Segurança
Login/Gerar Token

Autenticação

Para efetuar login e gerar os tokens de acesso, você vai precisar de um usuário e uma senha.

Por exemplo:

  • Usuário: teste@gmail.com
  • Senha: teste

Montando a requisição

Método da requisição

POST

Endereço da requisição

Desenvolvimento:

https://apidsv.unimedbh.io/security/v1/login

Homologação:

https://apihml.unimedbh.io/security/v1/login

Produção:

https://api.unimedbh.io/security/v1/login

Cabeçalho da requisição

{
    "Content-Type": "application/json"
}

Corpo da requisição

Sem MFA

{
  "username": "teste@gmail.com",
  "password": "teste"
}

Com MFA

{
  "username": "teste@gmail.com",
  "password": "teste",
  "token": "123456"
}

Respostas da requisição

200 - Sucesso

{
    "uid": "teste@gmail.com",
    "name": "MARGARIDA",
    "fullName": "MARGARIDA RAMOS DE PAULA",
    "email": "teste@gmail.com",
    "cpf": "52253155691",
    "birthday": "26/06/1936",
    "personId": 3181886,
    "token": "AQIC5wM2LY4SfcyS8UGjl8mQEGH-Y0q0RXBoezMxrDFWiak.*AAJTSQACMDIAAlNLABMtMzQwMzYxMDcxMjM1MTg2OTI3AAJTMQACMDE.*",
    "oamToken": "clusterx",
    "oamlb": "AQIC5wM2LY4SfcyS8UGjl8mQEGH-Y0q0RXBoezMxrDFWiak.*AAJTSQACMDIAAlNLABMtMzQwMzYxMDcxMjM1MTg2OTI3AAJTMQACMDE.*",
    "amToken": "AQIC5wM2LY4SfcyS8UGjl8mQEGH-Y0q0RXBoezMxrDFWiak.*AAJTSQACMDIAAlNLABMtMzQwMzYxMDcxMjM1MTg2OTI3AAJTMQACMDE.*",
    "amlb": "clusterx",
    "roles": [],
    "fullRoles": [],
    "expiresAt": "2023-12-19T17:23:54.399+0000",
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDMwMDY2OTEsInVzZXJfbmFtZSI6InRlc3RlQGdtYWlsLmNvbSIsImp0aSI6ImVmYzg2YjdjLWJhMmMtNGM2Zi1hMWJiLWEzZjMxYWY2NjE3MiIsImNsaWVudF9pZCI6ImFjZXNzb2RzdiIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.sSP2z6hRHWlcXDGQOi1DnkSqxP2YKkew_BTOLKWOMUPhEMkHvHOoKplMnynr6kp3rcJJj0tpDwAHloNKLGIaSAuK1WgXC8YxOnq279GEOd2uu7b2ayx7xoaHV5Ar9hr3194S5gS9X6sIGUYsQJX0wUu6ZWeOOovAMticvcBI7RbVbMbRBJW4Lvt8oMAx7eou_tFGze3mT3Qe3YqXChzhws-wRhxt17IjwJZNQ2QpnpF4sp6DKmKRTSX1Rhvfe7SzVNFdqj7U6SII_OMv6gqtnKe4an605sOPMyJAZkmeI-SE_46EissjCgzY6DVZwkDEnSviyuIjEIQ34dKHLFsKUQ",
    "expires_in": "28800"
}

Caso seus dados sejam válidos, serão retornados dois tokens:

  • token - Controlado pelo OpenAM
  • access_token - Controlado pela API de Segurança

200 - Sucesso - MFA Necessário

{
    "uid": "teste@gmail.com",
    "name": "MARGARIDA",
    "email": "t***e@g***l.com",
    "mobile": "(31) *****-9999",
    "mfa": {
        "required": true,
        "type": "OTP",
        "waitingTime": 5
    }
}

400 - Dados Inválidos

{
    "date": "19/12/2023 16:29:32",
    "message": "{\"error_description\":\"Bad credentials\",\"error\":\"invalid_grant\"}",
    "details": []
}

401 - Não autorizado

{
    "date": "19/12/2023 16:29:32",
    "message": "Unauthorized!",
    "details": []
}

403 - Acesso negado

{
    "date": "19/12/2023 16:29:32",
    "message": "Forbidden!",
    "details": []
}

Exemplos da requisição

HTTP

POST /security/v1/login HTTP/1.1
Host: apihml.unimedbh.io
Content-Type: application/json
Content-Length: 61

{
  "username": "teste@gmail.com",
  "password": "teste"
}

cURL

curl --location 'https://apihml.unimedbh.io/security/v1/login' \
--header 'Content-Type: application/json' \
--data-raw '{
  "username": "teste@gmail.com",
  "password": "teste"
}'

JavaScript

const myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
 
const raw = JSON.stringify({
  "username": "teste@gmail.com",
  "password": "teste"
});
 
const requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: raw,
  redirect: 'follow'
};
 
fetch("https://apihml.unimedbh.io/security/v1/login", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

Node.js

const axios = require('axios');
const data = JSON.stringify({
  "username": "teste@gmail.com",
  "password": "teste"
});
 
const config = {
  method: 'post',
  maxBodyLength: Infinity,
  url: 'https://apihml.unimedbh.io/security/v1/login',
  headers: {
    'Content-Type': 'application/json'
  },
  data : data
};
 
axios.request(config)
  .then((response) => {
    console.log(JSON.stringify(response.data));
  })
  .catch((error) => {
    console.log(error);
  });

PHP

<?php
 
$curl = curl_init();
 
curl_setopt_array($curl, array(
  CURLOPT_URL => 'https://apihml.unimedbh.io/security/v1/login',
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => '',
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => 'POST',
  CURLOPT_POSTFIELDS =>'{
  "username": "teste@gmail.com",
  "password": "teste"
}',
  CURLOPT_HTTPHEADER => array(
    'Content-Type: application/json'
  ),
));
 
$response = curl_exec($curl);
 
curl_close($curl);
echo $response;

Java

Unirest.setTimeouts(0, 0);
HttpResponse<String> response = Unirest.post("https://apihml.unimedbh.io/security/v1/login")
  .header("Content-Type", "application/json")
  .body("{\"username\": \"teste@gmail.com\",\"password\": \"teste\"}")
  .asString();

C#

var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, "https://apihml.unimedbh.io/security/v1/login");
var content = new StringContent("{\"username\": \"teste@gmail.com\",\"password\": \"teste\"}", null, "application/json");
request.Content = content;
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync());
Fluxos de AutenticaçãoValidar Token