> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt
> Use this file to discover all available pages before exploring further.

# Validate inbound message

> Validates an inbound ISO 20022 XML message (schema and signature) without processing it.



## OpenAPI

````yaml en/openapi/v3-current/spi.yaml post /api/v1/spi/messages/inbound/validate
openapi: 3.1.0
info:
  contact:
    email: contact@lerian.studio
    name: Lerian Studio
    url: https://lerian.studio
  description: >-
    OpenAPI surface for Lerian SPI: ISO 20022 payment messaging with BACEN over
    the Brazilian Instant Payment System (Pix/SPI). Covers payments and returns,
    Pix Automático mandates and schedules, inbound message validation/processing
    and pacs callbacks, Conta PI account reporting, certificates, approvals,
    evidence, operation recovery, and volumetria/rejected/balance reports.
  license:
    name: Lerian Studio General License
  title: Lerian SPI API
  version: 1.0.0
servers:
  - url: https://spi.sandbox.lerian.net
security: []
tags:
  - description: Pix payment orders, returns (MED), and payment history.
    name: Payments
  - description: >-
      SPI operations: connectivity tests, account reports, Conta PI
      responsibles, settlement reports, Pix Automático mandates/schedules, and
      structured operation recovery.
    name: Operations
  - description: >-
      Inbound ISO 20022 message validation/processing and BACEN
      pacs.008/pacs.002/pacs.004 callbacks.
    name: Messages
  - description: >-
      Approval requests and decisions for operations requiring manual
      authorization.
    name: Approvals
  - description: Operation evidence export jobs and their status.
    name: Evidence
  - description: >-
      Synchronous reports over Lerian SPI's own record: volumetria (COUNT-only),
      rejected payments, and Conta-PI balance/extract windows projected
      verbatim.
    name: Reports
  - description: >-
      Pix-side certificate lifecycle: list/upload/detail/deactivate of
      PIC/PIA/QR-code/CERTPIC/signing certificates. Structured public metadata +
      SHA-256 fingerprint only; key material is never exposed and an uploaded
      private key is rejected fail-closed.
    name: Certificates
  - description: Internal-only operational endpoints not exposed on the public API surface.
    name: Internal
  - description: >-
      Flow (mandatory order): certificate → readiness → connectivity-test →
      submit. Activate a certificate, confirm the rail reports ready, pass a
      connectivity test, then submit an operation. Each step is its own
      resource; a submit must not be attempted before readiness passes.
    name: onboarding
  - description: >-
      Flow (mandatory order): parent operation SETTLED → return/cancel. A return
      or cancellation is a sub-resource of a settled parent operation; the
      {operationId}/{endToEndID} path segment enforces the parent structurally.
    name: lifecycle
  - description: >-
      Flow (mandatory order): camt.060 request → camt.05x result read. An
      account-report result read is meaningful only after the camt.060
      account-report request has been correlated; the query is initiated first,
      the result read back.
    name: account-reporting
paths:
  /api/v1/spi/messages/inbound/validate:
    post:
      tags:
        - Messages
      summary: Validate inbound message
      description: >-
        Validates an inbound ISO 20022 XML message (schema and signature)
        without processing it.
      operationId: validateInboundMessage
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/MessageRequest'
        required: true
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MessageResponse'
          description: OK
        default:
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/Detail'
          description: Error
      security:
        - BearerAuth: []
components:
  schemas:
    MessageRequest:
      additionalProperties: false
      properties:
        xml:
          description: ISO 20022 message as a raw XML string (e.g. pacs.008).
          examples:
            - >-
              <Document
              xmlns='urn:iso:std:iso:20022:tech:xsd:pacs.008.001.08'>...</Document>
          type: string
      required:
        - xml
      type: object
    MessageResponse:
      additionalProperties: false
      properties:
        messageType:
          description: ISO 20022 message type detected for the submitted payload.
          examples:
            - pacs.008
          type: string
        status:
          description: Validation result for the submitted message (e.g. valid).
          examples:
            - valid
          type: string
      required:
        - messageType
        - status
      type: object
    Detail:
      additionalProperties: false
      properties:
        code:
          description: >-
            Stable, machine-readable domain error code scoped to the emitting
            service (format: <SERVICE>-NNNN).
          examples:
            - ERR-0001
          type: string
        detail:
          description: >-
            A human-readable explanation specific to this occurrence of the
            problem.
          examples:
            - Property foo is required but is missing.
          type: string
        errors:
          description: Optional list of individual error details
          items:
            $ref: '#/components/schemas/ErrorDetail'
          type:
            - array
            - 'null'
        instance:
          description: >-
            A URI reference that identifies the specific occurrence of the
            problem.
          examples:
            - https://example.com/error-log/abc123
          format: uri
          type: string
        status:
          description: HTTP status code
          examples:
            - 400
          format: int64
          type: integer
        title:
          description: >-
            A short, human-readable summary of the problem type. This value
            should not change between occurrences of the error.
          examples:
            - Bad Request
          type: string
        type:
          default: about:blank
          description: A URI reference to human-readable documentation for the error.
          examples:
            - https://example.com/errors/example
          format: uri
          type: string
      type: object
    ErrorDetail:
      additionalProperties: false
      properties:
        location:
          description: >-
            Where the error occurred, e.g. 'body.items[3].tags' or
            'path.thing-id'
          type: string
        message:
          description: Error message text
          type: string
        value:
          description: The value at the given location
      type: object
  securitySchemes:
    BearerAuth:
      bearerFormat: JWT
      description: JWT bearer token issued by the identity provider.
      scheme: bearer
      type: http

````