Authorize is our implementation of the OAuth 2.0 framework. It enables secure authorization using standard methods that can easily be integrated in your app. If you're familiar with OAuth 2.0, everything should look familiar. If not, you may want to check out the OAuth 2.0 resources here.
Generate an Access Token
Trying to test and see what our APIs are all about quickly? We understand! The first thing you’ll need to make Citi API calls is an Access Token. Use the below tool to generate an Access Token quickly without implementing a full OAuth 2.0 flow. You can then use this token to call other APIs on our platform, either through their inline testing tools, an API testing tool, or your own application. When you’re ready to do a full integration, take a look at our Authorize documentation!
An Access Token not only identifies you as an application publisher to Citi, but also identifies your end user so you can access their data securely and with their consent. See the table below for the sample accounts and data that we offer in our sandbox. Once you generate an Access Token, you can use it to access the sample data for that sample user.
Step 1: Select App
If you haven’t created an application yet, make sure to go to app page to create a new Client ID and Client Secret. Copy these down in a separate document and paste them below. You will use your Client ID and Client Secret for identifying yourself to Citi for all API calls.
Client ID: This can be grabbed from your applications page.
Client Secret: This is generated from your applications page when you first create your application. You can reset it from the applications page – but keep in mind there will be a delay before you can make a successful API call after you reset your client secret.
Step 2: Choose Test Profile
If you are generating an Access Token for 3-Legged OAuth, select the user for which you are generating the Access Token. This determines which test data set you will receive when you use your token for further test API calls.
Step 3: Generate Access Token
Click the button below to generate your access token.Generate Token
Your Access Token
Response Status Code
Client Credentials grant: Retrieve access token
Get access token for your application credentials. You can use this for APIs which do not require customer credential verification and consent (e.g. Onboarding).
HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==
Value should always be application/x-www-form-urlencoded
The grant type. Valid value is client_credentials.
The set of scopes requested to make API calls. You can pass multiple values delimted by space