From 7bad2b0e68f069d6e03a09aaf280967a9136401e Mon Sep 17 00:00:00 2001
From: Mirjam Herald <m.herald@htm.nl>
Date: Wed, 9 Jul 2025 13:59:44 +0200
Subject: [PATCH] added validate OTT endpoint

---
 src/openapi/onetimetokens/onetimetokens.yaml | 60 ++++++++++++++++++--
 1 file changed, 54 insertions(+), 6 deletions(-)

diff --git a/src/openapi/onetimetokens/onetimetokens.yaml b/src/openapi/onetimetokens/onetimetokens.yaml
index 784023c..37c5e02 100644
--- a/src/openapi/onetimetokens/onetimetokens.yaml
+++ b/src/openapi/onetimetokens/onetimetokens.yaml
@@ -12,24 +12,72 @@ tags:
       Service Engine APIs for HTM Customers. These are NOT the CRUD APIs to access raw data in the database.
       To be used by touchpoints to get information about HTM customers.
 paths:
-  /onetimetokens:
+  /one-time-tokens:
     post:
       tags:
         - OneTimeTokens
       summary: Create a one time token, to be included in the redirect
       description: |
         Create a one time token, to be included in the redirect
-      body:
-      {
-        "nonce": "randomNonce123"
-      }
+      parameters:
+        - name: Authorization
+          in: header
+          required: true
+          style: simple
+          explode: false
+          schema:
+            type: string
+            example: Bearer {WSO2 Token}
+          description: Fill in a valid WSO2 Token for the touchpoint
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/unavailable'
+            example:
+              {
+                "nonce": "randomNonce123",
+              }
       responses:
-        "200":
+        "201":
           description: OK
           content:
             application/json:
               schema:
                 $ref: "#/components/schemas/oneTimeTokenResponse"
+  /one-time-tokens/validate:
+    post:
+      tags:
+        - OneTimeTokens
+      summary: Validate a received one time token 
+      description: Validate a received one time token through the redirect, validates the source and validity of the token
+      parameters:
+        - name: Authorization
+          in: header
+          required: true
+          style: simple
+          explode: false
+          schema:
+            type: string
+            example: Bearer {WSO2 Token}
+          description: Fill in a valid WSO2 Token for the touchpoint
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/unavailable'
+            example:
+              {
+                "token": "handoff-xyz987"
+              }
+      responses:
+        "200":
+          description: OK
+        "400":
+          description: Bad request
+        "401":
+          description: Not authorized
+
 components:
   schemas:
     unavailable: