Supplementary Card Application

Cards

Supplementary Card Application

Experience the joy of sharing by applying for a supplementary credit card for your loved ones. Supplementary cardholders share the same credit limit as the primary cardholders. Help your loved ones earn discounts, rebates and rewards at over 700 merchant outlets.

Australia

Customers apply for a supplementary card

Customers can apply for a supplementary card associated with their primary card. The supplementary cardholder shares the same credit limit as the primary cardholder. They can click on 'Apply Now' to proceed.
Zoom In

Secure identification

Customers can log in securely with their Citi user ID and password. Refer to the API callout for information about retrieving an authorization code.
Zoom In

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Authorization code grant: Retrieve authorization code

This API gets invoked by a web browser redirection and requires user interaction. It is used to retrieve an authorization code by redirecting the user to a login page followed by the consent approval page. At the end of this flow, this endpoint returns to the redirect_uri configured for the associated application.

Endpoint

Australia: GET /authCode/oauth2/authorize

Parameters

PATH

NA

Query

response_type

client_id

scope

countryCode

businessCode

locale

state

redirect_uri

Customer Consent

Customers can authorize Citi to share their data with third-party providers that they trust by clicking on 'Authorize'. After successful authorization, an access token is issued to the third party.
Zoom In

Customers validate the one-time password sent to their registered mobile number

Consenting customers can receive a one-time password from Citi on their registered mobile number and then validate it. In the three-legged OAuth flow, one-time password validation is based on a fraud and risk recommendation, but is not mandatory.
Zoom In

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Authorization code grant: Retrieve access token

Get an access token issued by calling our token endpoint and passing the authorization code from the previous call. The issued access token will expire and will be valid only for the scope for which the consent has been provided by the customer. You can call the APIs by passing this token in Authorization header.


You also get a refresh token that can be used to get a new access token in case the original one expires.

Endpoint

Australia: POST /authCode/oauth2/token/<countryCode>/<businessCode>

Parameters

PATH

countryCode

businessCode

FormData

grant_type

code

redirect_uri

Customers provide additional cardholder's information

Along with the primary card number, customers provide the information of the additional cardholder. This information includes their title, first name, last name, date of birth, etc. They can click on 'Continue' to provide more details. Refer to the API callout for information about retrieving the card list eligible for this function.
Zoom In

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Retrieve all cards

Returns an array of credit card numbers, credit limits, statuses and types for the customer who authorized your app.

Endpoint

Australia: GET /v1/cards

Parameters

PATH

NA

Query

cardFunction

Customers continue to provide additional cardholder's information

Customers provide additional details like contact number, email address, nationality, occupation etc., and then click on 'Continue' to proceed.
Zoom In

Customers provide address details and submit the request for supplementary card

Customers provide the address details of the additional cardholder including unit, street number, street name, city, state, postal code, country, etc., and then click on 'Submit' to submit the request for the supplementary card. Refer to the API callout for information about submitting the request for issuing the supplementary card.
Zoom In

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Supplementary Card Application

Requests an authorized Citi customer to add a supplementary card to their existing primary card.

Endpoint

Australia: POST /v1/creditCards/{cardId}/supplementary/applications

Parameters

PATH

cardId

One-time password sent to supplementary cardholder's mobile number

In order to fulfill their supplementary card request, the secondary cardholder validates the one-time password sent to their registered mobile number. In the three-legged OAuth flow, one-time password validation is based on a fraud and risk recommendation, but is not mandatory. Refer to the API Callout for information about retrieving an access token.
Zoom In

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Authorization code grant: Retrieve access token

Get an access token issued by calling our token endpoint and passing the authorization code from the previous call. The issued access token will expire and will be valid only for the scope for which the consent has been provided by the customer. You can call the APIs by passing this token in Authorization header.


You also get a refresh token that can be used to get a new access token in case the original one expires.

Endpoint

Australia: POST /authCode/oauth2/token/<countryCode>/<businessCode>

Parameters

PATH

countryCode

businessCode

FormData

grant_type

code

redirect_uri

Confirmation message for supplementary card request

After the successful application submission, the customers receive a confirmation message along with an application reference number.

They can track the progress of their request by using this reference number. 

Zoom In

Customers check their application status

After submitting their request for the supplementary card, the customers can check the status of their application by providing a few details like application reference number, mother's maiden name and the customer's date of birth.
Zoom In

Application status displayed

Customers can view their application status along with the date of request submission.
Zoom In