--- basePath: /api produces: - application/json schemes: - https definitions: GetEncryptionKeyResponse: properties: modulus: description: Public key modulus to be used for encrypting the pin type: string example: A2FB4E7B03DC966F964C86777D7F791779739248E12C291AB27DE866CADBED78FF820CE1D6EA88039C2A1543A896CA8797DF5DB9AC43EDFB1036307878F7216EB0F21FDC076F0542833A9337C6F388DCFA2568E183F46752AABCF4AC395B8CECAEE0B873AD880EAD77E31BD705D36E37CDBFBD61A45D484F68D0C918A6A557D15CACC99F6332AFA58E0D33B6F4D9B748681EB5DE6A89A57A981BEB1EBF61E06CE85D38AE4665313C7E5C45A8EE6F30E6AC8426E82B2D69AD85A4C5A2329D46B18338D9722196A5B1C4BF6FF88914D34D2E694E09FE95F955C337C1F0BA25DC6AF915C87C316DB9DCA8C28C81EE35286ACDDD02B84B35C9B4D5D1470C6647C087 exponent: description: Public key exponent to to be used for encrypting the pin type: string example: "3" keyIdentifier: description: This refer to unique identifier for the public key for security gateway type: string example: CARD_LOGIN required: - modulus - exponent MfaStatusUpdateRequest: properties: isMfaVerified: description: Value to set the interdiction result type: boolean example: true required: - isMfaVerified RetrieveIssuedDeviceAllocationAccessTokenRequest: properties: jweSignature: description: "This refers to JWE Token.
RFC for JWE encryption : https://tools.ietf.org/html/rfc7516
Example:
BASE64URL(UTF8(JWE Protected Header)) ||
'.' || BASE64URL(JWE Encrypted Key) || '.' ||
BASE64URL(JWE Initialization Vector) || '.' ||
BASE64URL(JWE Ciphertext) || '.'||
BASE64URL(JWE Authentication Tag).
\nJWE Protected Header: This will be shared by Citi to Partner. e.g. {\"type\":\"JWE\",\"alg\":\"\",\"enc\":\"\",\"kid\":\"\"}
\nJWE Encrypted Key:
o Generate a random Content Encryption Key (CEK). Encrypt the CEK with the recipient's public key using the predefine Citi bank algorithm to produce the JWE Encrypted Key. JWE Initialization Vector:
o Generate a random JWE Initialization Vector. JWE Ciphertext value/JWE Authentication Tag:
o Perform authenticated encryption on the plaintext (refer to below for details) with the Pre defined Citi algorithm using:
1. Content Encryption Key (CEK) as the encryption key,
2. the JWE Initialization Vector, requesting a 128-bit Authentication Tag output.
\nplaintext:
{
issuer : \"vma.creditcardapi.com\",
subject : \"aspac.citi.com\",
audience : \"1300819380\",
expirationTime : \"1300819380\",
issuedAt : \"1300819380\",
jwtId : \"3535355535fsfsffsf\",
grant_type : \"CARD_ADDITIONAL_AUTHORIZATION\",
offerId: \"ABC12345\",
lastFourDigitsCardNumber : \"1234\",
citiCardHolderPhoneNumber : \"6585640987\",
phoneCountryCode: \"61\",
dateOfBirth : \"1999-12-03\",
expiryCardNumber : \"1224\",
partnerCustomerIdentifier : \"CUSTOMER_ID\",
partnerCustomerIdentifierValue : \"123456\",
fullCardNumber: \"1234567890123456\",
scope : \"ACCOUNTS\"
}
Note:- Above json fields will be conditional mandatory based on grant_type.
We support multiple grant_type using above fields.
Grant_Type supported :
\"CARD_AUTHORIZATION\",\"CUSTOMER_AUTHORIZATION\", \"CARD_ADDITIONAL_AUTHORIZATION\", \"OFFER_AUTHORIZATION\" \"CARD_ONLY_AUTHORIZATION\" " type: string example: eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGeipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDbSv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaVmqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je81860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi6UklfCpIMfIjf7iGdXKHzg.48V1_ALb6US04U3b.5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A.XFBoMYUZodetZdvTiFvSkQ required: - businessCode - countryCode - jweSignature RetrieveIssuedDeviceAllocationAccessTokenResponse: properties: tokenType: description: Type of token, default is \"Bearer\". type: string example: bearer accessToken: description: Session token which is created after auth service. The token is granted for an individual user to access his data. type: string example: AAEkYzFjMDQ0Y2UtNTBmMy00NmY4LWI4YjEtYmQ5ODJkMWZiNGZh3xGP85xjqyxoHR7pXxzQJf223kWPL-HyWHD4zrRCvHZUkeBkTgxppbmpFtmWeVmjzDOxs1wFzI4s45YDS15eYmyuxzLbVog4d8H9pYSelrvL6naDYOLL9U16EaY0iyAMPBGX1H7RhCqtmd-7u_Eanw7QshbruLaZh2stOrdq2thC5CCSwW2r0e8PM1QbWubJOcMp8UGv-zNc0I3cTSihymSCF44HJ_yeuPAcXJ7kj-iPzQqxaO6FiWPmIsIh2YSxdGYo8alTyjJfG5AQDnM0HA expiresIn: description: The remaining lifetime of the access token. type: integer format: int32 example: 3600000 refreshToken: description: The refresh token issued to the client type: string example: AAGsyASCzlBplxGvA-5CFCkLhNinu6-0HQt-y7PuzsRLVAHok6yYs6KS2Np4t7bL0R8FMeT62wYXFxxY6F7LU_cc00QTXPfoQFFtay2tu3eGpBAGDg07ll_vNk_AEJo9l1GaEKYev7Q7drDOeRCDRqcD12zJzk36PsQEM6j1txFV2jR3snW5PLs3HVjxNRjUHWLR5IoI2qfb8zCZNahrFCRQ7T7ZVB_-E6Qk22tN3hZkZH7_kB3bZjtVoNxyjJ6qBDcrYdgtAvPvBV-xXDBmfUXD44JBYiZffHjEr2dFb_e3yA refreshTokenExpiresIn: description: The remaining lifetime of the refresh access token. type: integer format: int32 example: 2678400 cardId: description: The customer card identifier in encrypted format type: string example: 44125873852316f2b4d4d796c344e38756339654972776f663745446e6d4c32486f455a4165374a476858343d consentedOn: description: The customer consent time for authorization type: string scope: description: The set of function scopes applicable for the token type: string example: accounts_details_transactions customers_profiles required: - tokenType - accessToken - expiresIn - refreshToken - scope UpdateIssuedDeviceAllocationAccessTokenRefreshResponse: properties: tokenType: description: Type of token, default is \"Bearer\". type: string example: bearer accessToken: description: Session token which is created after auth service. The token is granted for an individual user to access his data. type: string example: AAEkYzFjMDQ0Y2UtNTBmMy00NmY4LWI4YjEtYmQ5ODJkMWZiNGZh3xGP85xjqyxoHR7pXxzQJf223kWPL-HyWHD4zrRCvHZUkeBkTgxppbmpFtmWeVmjzDOxs1wFzI4s45YDS15eYmyuxzLbVog4d8H9pYSelrvL6naDYOLL9U16EaY0iyAMPBGX1H7RhCqtmd-7u_Eanw7QshbruLaZh2stOrdq2thC5CCSwW2r0e8PM1QbWubJOcMp8UGv-zNc0I3cTSihymSCF44HJ_yeuPAcXJ7kj-iPzQqxaO6FiWPmIsIh2YSxdGYo8alTyjJfG5AQDnM0HA expiresIn: description: The remaining lifetime of the access token. type: integer format: int32 example: 3600000 refreshToken: description: The refresh token issued to the client type: string example: AAGsyASCzlBplxGvA-5CFCkLhNinu6-0HQt-y7PuzsRLVAHok6yYs6KS2Np4t7bL0R8FMeT62wYXFxxY6F7LU_cc00QTXPfoQFFtay2tu3eGpBAGDg07ll_vNk_AEJo9l1GaEKYev7Q7drDOeRCDRqcD12zJzk36PsQEM6j1txFV2jR3snW5PLs3HVjxNRjUHWLR5IoI2qfb8zCZNahrFCRQ7T7ZVB_-E6Qk22tN3hZkZH7_kB3bZjtVoNxyjJ6qBDcrYdgtAvPvBV-xXDBmfUXD44JBYiZffHjEr2dFb_e3yA refreshTokenExpiresIn: description: The remaining lifetime of the refresh access token. type: integer format: int32 example: 2678400 cardId: description: The customer card identifier in encrypted format type: string example: 44125873852316f2b4d4d796c344e38756339654972776f663745446e6d4c32486f455a4165374a476858343d consentedOn: description: This refer to the customer consent time for authorization type: string scope: description: The set of function scopes applicable for the token type: string example: accounts_details_transactions customers_profiles required: - tokenType - accessToken - expiresIn - refreshToken - scope CardAuthorizationAccessTokenResponse: properties: token_type: description: The token type type: string example: bearer expires_in: description: The access token expiry time (in seconds) type: integer format: int32 example: 1800 scope: description: The list of scopes separated by space type: string example: accounts_details_transactions customers_profiles refresh_token: description: The refresh token value type: string example: AAGsyASCzlBplxGvA-5CFCkLhNinu6-0HQt-y7PuzsRLVAHok6yYs6KS2Np4t7bL0R8FMeT62wYXFxxY6F7LU_cc00QTXPfoQFFtay2tu3eGpBAGDg07ll_vNk_AEJo9l1GaEKYev7Q7drDOeRCDRqcD12zJzk36PsQEM6j1txFV2jR3snW5PLs3HVjxNRjUHWLR5IoI2qfb8zCZNahrFCRQ7T7ZVB_-E6Qk22tN3hZkZH7_kB3bZjtVoNxyjJ6qBDcrYdgtAvPvBV-xXDBmfUXD44JBYiZffHjEr2dFb_e3yA cardId: description: The card id in encrypted format type: string example: 44125873852316f2b4d4d796c344e38756339654972776f663745446e6d4c32486f455a4165374a476858343d access_token: description: This field should be passed as Authorization header in API request calls type: string example: AAEkYzFjMDQ0Y2UtNTBmMy00NmY4LWI4YjEtYmQ5ODJkMWZiNGZh3xGP85xjqyxoHR7pXxzQJf223kWPL-HyWHD4zrRCvHZUkeBkTgxppbmpFtmWeVmjzDOxs1wFzI4s45YDS15eYmyuxzLbVog4d8H9pYSelrvL6naDYOLL9U16EaY0iyAMPBGX1H7RhCqtmd-7u_Eanw7QshbruLaZh2stOrdq2thC5CCSwW2r0e8PM1QbWubJOcMp8UGv-zNc0I3cTSihymSCF44HJ_yeuPAcXJ7kj-iPzQqxaO6FiWPmIsIh2YSxdGYo8alTyjJfG5AQDnM0HA refresh_token_expires_in: description: This refer to the time in refersh token expiry type: integer example: 4560 consented_on: description: This refer to the customer consent time for authorization type: string example: "2016-11-23T00:00:00+05:00" customerId: description: Customer number in the encrypted format type: string example: 3255613852316f2b4d4d796c344e38756339654972776f663745446e6d4c32486f455a4165374a476858343d cardReferenceNumber: description: Partner will include Card reference number in the settlement file to sent it to Citi to aprove the purchase type: string example: 3255613852316f2b4d4d796c344e38756339654972776f663745446e6d4c32486f455a4165374a476858343d required: - token_type - expires_in - scope - refresh_token - cardId - access_token CardAuthorizationRevokeTokenRequest: properties: token: description: The token to be revoked type: string example: AAEkYzFjMDQ0Y2UtNTBmMy00NmY4LWI4YjEtYmQ5ODJkMWZiNGZh3xGP85xjqyxoHR7pXxzQJf223kWPL-HyWHD4zrRCvHZUkeBkTgxppbmpFtmWeVmjzDOxs1wFzI4s45YDS15eYmyuxzLbVog4d8H9pYSelrvL6naDYOLL9U16EaY0iyAMPBGX1H7RhCqtmd-7u_Eanw7QshbruLaZh2stOrdq2thC5CCSwW2r0e8PM1QbWubJOcMp8UGv-zNc0I3cTSihymSCF44HJ_yeuPAcXJ7kj-iPzQqxaO6FiWPmIsIh2YSxdGYo8alTyjJfG5AQDnM0HA token_type_hint: description: A hint about the type of the token submitted for revocation. Clients MAY pass this parameter in order to help the authorization server to optimize the token lookup. Valid values are access_token, refresh_token type: string example: refresh_token required: - token - token_type_hint CardAuthorizationRefreshTokenRequest: properties: grant_type: description: The grant type. Valid value is refresh_token type: string example: card_authorization refresh_token: description: The refresh token issued to the client type: string example: AAGsyASCzlBplxGvA-5CFCkLhNinu6-0HQt-y7PuzsRLVAHok6yYs6KS2Np4t7bL0R8FMeT62wYXFxxY6F7LU_cc00QTXPfoQFFtay2tu3eGpBAGDg07ll_vNk_AEJo9l1GaEKYev7Q7drDOeRCDRqcD12zJzk36PsQEM6j1txFV2jR3snW5PLs3HVjxNRjUHWLR5IoI2qfb8zCZNahrFCRQ7T7ZVB_-E6Qk22tN3hZkZH7_kB3bZjtVoNxyjJ6qBDcrYdgtAvPvBV-xXDBmfUXD44JBYiZffHjEr2dFb_e3yA required: - refresh_token CardAuthorizationRefreshTokenResponse: properties: token_type: description: The token type type: string example: bearer access_token: description: This field should be passed as Authorization header in API request calls type: string example: AAEkYzFjMDQ0Y2UtNTBmMy00NmY4LWI4YjEtYmQ5ODJkMWZiNGZh3xGP85xjqyxoHR7pXxzQJf223kWPL-HyWHD4zrRCvHZUkeBkTgxppbmpFtmWeVmjzDOxs1wFzI4s45YDS15eYmyuxzLbVog4d8H9pYSelrvL6naDYOLL9U16EaY0iyAMPBGX1H7RhCqtmd-7u_Eanw7QshbruLaZh2stOrdq2thC5CCSwW2r0e8PM1QbWubJOcMp8UGv-zNc0I3cTSihymSCF44HJ_yeuPAcXJ7kj-iPzQqxaO6FiWPmIsIh2YSxdGYo8alTyjJfG5AQDnM0HA expires_in: description: The access token expiry time (in seconds) type: integer format: int32 example: 1800 scope: description: The list of scopes separated by space type: string example: accounts_details_transactions,customers_profiles refresh_token: description: The refresh token value type: string example: AAGsyASCzlBplxGvA-5CFCkLhNinu6-0HQt-y7PuzsRLVAHok6yYs6KS2Np4t7bL0R8FMeT62wYXFxxY6F7LU_cc00QTXPfoQFFtay2tu3eGpBAGDg07ll_vNk_AEJo9l1GaEKYev7Q7drDOeRCDRqcD12zJzk36PsQEM6j1txFV2jR3snW5PLs3HVjxNRjUHWLR5IoI2qfb8zCZNahrFCRQ7T7ZVB_-E6Qk22tN3hZkZH7_kB3bZjtVoNxyjJ6qBDcrYdgtAvPvBV-xXDBmfUXD44JBYiZffHjEr2dFb_e3yA cardId: description: The card id in encrypted format type: string example: 44125873852316f2b4d4d796c344e38756339654972776f663745446e6d4c32486f455a4165374a476858343d required: - token_type - access_token - expires_in - scope - refresh_token - cardId CardAuthorizationAccessTokenRequest: properties: grant_type: description: The grant type. Valid value is refresh_token type: string example: card_authorization controlFlowId: description: Control Flow ID type: string example: 44125873852316f2b4d4d796c344e38756339654972776f663745446e6d4c32486f455a4165374a476858343d linkageConfirmationCode: description: Confirmation for activation type: string example: 123455 required: - controlFlowId - linkageConfirmationCode CardAuthorizationRequest: properties: grant_type: description: The grant type. Valid value is refresh_token type: string example: card_authorization lastFourDigitsCardNumber: description: Last four digits fof the card number type: string example: "5212" citiCardHolderPhoneNumber: description: Phone Number of the citi primary card holder which is registered with Citi bank type: string example: "11112222" merchantCustomerReferenceId: description: Denotes the unique reference which merchant has for a particular customer. type: string example: CB072000128065 required: - lastFourDigitsCardNumber - citiCardHolderPhoneNumber - merchantCustomerReferenceId - grant_type RevokeTokenResponse: properties: status: description: The status of the token revocation request. type: string example: success RefreshTokenResponse: properties: access_token: description: This field should be passed as Authorization header in API request calls type: string example: AAEkYzFjMDQ0Y2UtNTBmMy00NmY4LWI4YjEtYmQ5ODJkMWZiNGZh3xGP85xjqyxoHR7pXxzQJf223kWPL-HyWHD4zrRCvHZUkeBkTgxppbmpFtmWeVmjzDOxs1wFzI4s45YDS15eYmyuxzLbVog4d8H9pYSelrvL6naDYOLL9U16EaY0iyAMPBGX1H7RhCqtmd-7u_Eanw7QshbruLaZh2stOrdq2thC5CCSwW2r0e8PM1QbWubJOcMp8UGv-zNc0I3cTSihymSCF44HJ_yeuPAcXJ7kj-iPzQqxaO6FiWPmIsIh2YSxdGYo8alTyjJfG5AQDnM0HA refresh_token: description: The refresh token value type: string example: AAGsyASCzlBplxGvA-5CFCkLhNinu6-0HQt-y7PuzsRLVAHok6yYs6KS2Np4t7bL0R8FMeT62wYXFxxY6F7LU_cc00QTXPfoQFFtay2tu3eGpBAGDg07ll_vNk_AEJo9l1GaEKYev7Q7drDOeRCDRqcD12zJzk36PsQEM6j1txFV2jR3snW5PLs3HVjxNRjUHWLR5IoI2qfb8zCZNahrFCRQ7T7ZVB_-E6Qk22tN3hZkZH7_kB3bZjtVoNxyjJ6qBDcrYdgtAvPvBV-xXDBmfUXD44JBYiZffHjEr2dFb_e3yA scope: description: The list of scopes separated by space type: string example: /dda/customer /dda/accountlist /dda/account /dda/accountsdetails /dda/account/transactions token_type: description: The token type type: string example: bearer expires_in: description: The access token expiry time (in seconds) type: number example: 1800 required: - access_token - token_type - expires_in - scope AccessTokenResponse: properties: access_token: description: The access token value received after exchanging the authorization token. This field should be passed as Authorization header in API request calls type: string example: AAEkYzFjMDQ0Y2UtNTBmMy00NmY4LWI4YjEtYmQ5ODJkMWZiNGZh3xGP85xjqyxoHR7pXxzQJf223kWPL-HyWHD4zrRCvHZUkeBkTgxppbmpFtmWeVmjzDOxs1wFzI4s45YDS15eYmyuxzLbVog4d8H9pYSelrvL6naDYOLL9U16EaY0iyAMPBGX1H7RhCqtmd-7u_Eanw7QshbruLaZh2stOrdq2thC5CCSwW2r0e8PM1QbWubJOcMp8UGv-zNc0I3cTSihymSCF44HJ_yeuPAcXJ7kj-iPzQqxaO6FiWPmIsIh2YSxdGYo8alTyjJfG5AQDnM0HA refresh_token: description: You can use this token to refresh an expired access_token. type: string example: AAGsyASCzlBplxGvA-5CFCkLhNinu6-0HQt-y7PuzsRLVAHok6yYs6KS2Np4t7bL0R8FMeT62wYXFxxY6F7LU_cc00QTXPfoQFFtay2tu3eGpBAGDg07ll_vNk_AEJo9l1GaEKYev7Q7drDOeRCDRqcD12zJzk36PsQEM6j1txFV2jR3snW5PLs3HVjxNRjUHWLR5IoI2qfb8zCZNahrFCRQ7T7ZVB_-E6Qk22tN3hZkZH7_kB3bZjtVoNxyjJ6qBDcrYdgtAvPvBV-xXDBmfUXD44JBYiZffHjEr2dFb_e3yA scope: description: Set of scopes allowed by customer and separated by space type: string example: /dda/customer /dda/accountlist /dda/account /dda/accountsdetails /dda/account/transactions token_type: description: Type of the access token issued. This is bearer token for authorization_code grant type type: string example: bearer expires_in: description: Validity of access token in seconds type: number example: 1800 required: - access_token - token_type - expires_in - scope - refresh_token ErrorResponse: properties: error_description: description: Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred type: string error: description: If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI. type: string enum: - invalid_request - unauthorized_client - access_denied - unsupported_response_type - invalid_scope - server_error - temporarily_unavailable - unsupported_token_type error_uri: description: A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error. type: string required: - error swagger: "2.0" info: description: Authorize is our implementation of the OAuth 2.0 framework. It enables secure authorization using standard methods that can easily be integrated in your app. If you're familiar with OAuth 2.0, everything should look familiar. If not, you may want to check out the OAuth 2.0 resources <a target="_blank" href="https://oauth.net/2/">here</a>. title: Authorize version: 1.0.0hk x-ibm-name: authorize_100hk name: "" consumes: - application/x-www-form-urlencoded paths: /clientCredentials/oauth2/token/hk/gcb: post: summary: 'Client Credentials grant: Retrieve access token' description: Get access token for your application credentials. You can use this for APIs which do not require customer credential verification and consent (e.g. Onboarding). responses: 200: schema: $ref: '#/definitions/AccessTokenResponse' description: The request has succeeded 400: schema: $ref: '#/definitions/ErrorResponse' description:
error
invalid_request
invalid_grant
unsupported_grant_type
unauthorized_client
401: schema: $ref: '#/definitions/ErrorResponse' description:
error
invalid_client
500: description: server_error parameters: - in: header name: Authorization description: 'HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==' type: string required: true - in: header name: Content-Type description: Value should always be application/x-www-form-urlencoded type: string required: true - in: formData name: grant_type description: The grant type. Valid value is client_credentials. type: string required: true - in: formData name: scope description: The set of scopes requested to make API calls. You can pass multiple values delimted by space type: string required: true tags: [] security: - client_id: [] client_secret: [] /authCode/oauth2/authorize: get: summary: 'Authorization code grant: Retrieve authorization code' description: |-

To retrieve an authorization code, call the authorize endpoint by passing the required query parameters.You should end up with a relative URL similar to the below (illustrative).

/authCode/oauth2/authorize?response_type=code&client_id=[Your client_id issued to you during app registration]&scope=[Space delimited scopes selected from the table below. Only request the scopes required for your app to work.]&countryCode=US&businessCode=GCB&locale=en_US&state=[The state value you create and will verify]&redirect_uri=[The redirect_uri you registered during app registration].

Your final URL should look similar to this, go ahead a try it in any browser if you are unsure if you formed it properly:

https://sandbox.apihub.citi.com/gcb/api/authCode/oauth2/authorize?response_type=code&client_id=97086fae-c252-4d81-b4d9-d73cde5ea800&scope=accounts_details_transactions customers_profiles&countryCode=US&businessCode=GCB&locale=en_US&state=12093&redirect_uri=https://www.test.com

Scope Description
pay_with_points Manage Pay with Points enrollment, look up rewards balances and complete redemptions
accounts_details_transactions Retrieve a summary of all accounts, account details and transactions
customers_profiles Retrieve profile data such as name, email address and home address
payees Retrieve payees/source accounts for all accounts
personal_domestic_transfers Retrieve payees/source accounts and complete transfers between your own Citi accounts in the same market
internal_domestic_transfers Retrieve payees/source accounts and complete transfers from your Citi accounts to other customer Citi accounts in the same market
external_domestic_transfers Retrieve payees/source accounts and complete transfers from your Citi accounts to other bank accounts in the same market
bill_payments Retrieve bill payees and complete bill payments
Drawees Retrieve/Manage drawees.
Card_Payments Retrieve valid source and destination accounts and complete immediate card payment.
Auto_Debit Retrieve valid source and destination accounts and setup recurring card payment
cards Retrieve card IDs and update configurations such as overseas usage and configurations
onboarding Create and manage customer applications and prospects
reference_data Retrieve valid values for certain fields. Simplifies multi market app development
reset_atm_pin Sets the ATM Pin of the Card in context
statements_and_advices Retrieve the statement and advices listings as well as individual statement or advice in PDF format
meta_data Returns field properties and validations applied for a specific market

For successful request, citi will return a login page which allows customers to enter their credentials.

Use any of the following credentials.

S.No Username Password
1 SandboxUser1 P@ssUser1$
2 SandboxUser2 P@ssUser2$
3 SandboxUser3 P@ssUser3$
4 SandboxUser4 P@ssUser4$
5 SandboxUser5 P@ssUser5$

Once credentials are verified, a consent page will be presented to the Citi customer to approve the scope requested by your app. After getting customer consent, the flow redirects to the provided redirect_uri and an authorization code will be sent back as a query component.

https://www.test.com/?code=AAJP_jIlIuuIqS-qj0ohfXLaOyhQK9y4bbyhEJWt39l5gWT-1XZmCHtESO2gcbLsPmLlERAAPj80IfLueI4WM8s_Ay1Gy8VtcwFUv8lQE4Svi9hOayu5kBP2OKLhvBwMwrZ_wz5SDHaKN96BdgScYmNEGww0IcV5gH4VBjeOPijN7CxdMRwc2H_w5RnpckbCtS4605BCp5FD0Qho4tYsfcmJ&state=12093

This authorization code is valid for a very short period of time and should be immediately exchanged for access token.

responses: 200: description: Client Authentication headers: orgid: description: "" type: string orgname: description: "" type: string appname: description: "" type: string 302: description: 'The authorization response contains the authorization code needed to obtain an access token. Here are the parameters included in the response.
success response
field namefield typemandatorydescription
redirect_urilocationyesThis is the absolute uri provided in the request
codequeryyesThe authorization code
statequeryyesThe same value as sent by the client in the state parameter, if any

If an error occurs during authorization, two situations can occur. The first is, that the client is not authenticated or recognized. For instance, a wrong redirect URI was sent in the request. In that case the authorization server must not redirect the resource owner to the redirect URI. Instead it should inform the resource owner of the error. The second situation is that client is authenticated correctly, but that something else failed. In that case the following error response is sent to the client, included in the redirect_uri
failure response
field namefield typemandatorydescription
redirect_urilocationyesThis is the absolute uri provided in the request
statequeryyesThe same value as sent by the client in the state parameter, if any
errorqueryyes
error_descriptionqueryno
error_uriqueryno

Here is the list of errors:
error
invalid_request
unauthorized_client
unsupported_response_type
invalid_scope
access_denied
' 500: description: server_error 503: description: temporarily_unavailable parameters: - in: query name: response_type description: Value MUST be set to "code" type: string required: true - in: query name: client_id description: Client ID generated during application registration. type: string required: true - in: query name: scope description: The set of scopes required to make the API calls. Scope is case insensitive and multiple values can be passed using space delimiter. type: string required: true - in: query name: countryCode description: Country code in 2 character ISO 3166 format (upper case) type: string required: true - in: query name: businessCode description: The 3 character business code. Use GCB for consumer banking (upper case) type: string required: true - in: query name: locale description: Locale identify a specific language and geographic region, it shoule follow [language[_territory]. eg - en_US, en_SG type: string required: true - in: query name: state description: Opaque value to maintain the state between request and call back. This will be used to prevent cross-site request forgery. type: string required: true - in: query name: redirect_uri description: Absolute uri for user-agent redirection.You should provide the uri used during client registration process. type: string required: true tags: [] /authCode/oauth2/token/hk/gcb: post: summary: 'Authorization code grant: Retrieve access token' description: Get an access token issued by calling our token endpoint and passing the authorization code from the previous call. The issued access token will have an expiry, and it will be valid only for the scope for which the consent has been provided by the customer. You can call the APIs by passing this token in Authorization header.
You also get a refresh token that can be used to get a new access token in case the original one expires. responses: 200: schema: $ref: '#/definitions/AccessTokenResponse' description: The request has succeeded 400: schema: $ref: '#/definitions/ErrorResponse' description:
error
invalid_request
invalid_grant
unsupported_grant_type
unauthorized_client
401: schema: $ref: '#/definitions/ErrorResponse' description:
error
invalid_client
500: description: server_error parameters: - in: header name: Authorization description: 'HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==' type: string required: true - in: header name: Content-Type description: Value should always be application/x-www-form-urlencoded type: string required: true - in: formData name: grant_type description: Authentication grant type. Valid value is authorization_code type: string required: true - in: formData name: code description: The code from the response of GET /authCode/oauth2/authorize type: string required: true - in: formData name: redirect_uri description: Absolute uri for user-agent redirection. You should provide the uri passed in GET /authCode/oauth2/authorize request type: string required: true tags: [] /authCode/oauth2/refresh: post: summary: 'Authorization code grant: Refresh access token' description: If your access token has expired and you still have a valid refresh token, you can exchange it for a new set of valid access and refresh tokens. responses: 200: schema: $ref: '#/definitions/RefreshTokenResponse' description: The request has succeeded 400: schema: $ref: '#/definitions/ErrorResponse' description:
error
invalid_request
invalid_grant
unsupported_grant_type
unauthorized_client
401: schema: $ref: '#/definitions/ErrorResponse' description:
error
invalid_client
500: description: server_error parameters: - in: header name: Authorization description: 'HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==' type: string required: true - in: header name: Content-Type description: Content type. Value is application/x-www-form-urlencoded type: string required: true - in: formData name: grant_type description: The grant type. Valid value is refresh_token. type: string required: true - in: formData name: refresh_token description: The refresh token issued to the client type: string required: true tags: [] /authCode/oauth2/revoke: post: summary: Revoke Access Token description: This API is used to revoke the access token and requires the resource owner to pass the valid client credentials, a valid token and the token type as inputs. After successful validation of the inputs by the authorization server, the token is tagged as revoked. Along with the access token, the corresponding refresh token is also revoked and vice-versa. After successful revocation, the tokens are marked invalid. responses: 200: schema: $ref: '#/definitions/RevokeTokenResponse' description: The request has succeeded 400: schema: $ref: '#/definitions/ErrorResponse' description: '
error
invalid_request
invalid_grant
unauthorized_client
unsupported_grant_type
' 401: schema: $ref: '#/definitions/ErrorResponse' description: '
error
invalid_client
' 500: description: server_error parameters: - in: header name: Authorization description: 'HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==' type: string required: true - in: header name: Content-Type description: Content type. Value is application/x-www-form-urlencoded type: string required: true - in: formData name: token description: The token to be revoked type: string required: true - in: formData name: token_type_hint description: A hint about the type of the token submitted for revocation. Clients MAY pass this parameter in order to help the authorization server to optimize the token lookup. Valid values are access_token, refresh_token type: string required: true tags: [] /cardAuth/oauth2/authorize/{countrycode}/{businesscode}: post: summary: Enroll and Generate Card Access Token description: This API is used to enroll the customer to avail services like Rewards Redemption and EPP from the partner's site through a common registration. An OTP is sent to the customer's registered mobile number. The customer completes his registration by validating the OTP and receives a notification from the bank after the successful registration. operationId: CardAuthorizationRequest tags: - Authorize parameters: - name: Authorization in: header description: 'HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==' type: string required: true - name: uuid in: header description: 128 bit random UUID generated uniquely for every request. type: string required: true - name: Accept in: header description: Content-Type that are acceptable for the response. type: string required: true - name: client_id in: header description: Client ID generated during application registration. required: true type: string - name: Content-Type in: header description: application/json required: true type: string - name: clientDetails in: header description: This field is used to capture device,browser and network information. Refer the developer portal for more information.These are the fields which will be passed as part of the header devicePrint,deviceTokenCookie,userIpAddress,userAgent,hardwareId,simId,deviceModel,deviceName,deviceOsName,deviceOsVersion,multitaskingSupportFlag,languageSupport,wifiMacAddress,cellTowerId,locationAreaCode,rsaApplicationKey,wapClientId,mobileCarrierCode,mobileCountryCode,osId,geoLongitude,geoLatitude,geoHorizontalAccuracy,geoAltitude,geoAltitudeAccuracy,geoSpeed,geoTimestamp,geoStatus,basicServiceSetId,signalStrength,wifiChannel,serviceSetId type: string required: false - name: CardAuthorizationRequest in: body description: CardAuthorizationRequest required: true schema: $ref: '#/definitions/CardAuthorizationRequest' - name: countrycode type: string required: true in: path description: Countrycode - name: businesscode type: string required: true in: path description: Businesscode - name: channelId type: string required: false in: header description: ChannelId - name: ConsumerOrg type: string required: false in: header description: ConsumerOrg responses: 200: description: Successful operation. 400: description:
TypeCodeDetails
invalidinvalid_requestMissing or invalid Parameters
schema: $ref: '#/definitions/ErrorResponse' 401: description:
TypeCodeDetails
errorunAuthorizedAuthorization credentials are missing or invalid
schema: $ref: '#/definitions/ErrorResponse' 403: description:
TypeCodeDetails
erroraccessNotConfiguredThe request operation is not configured to access this resource
errormfaRequiredMFA is required
schema: $ref: '#/definitions/ErrorResponse' 422: description:
TypeCodeDetails
errorregistrationFailedRegistration failed
invalidinvalid_grantThe provided access grant is invalid, expired, or revoked
schema: $ref: '#/definitions/ErrorResponse' 500: description:
TypeCodeDetails
fatalserverUnavailableThe request failed due to an internal error
schema: $ref: '#/definitions/ErrorResponse' /cardAuth/oauth2/token/{countrycode}/{businesscode}: post: summary: Activate Card Access Token description: This API activates customer's access token. Separate token activation is required for each credit card held by the customer. operationId: CardAuthorizationAccessToken tags: - Authorize parameters: - name: Authorization in: header description: 'HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==' type: string required: true - name: uuid in: header description: 128 bit random UUID generated uniquely for every request. type: string required: true - name: Accept in: header description: Content-Type that are acceptable for the response. type: string required: true - name: client_id in: header description: Client ID generated during application registration. required: true type: string - name: Content-Type in: header description: application/json required: true type: string - name: clientDetails in: header description: This field is used to capture device,browser and network information. Refer the developer portal for more information.These are the fields which will be passed as part of the header devicePrint,deviceTokenCookie,userIpAddress,userAgent,hardwareId,simId,deviceModel,deviceName,deviceOsName,deviceOsVersion,multitaskingSupportFlag,languageSupport,wifiMacAddress,cellTowerId,locationAreaCode,rsaApplicationKey,wapClientId,mobileCarrierCode,mobileCountryCode,osId,geoLongitude,geoLatitude,geoHorizontalAccuracy,geoAltitude,geoAltitudeAccuracy,geoSpeed,geoTimestamp,geoStatus,basicServiceSetId,signalStrength,wifiChannel,serviceSetId type: string required: false - name: CardAuthorizationAccessTokenRequest in: body description: CardAuthorizationAccessTokenRequest required: true schema: $ref: '#/definitions/CardAuthorizationAccessTokenRequest' - name: countrycode type: string required: true in: path description: Countrycode - name: businesscode type: string required: true in: path description: Businesscode - name: channelId type: string required: false in: header description: channelId - name: ConsumerOrg type: string required: false in: header description: ConsumerOrg responses: 200: description: Successful operation. schema: $ref: '#/definitions/CardAuthorizationAccessTokenResponse' 400: description:
TypeCodeDetails
invalidinvalidRequestMissing or invalid Parameters
schema: $ref: '#/definitions/ErrorResponse' 401: description:
TypeCodeDetails
errorunAuthorizedAuthorization credentials are missing or invalid
schema: $ref: '#/definitions/ErrorResponse' 403: description:
TypeCodeDetails
erroraccessNotConfiguredThe request operation is not configured to access this resource
schema: $ref: '#/definitions/ErrorResponse' 422: description:
TypeCodeDetails
erroractivationFailedLink code activation is failed
errorexceedsMaximumAttemptsMaximum attempts exceeded for activation. Link credit card to a merchant again.
errorlinkageConfirmationCodeExpiredThe linkage confirmation Code is expired . Link credit card to a merchant again.
schema: $ref: '#/definitions/ErrorResponse' 500: description:
TypeCodeDetails
fatalserverUnavailableThe request failed due to an internal error
schema: $ref: '#/definitions/ErrorResponse' /cardAuth/oauth2/refresh: post: summary: Refresh Card Access Token description: This API generates a fresh access token. If your access token has expired and you still have a valid refresh token, you can exchange it for a new set of valid access and refresh tokens. operationId: CardAuthorizationRefreshToken tags: - Authorize parameters: - name: Authorization in: header description: 'HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==' type: string required: true - name: uuid in: header description: 128 bit random UUID generated uniquely for every request. type: string required: true - name: Accept in: header description: Content-Type that are acceptable for the response. type: string required: true - name: client_id in: header description: Client ID generated during application registration. required: true type: string - name: Content-Type in: header description: application/json required: true type: string - name: clientDetails in: header description: This field is used to capture device,browser and network information. Refer the developer portal for more information.These are the fields which will be passed as part of the header devicePrint,deviceTokenCookie,userIpAddress,userAgent,hardwareId,simId,deviceModel,deviceName,deviceOsName,deviceOsVersion,multitaskingSupportFlag,languageSupport,wifiMacAddress,cellTowerId,locationAreaCode,rsaApplicationKey,wapClientId,mobileCarrierCode,mobileCountryCode,osId,geoLongitude,geoLatitude,geoHorizontalAccuracy,geoAltitude,geoAltitudeAccuracy,geoSpeed,geoTimestamp,geoStatus,basicServiceSetId,signalStrength,wifiChannel,serviceSetId type: string required: false - name: CardAuthorizationRefreshTokenRequest in: body description: CardAuthorizationRefreshTokenRequest required: true schema: $ref: '#/definitions/CardAuthorizationRefreshTokenRequest' responses: 200: description: Successful operation. schema: $ref: '#/definitions/CardAuthorizationRefreshTokenResponse' 400: description:
TypeCodeDetails
invalidinvalidRequestMissing or invalid Parameters
schema: $ref: '#/definitions/ErrorResponse' 401: description:
TypeCodeDetails
errorunAuthorizedAuthorization credentials are missing or invalid
schema: $ref: '#/definitions/ErrorResponse' 403: description:
TypeCodeDetails
erroraccessNotConfiguredThe request operation is not configured to access this resource
schema: $ref: '#/definitions/ErrorResponse' 422: description:
TypeCodeDetails
invalidinvalid_grantThe provided access grant is invalid, expired, or revoked
errorunsupported_grant_typegrant type not supported
errorunauthorized_clientThe client is not authorized to request an authorization code using this method
errorinvalidCustomerCustomer not found or invalid
schema: $ref: '#/definitions/ErrorResponse' 500: description:
TypeCodeDetails
fatalserverUnavailableThe request failed due to an internal error
schema: $ref: '#/definitions/ErrorResponse' /cardAuth/oauth2/revoke: post: summary: Revoke Card Access Token description: The revoke call will terminate the access granted by Citi customer to your application. operationId: CardAuthorizationRevokeToken tags: - Authorize parameters: - name: Authorization in: header description: 'HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==' type: string required: true - name: uuid in: header description: 128 bit random UUID generated uniquely for every request. type: string required: true - name: Accept in: header description: Content-Type that are acceptable for the response. type: string required: true - name: client_id in: header description: Client ID generated during application registration. required: true type: string - name: Content-Type in: header description: application/json required: true type: string - name: clientDetails in: header description: This field is used to capture device,browser and network information. Refer the developer portal for more information.These are the fields which will be passed as part of the header devicePrint,deviceTokenCookie,userIpAddress,userAgent,hardwareId,simId,deviceModel,deviceName,deviceOsName,deviceOsVersion,multitaskingSupportFlag,languageSupport,wifiMacAddress,cellTowerId,locationAreaCode,rsaApplicationKey,wapClientId,mobileCarrierCode,mobileCountryCode,osId,geoLongitude,geoLatitude,geoHorizontalAccuracy,geoAltitude,geoAltitudeAccuracy,geoSpeed,geoTimestamp,geoStatus,basicServiceSetId,signalStrength,wifiChannel,serviceSetId type: string required: false - name: CardAuthorizationRevokeTokenRequest in: body description: CardAuthorizationRevokeTokenRequest required: true schema: $ref: '#/definitions/CardAuthorizationRevokeTokenRequest' responses: 200: description: Successful operation. 400: description:
TypeCodeDetails
invalidinvalidRequestMissing or invalid Parameters
schema: $ref: '#/definitions/ErrorResponse' 401: description:
TypeCodeDetails
errorunAuthorizedAuthorization credentials are missing or invalid
schema: $ref: '#/definitions/ErrorResponse' 403: description:
TypeCodeDetails
erroraccessNotConfiguredThe request operation is not configured to access this resource
schema: $ref: '#/definitions/ErrorResponse' 422: description:
TypeCodeDetails
invalidinvalid_grantThe provided access grant is invalid, expired, or revoked
errorunsupported_grant_typegrant type not supported
errorunauthorized_clientThe client is not authorized to request an authorization code using this method
errorinvalidCustomerCustomer not found or invalid
schema: $ref: '#/definitions/ErrorResponse' 500: description:
TypeCodeDetails
fatalserverUnavailableThe request failed due to an internal error
schema: $ref: '#/definitions/ErrorResponse' /v1/issuedDeviceAdministration/accessToken/retrieve/{countryCode}/{businessCode}: post: summary: This API is used to get a long-lived access token for customer. description: This API is used to get a long-lived access token for customer. operationId: RetrieveIssuedDeviceAllocationAccessToken tags: - CrossProductUtilities parameters: - name: Authorization in: header description: 'HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==' type: string required: true - name: uuid in: header description: 128 bit random UUID generated uniquely for every request. type: string required: true - name: Accept in: header description: Content-Type that are acceptable for the response. type: string required: true - name: client_id in: header description: Client ID generated during application registration. required: true type: string - name: Content-Type in: header description: The MIME type of the body of the request (used with POST and PUT requests). application/x-www-form-urlencoded. required: true type: string - name: clientDetails in: header description: This field is used to capture device,browser and network information. Refer the developer portal for more information.These are the fields which will be passed as part of the header devicePrint,deviceTokenCookie,userIpAddress,userAgent,hardwareId,simId,deviceModel,deviceName,deviceOsName,deviceOsVersion,multitaskingSupportFlag,languageSupport,wifiMacAddress,cellTowerId,locationAreaCode,rsaApplicationKey,wapClientId,mobileCarrierCode,mobileCountryCode,osId,geoLongitude,geoLatitude,geoHorizontalAccuracy,geoAltitude,geoAltitudeAccuracy,geoSpeed,geoTimestamp,geoStatus,basicServiceSetId,signalStrength,wifiChannel,serviceSetId type: string required: false - name: countryCode in: path description: 'Country code in ISO 3166 alpha-2 format. Examples: SG (Singapore), PH (Philippines), TH (Thailand).' required: true type: string - name: businessCode in: path description: 'Citi business codes. Examples: GCB, VMA, QCC.' required: true type: string - name: RetrieveIssuedDeviceAllocationAccessTokenRequest in: body description: RetrieveIssuedDeviceAllocationAccessTokenRequest required: true schema: $ref: '#/definitions/RetrieveIssuedDeviceAllocationAccessTokenRequest' responses: 200: description: Successful operation. schema: $ref: '#/definitions/RetrieveIssuedDeviceAllocationAccessTokenResponse' 400: description:
TypeCodeDetails
invalidinvalidRequestMissing or invalid Parameters
invalidinvalidGrantGrant type is not valid
schema: $ref: '#/definitions/ErrorResponse' 401: description:
TypeCodeDetails
errorunAuthorizedAuthorization credentials are missing or invalid
schema: $ref: '#/definitions/ErrorResponse' 403: description:
TypeCodeDetails
erroraccessNotConfiguredAccess is not configured for this resource
schema: $ref: '#/definitions/ErrorResponse' 404: description:
TypeCodeDetails
errorresourceNotFoundEmpty resource/resource not found
schema: $ref: '#/definitions/ErrorResponse' 422: description:
TypeCodeDetails
errorbusinessValidationsFailedBusiness validations failed
errorcustomerNotAllowedCustomer is not allowed based on accessibility check
errorvalidationFailedCustomer data is not valid
schema: $ref: '#/definitions/ErrorResponse' 500: description:
TypeCodeDetails
fatalserverUnavailableThe request failed due to an internal error/server unavailability
schema: $ref: '#/definitions/ErrorResponse' /v1/issuedDeviceAdministration/accessToken/refresh: post: summary: This API is used to refresh the long-lived access token for customer. description: This API is used to refresh the long-lived access token for customer. operationId: UpdateIssuedDeviceAllocationAccessTokenRefresh tags: - CrossProductUtilities parameters: - name: Authorization in: header description: 'HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==' type: string required: true - name: uuid in: header description: 128 bit random UUID generated uniquely for every request. type: string required: true - name: Accept in: header description: Content-Type that are acceptable for the response. type: string required: true - name: client_id in: header description: Client ID generated during application registration. required: true type: string - name: Content-Type in: header description: The MIME type of the body of the request (used with POST and PUT requests). application/x-www-form-urlencoded. required: true type: string - name: clientDetails in: header description: This field is used to capture device,browser and network information. Refer the developer portal for more information.These are the fields which will be passed as part of the header devicePrint,deviceTokenCookie,userIpAddress,userAgent,hardwareId,simId,deviceModel,deviceName,deviceOsName,deviceOsVersion,multitaskingSupportFlag,languageSupport,wifiMacAddress,cellTowerId,locationAreaCode,rsaApplicationKey,wapClientId,mobileCarrierCode,mobileCountryCode,osId,geoLongitude,geoLatitude,geoHorizontalAccuracy,geoAltitude,geoAltitudeAccuracy,geoSpeed,geoTimestamp,geoStatus,basicServiceSetId,signalStrength,wifiChannel,serviceSetId type: string required: false - name: grantType in: formData description: This refers to the grant type. type: string required: true - name: refreshToken in: formData description: The refresh token issued to the client type: string required: true responses: 200: description: Successful operation. schema: $ref: '#/definitions/UpdateIssuedDeviceAllocationAccessTokenRefreshResponse' 400: description:
TypeCodeDetails
invalidinvalidRequestMissing or invalid Parameters
invalidinvalidGrantGrant type is not valid
schema: $ref: '#/definitions/ErrorResponse' 401: description:
TypeCodeDetails
errorunAuthorizedAuthorization credentials are missing or invalid
schema: $ref: '#/definitions/ErrorResponse' 403: description:
TypeCodeDetails
erroraccessNotConfiguredAccess is not configured for this resource
schema: $ref: '#/definitions/ErrorResponse' 404: description:
TypeCodeDetails
errorresourceNotFoundEmpty resource/resource not found
schema: $ref: '#/definitions/ErrorResponse' 422: description:
TypeCodeDetails
errorbusinessValidationsFailedBusiness validations failed
schema: $ref: '#/definitions/ErrorResponse' 500: description:
TypeCodeDetails
fatalserverUnavailableThe request failed due to an internal error/server unavailability
schema: $ref: '#/definitions/ErrorResponse' /v1/issuedDeviceAdministration/accessToken/revoke: post: summary: The token revoke call requires the resource owner to pass the valid client credentails, a valid token and the token type as inputs. The inputs are validated by the authorization server and after successful validation the token is tagged as revoked. If you pass access token in the request, the corresponding refresh token will also be revoked and vice-versa. The tokens are marked invalid after revocation is successful description: This API is used to revoke the long-lived access token of customer. operationId: TerminateIssuedDeviceAllocationAccessToken tags: - CrossProductUtilities parameters: - name: Authorization in: header description: 'HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==' type: string required: true - name: uuid in: header description: 128 bit random UUID generated uniquely for every request. type: string required: true - name: Accept in: header description: Content-Type that are acceptable for the response. type: string required: true - name: client_id in: header description: Client ID generated during application registration. required: true type: string - name: Content-Type in: header description: The MIME type of the body of the request (used with POST and PUT requests). application/x-www-form-urlencoded. required: true type: string - name: clientDetails in: header description: This field is used to capture device,browser and network information. Refer the developer portal for more information.These are the fields which will be passed as part of the header devicePrint,deviceTokenCookie,userIpAddress,userAgent,hardwareId,simId,deviceModel,deviceName,deviceOsName,deviceOsVersion,multitaskingSupportFlag,languageSupport,wifiMacAddress,cellTowerId,locationAreaCode,rsaApplicationKey,wapClientId,mobileCarrierCode,mobileCountryCode,osId,geoLongitude,geoLatitude,geoHorizontalAccuracy,geoAltitude,geoAltitudeAccuracy,geoSpeed,geoTimestamp,geoStatus,basicServiceSetId,signalStrength,wifiChannel,serviceSetId type: string required: false - name: token in: formData description: The token to be revoked type: string required: true - name: token_type_hint in: formData description: A hint about the type of the token submitted for revocation. Clients MAY pass this parameter in order to help the authorization server to optimize the token lookup. Valid values are access_token, refresh_token type: string required: true responses: 200: description: Successful operation. 400: description:
TypeCodeDetails
invalidinvalidRequestMissing or invalid Parameters
schema: $ref: '#/definitions/ErrorResponse' 401: description:
TypeCodeDetails
errorunAuthorizedAuthorization credentials are missing or invalid
schema: $ref: '#/definitions/ErrorResponse' 403: description:
TypeCodeDetails
erroraccessNotConfiguredAccess is not configured for this resource
schema: $ref: '#/definitions/ErrorResponse' 404: description:
TypeCodeDetails
errorresourceNotFoundEmpty resource/resource not found
schema: $ref: '#/definitions/ErrorResponse' 422: description:
TypeCodeDetails
errorbusinessValidationsFailedBusiness validations failed
schema: $ref: '#/definitions/ErrorResponse' 500: description:
TypeCodeDetails
fatalserverUnavailableThe request failed due to an internal error/server unavailability
schema: $ref: '#/definitions/ErrorResponse' /partner/v1/mfa/statuses: put: summary: MfaStausUpdate:API to update interdiction result as SUCCESS in session region description: API to update interdiction result as SUCCESS in session region tags: - MfaStausUpdate parameters: - name: Authorization in: header description: 'The most recent Authorization token. This will have the format Bearer + {space} + {accessToken}. Example: Bearer KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==' type: string required: true - name: uuid in: header description: 128 bit random UUID generated uniquely for every request. type: string required: true - name: Accept in: header description: Content-Type that are acceptable for the response. type: string required: true - name: client_id in: header description: Client ID generated during application registration. required: true type: string - name: Content-Type in: header description: application/json required: true type: string - name: clientDetails in: header description: This field is used to capture device,browser and network information. Refer the developer portal for more information.These are the fields which will be passed as part of the header devicePrint,deviceTokenCookie,userIpAddress,userAgent,hardwareId,simId,deviceModel,deviceName,deviceOsName,deviceOsVersion,multitaskingSupportFlag,languageSupport,wifiMacAddress,cellTowerId,locationAreaCode,rsaApplicationKey,wapClientId,mobileCarrierCode,mobileCountryCode,osId,geoLongitude,geoLatitude,geoHorizontalAccuracy,geoAltitude,geoAltitudeAccuracy,geoSpeed,geoTimestamp,geoStatus,basicServiceSetId,signalStrength,wifiChannel,serviceSetId type: string required: false - name: MfaStatusUpdateRequest in: body description: Login request with the required details to validate the user login. required: true schema: $ref: '#/definitions/MfaStatusUpdateRequest' responses: 200: description: Successful operation. 400: description:
TypeCodeDetails
invalidinvalidRequestMissing or invalid Parameters
schema: $ref: '#/definitions/ErrorResponse' 401: description:
errorunAuthorizedAuthorization credentials are missing or invalid
schema: $ref: '#/definitions/ErrorResponse' 403: description:
erroraccessNotConfiguredThe request operation is not configured to access this resource
schema: $ref: '#/definitions/ErrorResponse' 500: description:
fatalserverUnavailableThe request failed due to an internal error
schema: $ref: '#/definitions/ErrorResponse' /partner/v1/prelogin/security/e2eKey: get: summary: Retrieves a E2E public key modulus and exponent. description: This API is used by browser based applications for retrieving the public key used for encryption. It returns the modulus and exponent for setting up a business public key. This is a pre login API tags: - E2E Key exchange parameters: - name: Authorization in: header description: Access token to authenticate your request. type: string required: true - name: uuid in: header description: 128 bit random UUID generated uniquely for every request. type: string required: true - name: Accept in: header description: Content-Type that are acceptable for the response. type: string required: true - name: client_id in: header description: Client ID generated during application registration. required: true type: string - name: clientDetails in: header description: This field is used to capture device,browser and network information. Refer the developer portal for more information.These are the fields which will be passed as part of the header devicePrint,deviceTokenCookie,userIpAddress,userAgent,hardwareId,simId,deviceModel,deviceName,deviceOsName,deviceOsVersion,multitaskingSupportFlag,languageSupport,wifiMacAddress,cellTowerId,locationAreaCode,rsaApplicationKey,wapClientId,mobileCarrierCode,mobileCountryCode,osId,geoLongitude,geoLatitude,geoHorizontalAccuracy,geoAltitude,geoAltitudeAccuracy,geoSpeed,geoTimestamp,geoStatus,basicServiceSetId,signalStrength,wifiChannel,serviceSetId type: string required: false responses: 200: description: Successful operation. schema: $ref: '#/definitions/GetEncryptionKeyResponse' 400: description:
TypeCodeDetails
invalidinvalidRequestMissing or invalid Parameters
errorcannotRetrieveKeyInfocannot retrieve public key.
errore2eDisabledE2E is disabled.
schema: $ref: '#/definitions/ErrorResponse' 401: description:
errorunAuthorizedAuthorization credentials are missing or invalid
schema: $ref: '#/definitions/ErrorResponse' 403: description:
erroraccessNotConfiguredThe request operation is not configured to access this resource
schema: $ref: '#/definitions/ErrorResponse' 404: description:
errorresourceNotFoundEmpty resource/resource not found
schema: $ref: '#/definitions/ErrorResponse' 500: description:
fatalserverUnavailableThe request failed due to an internal error/server unavailability
schema: $ref: '#/definitions/ErrorResponse' post: summary: 'Client Credentials grant: Retrieve access token' description: Get access token for your application credentials. You can use this for APIs which do not require customer credential verification and consent (e.g. Onboarding). responses: 200: schema: $ref: '#/definitions/AccessTokenResponse' description: The request has succeeded 400: schema: $ref: '#/definitions/ErrorResponse' description:
error
invalid_request
invalid_grant
unsupported_grant_type
unauthorized_client
401: schema: $ref: '#/definitions/ErrorResponse' description:
error
invalid_client
500: description: server_error parameters: - in: header name: Authorization description: 'HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==' type: string required: true - in: header name: Content-Type description: Value should always be application/x-www-form-urlencoded type: string required: true - in: formData name: grant_type description: The grant type. Valid value is client_credentials. type: string required: true - in: formData name: scope description: The set of scopes requested to make API calls. You can pass multiple values delimted by space type: string required: true tags: [] security: - client_id: [] client_secret: [] x-ibm-configuration: enforced: true phase: realized testable: true securityDefinitions: client_id(Query): type: apiKey description: "" in: query name: client_id client_id: type: apiKey name: X-IBM-Client-Id in: header description: "" client_secret: type: apiKey name: X-IBM-Client-Secret in: header description: pv52735 security: - client_id: [] client_secret: [] - client_id: [] - client_id(Query): [] x-ibm-endpoints: - endpointUrl: https://sandbox.apihub.citi.com/gcb description: Custom Gateway API Endpoint type: - production - development ...