Segurança
Validar Token

Validação da Autenticação

Sempre que receber um token pela primeira vez em sua aplicação, é importante que faça a validação do mesmo.

A validação é sempre feita através do access_token retornado no login.

Montando a requisição

Método da requisição

POST

Endereço da requisição

Desenvolvimento:

https://apidsv.unimedbh.io/security/oauth/validate

Homologação:

https://apihml.unimedbh.io/security/oauth/validate

Produção:

https://api.unimedbh.io/security/oauth/validate

Cabeçalho da requisição

{
    "Content-Type": "application/json"
}

Corpo da requisição

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDMwMDY2OTEsInVzZXJfbmFtZSI6InRlc3RlQGdtYWlsLmNvbSIsImp0aSI6ImVmYzg2YjdjLWJhMmMtNGM2Zi1hMWJiLWEzZjMxYWY2NjE3MiIsImNsaWVudF9pZCI6ImFjZXNzb2RzdiIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.sSP2z6hRHWlcXDGQOi1DnkSqxP2YKkew_BTOLKWOMUPhEMkHvHOoKplMnynr6kp3rcJJj0tpDwAHloNKLGIaSAuK1WgXC8YxOnq279GEOd2uu7b2ayx7xoaHV5Ar9hr3194S5gS9X6sIGUYsQJX0wUu6ZWeOOovAMticvcBI7RbVbMbRBJW4Lvt8oMAx7eou_tFGze3mT3Qe3YqXChzhws-wRhxt17IjwJZNQ2QpnpF4sp6DKmKRTSX1Rhvfe7SzVNFdqj7U6SII_OMv6gqtnKe4an605sOPMyJAZkmeI-SE_46EissjCgzY6DVZwkDEnSviyuIjEIQ34dKHLFsKUQ"
}

Respostas da requisição

200 - Sucesso

{
    "birthday": "26/06/1936",
    "roles": [],
    "fullName": "MARGARIDA RAMOS DE PAULA",
    "token_type": "bearer",
    "cookies": [
        "amlbcookiehx=cluster_openam.unisrv1192; Domain=.unimedbh.com.br; Path=/",
        "amlbcookiehx=cluster_openam.unisrv1192; Domain=.unimedbh.io; Path=/"
    ],
    "token": "AQIC5wM2LY4SfcyS8UGjl8mQEGH-Y0q0RXBoezMxrDFWiak.*AAJTSQACMDIAAlNLABMtMzQwMzYxMDcxMjM1MTg2OTI3AAJTMQACMDE.*",
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDMwMDY2OTEsInVzZXJfbmFtZSI6InRlc3RlQGdtYWlsLmNvbSIsImp0aSI6ImVmYzg2YjdjLWJhMmMtNGM2Zi1hMWJiLWEzZjMxYWY2NjE3MiIsImNsaWVudF9pZCI6ImFjZXNzb2RzdiIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.sSP2z6hRHWlcXDGQOi1DnkSqxP2YKkew_BTOLKWOMUPhEMkHvHOoKplMnynr6kp3rcJJj0tpDwAHloNKLGIaSAuK1WgXC8YxOnq279GEOd2uu7b2ayx7xoaHV5Ar9hr3194S5gS9X6sIGUYsQJX0wUu6ZWeOOovAMticvcBI7RbVbMbRBJW4Lvt8oMAx7eou_tFGze3mT3Qe3YqXChzhws-wRhxt17IjwJZNQ2QpnpF4sp6DKmKRTSX1Rhvfe7SzVNFdqj7U6SII_OMv6gqtnKe4an605sOPMyJAZkmeI-SE_46EissjCgzY6DVZwkDEnSviyuIjEIQ34dKHLFsKUQ",
    "uid": "teste@gmail.com",
    "scope": "read write",
    "name": "MARGARIDA",
    "cpf": "52253155691",
    "personId": 3181886,
    "expires_in": 2675,
    "jti": "efc86b7c-ba2c-4c6f-a1bb-a3f31af66172",
    "email": "teste@gmail.com",
    "fullRoles": []
}

Caso o access_token seja válido, todos os dados da sessão retornados da mesma maneira como no login, só que agora com a propriedade expires_in refletindo o tempo restante para expiração do token.

400 - Dados Inválidos

{
    "message": "Violação: 'accessToken' must not be empty."
}

401 - Não autorizado

{
    "date": "19/12/2023 16:29:32",
    "message": "Unauthorized!",
    "details": []
}

403 - Acesso negado

{
    "date": "19/12/2023 16:29:32",
    "message": "Forbidden!",
    "details": []
}

Exemplos da requisição

HTTP

POST /security/oauth/validate HTTP/1.1
Host: apihml.unimedbh.io
Content-Type: application/json
Content-Length: 593

{
	"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDMwMDY2OTEsInVzZXJfbmFtZSI6InRlc3RlQGdtYWlsLmNvbSIsImp0aSI6ImVmYzg2YjdjLWJhMmMtNGM2Zi1hMWJiLWEzZjMxYWY2NjE3MiIsImNsaWVudF9pZCI6ImFjZXNzb2RzdiIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.sSP2z6hRHWlcXDGQOi1DnkSqxP2YKkew_BTOLKWOMUPhEMkHvHOoKplMnynr6kp3rcJJj0tpDwAHloNKLGIaSAuK1WgXC8YxOnq279GEOd2uu7b2ayx7xoaHV5Ar9hr3194S5gS9X6sIGUYsQJX0wUu6ZWeOOovAMticvcBI7RbVbMbRBJW4Lvt8oMAx7eou_tFGze3mT3Qe3YqXChzhws-wRhxt17IjwJZNQ2QpnpF4sp6DKmKRTSX1Rhvfe7SzVNFdqj7U6SII_OMv6gqtnKe4an605sOPMyJAZkmeI-SE_46EissjCgzY6DVZwkDEnSviyuIjEIQ34dKHLFsKUQ"
}

cURL

curl --location 'https://apihml.unimedbh.io/security/oauth/validate' \
--header 'Content-Type: application/json' \
--data '{
	"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDMwMDY2OTEsInVzZXJfbmFtZSI6InRlc3RlQGdtYWlsLmNvbSIsImp0aSI6ImVmYzg2YjdjLWJhMmMtNGM2Zi1hMWJiLWEzZjMxYWY2NjE3MiIsImNsaWVudF9pZCI6ImFjZXNzb2RzdiIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.sSP2z6hRHWlcXDGQOi1DnkSqxP2YKkew_BTOLKWOMUPhEMkHvHOoKplMnynr6kp3rcJJj0tpDwAHloNKLGIaSAuK1WgXC8YxOnq279GEOd2uu7b2ayx7xoaHV5Ar9hr3194S5gS9X6sIGUYsQJX0wUu6ZWeOOovAMticvcBI7RbVbMbRBJW4Lvt8oMAx7eou_tFGze3mT3Qe3YqXChzhws-wRhxt17IjwJZNQ2QpnpF4sp6DKmKRTSX1Rhvfe7SzVNFdqj7U6SII_OMv6gqtnKe4an605sOPMyJAZkmeI-SE_46EissjCgzY6DVZwkDEnSviyuIjEIQ34dKHLFsKUQ"
}'

JavaScript

const myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
 
const raw = JSON.stringify({
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDMwMDY2OTEsInVzZXJfbmFtZSI6InRlc3RlQGdtYWlsLmNvbSIsImp0aSI6ImVmYzg2YjdjLWJhMmMtNGM2Zi1hMWJiLWEzZjMxYWY2NjE3MiIsImNsaWVudF9pZCI6ImFjZXNzb2RzdiIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.sSP2z6hRHWlcXDGQOi1DnkSqxP2YKkew_BTOLKWOMUPhEMkHvHOoKplMnynr6kp3rcJJj0tpDwAHloNKLGIaSAuK1WgXC8YxOnq279GEOd2uu7b2ayx7xoaHV5Ar9hr3194S5gS9X6sIGUYsQJX0wUu6ZWeOOovAMticvcBI7RbVbMbRBJW4Lvt8oMAx7eou_tFGze3mT3Qe3YqXChzhws-wRhxt17IjwJZNQ2QpnpF4sp6DKmKRTSX1Rhvfe7SzVNFdqj7U6SII_OMv6gqtnKe4an605sOPMyJAZkmeI-SE_46EissjCgzY6DVZwkDEnSviyuIjEIQ34dKHLFsKUQ"
});
 
const requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: raw,
  redirect: 'follow'
};
 
fetch("https://apihml.unimedbh.io/security/oauth/validate", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

Node.js

const axios = require('axios');
const data = JSON.stringify({
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDMwMDY2OTEsInVzZXJfbmFtZSI6InRlc3RlQGdtYWlsLmNvbSIsImp0aSI6ImVmYzg2YjdjLWJhMmMtNGM2Zi1hMWJiLWEzZjMxYWY2NjE3MiIsImNsaWVudF9pZCI6ImFjZXNzb2RzdiIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.sSP2z6hRHWlcXDGQOi1DnkSqxP2YKkew_BTOLKWOMUPhEMkHvHOoKplMnynr6kp3rcJJj0tpDwAHloNKLGIaSAuK1WgXC8YxOnq279GEOd2uu7b2ayx7xoaHV5Ar9hr3194S5gS9X6sIGUYsQJX0wUu6ZWeOOovAMticvcBI7RbVbMbRBJW4Lvt8oMAx7eou_tFGze3mT3Qe3YqXChzhws-wRhxt17IjwJZNQ2QpnpF4sp6DKmKRTSX1Rhvfe7SzVNFdqj7U6SII_OMv6gqtnKe4an605sOPMyJAZkmeI-SE_46EissjCgzY6DVZwkDEnSviyuIjEIQ34dKHLFsKUQ"
});
 
const config = {
  method: 'post',
  maxBodyLength: Infinity,
  url: 'https://apihml.unimedbh.io/security/oauth/validate',
  headers: { 
    'Content-Type': 'application/json'
  },
  data : data
};
 
axios.request(config)
  .then((response) => {
    console.log(JSON.stringify(response.data));
  })
  .catch((error) => {
    console.log(error);
  });

PHP

<?php
 
$curl = curl_init();
 
curl_setopt_array($curl, array(
  CURLOPT_URL => 'https://apihml.unimedbh.io/security/oauth/validate',
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => '',
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => 'POST',
  CURLOPT_POSTFIELDS =>'{
	"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDMwMDY2OTEsInVzZXJfbmFtZSI6InRlc3RlQGdtYWlsLmNvbSIsImp0aSI6ImVmYzg2YjdjLWJhMmMtNGM2Zi1hMWJiLWEzZjMxYWY2NjE3MiIsImNsaWVudF9pZCI6ImFjZXNzb2RzdiIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.sSP2z6hRHWlcXDGQOi1DnkSqxP2YKkew_BTOLKWOMUPhEMkHvHOoKplMnynr6kp3rcJJj0tpDwAHloNKLGIaSAuK1WgXC8YxOnq279GEOd2uu7b2ayx7xoaHV5Ar9hr3194S5gS9X6sIGUYsQJX0wUu6ZWeOOovAMticvcBI7RbVbMbRBJW4Lvt8oMAx7eou_tFGze3mT3Qe3YqXChzhws-wRhxt17IjwJZNQ2QpnpF4sp6DKmKRTSX1Rhvfe7SzVNFdqj7U6SII_OMv6gqtnKe4an605sOPMyJAZkmeI-SE_46EissjCgzY6DVZwkDEnSviyuIjEIQ34dKHLFsKUQ"
}',
  CURLOPT_HTTPHEADER => array(
    'Content-Type: application/json'
  ),
));
 
$response = curl_exec($curl);
 
curl_close($curl);
echo $response;

Java

Unirest.setTimeouts(0, 0);
HttpResponse<String> response = Unirest.post("https://apihml.unimedbh.io/security/oauth/validate")
  .header("Content-Type", "application/json")
  .body("{\n\t\"access_token\": \"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDMwMDY2OTEsInVzZXJfbmFtZSI6InRlc3RlQGdtYWlsLmNvbSIsImp0aSI6ImVmYzg2YjdjLWJhMmMtNGM2Zi1hMWJiLWEzZjMxYWY2NjE3MiIsImNsaWVudF9pZCI6ImFjZXNzb2RzdiIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.sSP2z6hRHWlcXDGQOi1DnkSqxP2YKkew_BTOLKWOMUPhEMkHvHOoKplMnynr6kp3rcJJj0tpDwAHloNKLGIaSAuK1WgXC8YxOnq279GEOd2uu7b2ayx7xoaHV5Ar9hr3194S5gS9X6sIGUYsQJX0wUu6ZWeOOovAMticvcBI7RbVbMbRBJW4Lvt8oMAx7eou_tFGze3mT3Qe3YqXChzhws-wRhxt17IjwJZNQ2QpnpF4sp6DKmKRTSX1Rhvfe7SzVNFdqj7U6SII_OMv6gqtnKe4an605sOPMyJAZkmeI-SE_46EissjCgzY6DVZwkDEnSviyuIjEIQ34dKHLFsKUQ\"\n}")
  .asString();

C#

var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, "https://apihml.unimedbh.io/security/oauth/validate");
var content = new StringContent("{\"access_token\": \"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDMwMDY2OTEsInVzZXJfbmFtZSI6InRlc3RlQGdtYWlsLmNvbSIsImp0aSI6ImVmYzg2YjdjLWJhMmMtNGM2Zi1hMWJiLWEzZjMxYWY2NjE3MiIsImNsaWVudF9pZCI6ImFjZXNzb2RzdiIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.sSP2z6hRHWlcXDGQOi1DnkSqxP2YKkew_BTOLKWOMUPhEMkHvHOoKplMnynr6kp3rcJJj0tpDwAHloNKLGIaSAuK1WgXC8YxOnq279GEOd2uu7b2ayx7xoaHV5Ar9hr3194S5gS9X6sIGUYsQJX0wUu6ZWeOOovAMticvcBI7RbVbMbRBJW4Lvt8oMAx7eou_tFGze3mT3Qe3YqXChzhws-wRhxt17IjwJZNQ2QpnpF4sp6DKmKRTSX1Rhvfe7SzVNFdqj7U6SII_OMv6gqtnKe4an605sOPMyJAZkmeI-SE_46EissjCgzY6DVZwkDEnSviyuIjEIQ34dKHLFsKUQ\"}", null, "application/json");
request.Content = content;
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync());
Login/Gerar TokenRenovar Token