Why partner with Citi?
Citi has over 200 million customers in 160 countries, spanning 4 continents.
Your data needs are satisfied with 16 markets, 10 API categories, and 85 actionable APIs and growing.
The time from great idea to working product is reduced from years to months.
OAuth 2.0 authorization and TLS 1.2 encryption protect your customers' credentials and financial information.
After integrating the Pay with Points API, HKTV Mall saw a significant increase in customer speed and loyalty.
eMoney improved security and reliability for over 55,000 Citi customers simply by changing the way they aggregate.
Now Intuit can provide reliable data access to millions of customers through their suite of financial apps and our APIs.
Going Live - Moving to Production
From first ideas to live global data. Here's how you join the Citi Open Banking program.
Sign up and browse the API catalog to assemble a suite of APIs tailored for your solution.
Register an app to start making calls with sandbox data, and test how it works within your app or website.
Submit your idea through contact sales. We'll check out your app to determine if we'll be a fit, test it together, and if everything's good ...
You're ready to launch! We'll move you to production, and your customers will have access to their live data through your product.
Frequently Asked Questions Expand all sections Collapse all sections
In order to begin working with Citi’s production APIs, your company will need to fulfill certain requirements, agree to Citi’s terms and conditions and go through our onboarding process.
Here’s what the process looks like at a high level:
- You’ll register on Developer Hub and contact our Engagement Team.
- Our Engagement Team will contact you, and if it seems like our businesses will be a good fit, we’ll ask for more information.
- You’ll submit a use case, technical gap analysis, and a prototype made in our sandbox environment.
- We’ll agree on Citi’s Terms of API Access.
- You’ll begin our onboarding process and need to pass a security assessment.
If all looks good, we’ll…
- Sign an agreement
- Test and validate the APIs together
- Integrate the production APIs
- Go live
The time it takes to move to production varies. Factors that influence the length of time include: the type of use case, resources available, and the complexity of the service being delivered to customers.
At a high level, our security assessment will evaluate the following:
Infrastructure – The physical structures, IT, and other hardware your company uses.
Software – Your company’s application programs and IT system software.
People – The personnel involved in the governance, operation, and use of a system.
Procedure – The organizational protocols and automated or manual procedures.
Data – Transaction streams, files, databases, tables, and output used or processed by a system.
The security assessment will be conducted by Citi’s Information Security Group. In some situations, a SOC 2 audit report conducted by an independent, certified auditor in the last 12 months can be used to supplement the information we require in the security assement. Please note that the security assessment will have to be updated on an annual basis or if there are any material changes.
- Timing: The assessment process takes appoximately 2 to 3 weeks, depending on the completeness of the material you provide, any gaps we might identify and the availability of resources.
- In the agreement you enter into with Citi, Citi will reserve the right to conduct an audit on demand in certain situations such as:
1. Data breach or fraudulent access
2. Misuse or mishandling of data
3. Failures in security infrastructure and controls
4. Regulatory expectations
5. Any events that could potentially impact Citi Customers (e.g., If a Citi
Customer’s sensitive non-Citi account information has been breached)
Yes. Citi is compliant with PSD2 in the markets where it is applicable.
The Citi customer data fields available through our APIs are those shown in our Developer Hub API Catalog. As described in the Catalog, the customer data fields vary based on the market location of each API. In some situations, we might make additional customer data fields available when a use-case has a compelling customer value proposition.
Before you can use a Citi customer’s data, you must first obtain explicit consent from the customer, and the way in which you use that data must comply with the terms of the agreement you enter into with Citi.
The cost of accessing production APIs depends on the specific use case, which APIs you access, traffic volume, and your business case to Citi customers. Note that the sandbox can be accessed by anyone registered on Developer Hub without any fees.