    type: object
    required:
      - errorDescription
    properties:
      errorDescription:
        type: string
        description: Freeform explanatory text for the error.
        maxLength: 250
      serviceErrorCode:
        type: string
        description: A code defined by the API provider that describes the specific error for a given API. This code provides more fine grained information than the httpStatusCode. As an example if an API provides an httpStatusCode of 400 they may also include the serviceErrorCode that includes more specific information of what caused a 400 response. (i.e. INVALID_EMAIL, INVALID_PHONE_NUMBER, etc)
        maxLength: 20
      externalErrorCode:
        type: string
        description: "A code defined by the service for the external partner that includes a more specific information of what caused the error."
        maxLength: 90
  merchantReferenceResponse:
    type: object
    required:
      - accountReferenceUniversalUniqueIdentifier
      - productInformation
    properties:
      accountReferenceUniversalUniqueIdentifier:
        type: string
        description: A universally unique identifier (UUID) that is randomly generated to identify each account that is persisted at the merchant end. This value will help the merchant identify the card account during a transaction or product trade. A UUID is a 128-bit number used to identify information in computer systems. The field length of 36 bytes corresponds to 128 bits (via Hexadecimal string conversion).
        format: uuid
      productInformation:
        type: object
        required:
          - merchantDefinedProductCode
        properties:
          merchantDefinedProductCode:
            type: "string"
            description: "Codifies the product referred in the Merchant Relationship Manager Service built within Loyalty application interface. The value is internally assigned by the application according to the reward product code (RPC).   Values include: JPM_RESERVE, SAPPHIRE_RESERVE, SAPPHIRE_PREFERRED, SAPPHIRE_NO_FEE, INK_BUSINESS_PREFERRED, INK_PLUS, INK_BUSINESS_CASH, INK_CASH, INK_BUSINESS_UNLIMITED, FREEDOM_UNLIMITED, FREEDOM, FREEDOM_STUDENT, SLATE, FREEDOM_FLEX, CORPORATE_FLEX, INK_BUSINESS_PREMIER, OTHER_CHASE_CARD."
            maxLength: 50
securityDefinitions:
  Common 2-Legged OAuth:
    type: oauth2
    description: This API is secured by the common 2-legged OAuth API.
    flow: application
    scopes:
      card: ""
    tokenUrl: https://api-sandbox.chase.com/ccoauth/token
security:
  - Common 2-Legged OAuth:
      - card