Get Started

Welcome to Get Started. Here, we'll show you how to:

  1. Sign up for an account and get your API keys
  2. Authorize with OAuth 2.0
  3. Make API calls with our sandbox data

Before you get started, please browse our API Products to see what they can do for you.


If you get stuck, visit our community for support and ideas:

GitHub - View sample applications, get bootstrapping code, and ask questions.

Stack Overflow - Ask a question with #citiapi and get answers from community developers.

Support - Contact Citi DevHub support for technical or business questions. 


Now that you have the basics. Let's get started!

To start building with our APIs, you’ll need to create an account.

Sign Up

  1. Sign Up for an account.
  2. Check for an email from us. Click the link.
  3. Follow the registration flow, then Log In.
  4. Now you can visit your My Apps.

To register a new app, go to My Apps. Then, click the + icon. You’ll see a series of fields asking you about your application.

Here’s a breakdown of the fields:

Name (Required) - The name of your application

Description (Optional) - Enter a short description of what your application does. 

Redirect URI (Optional) – To which URI is the user sent after they’re authenticated.

Note: Visit the Authorize Guide for info on the Redirect URI.

App Icon (Optional) – Upload an image to help you identify your application.

Once your application is confirmed, you’ll get your Client ID and Client Secret. Copy down this information and keep it in a secure place. Here’s what your credentials do:

Client ID – The public identifier of your application. It’s used in every call so we can tell who is requesting information.

Client Secret – The private identifier of your application. Allows us to verify your identity in the authentication step of our APIs.

Important! 
Your Client ID and Client Secret identify you and are essential to protecting yourself and your customers. Keep them in a very safe place.

Before you can start testing our APIs, you’ll need to authenticate with the Authorize API.

There are two types of authentications—two-legged and three-legged. Here’s the difference:

TWO-LEGGED OAUTH THREE-LEGGED OAUTH
You'll use two-legged when Citi is not providing identifying information or financial history. You'll use three-legged when you need to access sensitive data from a specific customer.
Example: Exchanging rewards or submitting product applications Example: Checking balances or viewing personal information

APIs you can use:

  • Pay with Points
  • Onboarding

APIs you can use:

  • Accounts
  • Customers
  • Money Movement
  • Cards

Here’s how it works: 

  1. Create a custom URL that redirects to a Citi login endpoint including the following parameters: your client ID, State, Country, and Scope.  
  2. Once you’ve submitted the parameters, we’ll ask your end-user to login via a Citi portal.
  3. Once they’ve successfully logged in, we’ll redirect them back to your redirect URL.
  4. We will provide you the authorization code.
  5. You can then exchange the authorization code for an access token. 

Important!
Access Tokens. Just like your Client ID and Secret, keep your access tokens well-guarded and hidden, and keep them away from your client interface!

Now it’s time to choose an API and start testing. Our API Documentation will show you how to format your HTTPS request. 

Include your access token and the information needed for that API. From there, use the response for your application and you’re all set. 

Now you can start building applications with our API sandbox data!

You’re now up and running on Citi Developer Hub. If you’re stuck or have questions about any part of the process, feel free to contact support

We look forward to seeing what you create. Have fun and happy testing!