Citi Open Banking is a set of APIs that allows you to connect to core Citi financial functionality. You can use these APIs to enable a wide variety of products and features.
A basic token is used for authentication with all types of authorization requests and a bearer token is used for post authentication requests. For example:
- Basic base64 (client_id:client_secret) (used for creating and interacting with Authorize APIs)
- Bearer access_token (used for all other resource APIs)
A Client Credential Grant is when your application merely needs to receive Citi data but not a customer’s—for example, you’re using the onboarding API to retrieve or submit credit card offers. In short, it lets us know that you’re a validated API consumer.
An Authorization Code Grant is when you need a customer’s permission to retrieve their data—such as their account information or transaction information.
You need to implement multi-factor authentication when you perform a high-risk transaction, such as making a money transfer.
For a detailed list of differences and which API domains require which type of token, take a look at our Authorize Documentation.
Token expiration depends on the type of token you’re using:
- Authcode (what you use to exchange for an access token)—120 seconds
- Access_token (what you need to call other APIs)—30 minutes
- Refresh_token (how you can programmatically refresh your access token)—30 days
Here are some common fixes:
- Check that your client-id and secret are correctly matched against the application you created
- Verify your base-64 encoding has been correctly formatted per the authorization documentation
- Ensure that Basic is pre-fixed to the encoded client_id and client_secret while making your token call
- Make sure that your access token is not invalidated or expired
If none of these help, please let us know.
As of Nov. 4, 2017, we only support TLS 1.2.
You can switch between your teams at any time from the navigation bar. Once you switch teams you can view the API keys that your team mates have shared with you.