Authorize

Summary

Authorize is our implementation of the OAuth 2.0 framework. It enables secure authorization using standard methods that can easily be integrated in your app. If you're familiar with OAuth 2.0, everything should look familiar. If not, you may want to check out the OAuth 2.0 resources here.

Want to try this API out on our Playground?

Go play now

Endpoints on this page

post /clientCredentials/oauth2/token/sg/gcb	Client Credentials Grant: Retrieve Access Token
get /authCode/oauth2/authorize	Authorization Code Grant: Retrieve Authorization Code
post /authCode/oauth2/token/sg/gcb	Authorization Code Grant: Retrieve Access Token
post /authCode/oauth2/refresh	Authorization Code Grant: Refresh Access Token
post /authCode/oauth2/revoke	Authorization Code Grant: Revoke Access Token
get /oauth2/mfa	Multi-Factor Authentication
post /cardAuth/oauth2/authorize/{countrycode}/{businesscode}	Enroll and Generate Card Access Token
post /cardAuth/oauth2/token/{countrycode}/{businesscode}	Activate Card Access Token
post /cardAuth/oauth2/refresh	Refresh Card Access Token
post /cardAuth/oauth2/revoke	Revoke Card Access Token
post /v1/mfa/otp	Generate and Send OTP
put /v1/mfa/otp	Validate OTP

Client Credentials Grant: Retrieve Access Token

post /clientCredentials/oauth2/token/sg/gcb

Description

This API is used to retrieve the access token for your application credentials. You can use this for APIs which do not require customer credential verification and consent (e.g. Onboarding).

Swagger

Header Parameters

Authorization

string required

HTTP Basic authentication by passing base64 encoded value of the client id and client secret separated by colon (:).Example: Base64(client_id:client_secret) will be passed as Basic KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==

Content-Type

string required

Value should always be application/x-www-form-urlencoded

FormData Parameters

grant_type

string required

The grant type. Valid value is client_credentials.

scope

string required

The set of scopes requested to make API calls. You can pass multiple values delimted by space

cURL
Ruby
Python
PHP
Java
Node
Go
Swift

Example Request

Responses

The request has succeeded

Definitions

access_token
- The access token value received after exchanging the authorization token. This field should be passed as Authorization header in API request calls
- type : string
refresh_token
- You can use this token to refresh an expired access_token.
- type : string
scope
- Set of scopes allowed by customer and separated by space
- type : string
token_type
- Type of the access token issued. This is bearer token for authorization_code grant type
- type : string
expires_in
- Validity of access token in seconds
- type : number

Example Response for post /clientCredentials/oauth2/token/sg/gcb

error

invalid_request

invalid_grant

unsupported_grant_type

unauthorized_client

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /clientCredentials/oauth2/token/sg/gcb

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

error

invalid_client

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /clientCredentials/oauth2/token/sg/gcb

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

server_error

This operation returns no content.

Authorization Code Grant: Retrieve Authorization Code

get /authCode/oauth2/authorize

Description

This API is used to validate the customer credentials in Citi login Page and redirect back the authorisation code post successful validation.

Swagger

Query Parameters

response_type

string required

Value MUST be set to "code"

client_id

string required

Client ID generated during application registration.

scope

string required

The set of scopes required to make the API calls. Scope is case insensitive and multiple values can be passed using space delimiter.

countryCode

string required

Country code in 2 character ISO 3166 format

businessCode

string required

The 3 character business code. Use GCB for consumer banking

locale

string required

Locale identify a specific language and geographic region, it shoule follow [language[_territory]. eg - en_US, en_SG

state

string required

Opaque value to maintain the state between request and call back. This will be used to prevent cross-site request forgery.

redirect_uri

string required

Absolute uri for user-agent redirection.You should provide the uri used during client registration process.

cURL
Ruby
Python
PHP
Java
Node
Go
Swift

Example Request

Responses

Client Authentication

This operation returns no content.

The authorization response contains the authorization code needed to obtain an access token. Here are the parameters included in the response.

success response
field name	field type	mandatory	description
redirect_uri	location	yes	This is the absolute uri provided in the request
code	query	yes	The authorization code
state	query	yes	The same value as sent by the client in the state parameter, if any

If an error occurs during authorization, two situations can occur. The first is, that the client is not authenticated or recognized. For instance, a wrong redirect URI was sent in the request. In that case the authorization server must not redirect the resource owner to the redirect URI. Instead it should inform the resource owner of the error. The second situation is that client is authenticated correctly, but that something else failed. In that case the following error response is sent to the client, included in the redirect_uri

failure response
field name	field type	mandatory	description
redirect_uri	location	yes	This is the absolute uri provided in the request
state	query	yes	The same value as sent by the client in the state parameter, if any
error	query	yes
error_description	query	no
error_uri	query	no

Here is the list of errors:

error

invalid_request

unauthorized_client

unsupported_response_type

invalid_scope

access_denied

This operation returns no content.

server_error

This operation returns no content.

temporarily_unavailable

This operation returns no content.

Authorization Code Grant: Retrieve Access Token

post /authCode/oauth2/token/sg/gcb

Description

This API is used to validate the authorisation code and return back the access token.

Swagger

Header Parameters

Authorization

string required

Content-Type

string required

Value should always be application/x-www-form-urlencoded

FormData Parameters

grant_type

string required

Authentication grant type. Valid value is authorization_code

code

string required

The code from the response of GET /authCode/oauth2/authorize

redirect_uri

string required

Absolute uri for user-agent redirection. You should provide the uri passed in GET /authCode/oauth2/authorize request

cURL
Ruby
Python
PHP
Java
Node
Go
Swift

Example Request

Responses

The request has succeeded

Definitions

access_token
- The access token value received after exchanging the authorization token. This field should be passed as Authorization header in API request calls
- type : string
refresh_token
- You can use this token to refresh an expired access_token.
- type : string
scope
- Set of scopes allowed by customer and separated by space
- type : string
token_type
- Type of the access token issued. This is bearer token for authorization_code grant type
- type : string
expires_in
- Validity of access token in seconds
- type : number

Example Response for post /authCode/oauth2/token/sg/gcb

error

invalid_request

invalid_grant

unsupported_grant_type

unauthorized_client

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /authCode/oauth2/token/sg/gcb

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

error

invalid_client

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /authCode/oauth2/token/sg/gcb

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

server_error

This operation returns no content.

Authorization Code Grant: Refresh Access Token

post /authCode/oauth2/refresh

Description

This API is used to exchange for a new set of valid access and refresh tokens in case access token has expired and still have a valid refresh token.

Swagger

Header Parameters

Authorization

string required

Content-Type

string required

Content type. Value is application/x-www-form-urlencoded

FormData Parameters

grant_type

string required

The grant type. Valid value is refresh_token.

refresh_token

string required

The refresh token issued to the client

cURL
Ruby
Python
PHP
Java
Node
Go
Swift

Example Request

Responses

The request has succeeded

Definitions

access_token
- This field should be passed as Authorization header in API request calls
- type : string
refresh_token
- The refresh token value
- type : string
scope
- The list of scopes separated by space
- type : string
token_type
- The token type
- type : string
expires_in
- The access token expiry time (in seconds)
- type : number

Example Response for post /authCode/oauth2/refresh

error

invalid_request

invalid_grant

unsupported_grant_type

unauthorized_client

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /authCode/oauth2/refresh

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

error

invalid_client

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /authCode/oauth2/refresh

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

server_error

This operation returns no content.

Authorization Code Grant: Revoke Access Token

post /authCode/oauth2/revoke

Description

This API is used to revoke the access token. Along with the access token, the corresponding refresh token is also revoked and vice-versa.

Swagger

Header Parameters

Authorization

string required

Content-Type

string required

Content type. Value is application/x-www-form-urlencoded

FormData Parameters

token

string required

The token to be revoked

token_type_hint

string required

A hint about the type of the token submitted for revocation. Clients MAY pass this parameter in order to help the authorization server to optimize the token lookup. Valid values are access_token, refresh_token

cURL
Ruby
Python
PHP
Java
Node
Go
Swift

Example Request

Responses

The request has succeeded

Definitions

status
- The status of the token revocation request.
- type : string

Example Response for post /authCode/oauth2/revoke

error

invalid_request

invalid_grant

unauthorized_client

unsupported_grant_type

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /authCode/oauth2/revoke

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

error

invalid_client

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /authCode/oauth2/revoke

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

server_error

This operation returns no content.

Multi-Factor Authentication

get /oauth2/mfa

Description

This API is the first step of multi-factor authentication flow using authorization code grant. When the application gets an error response "mfaRequired", it should make a call to this API to redirect the user to Citi multi-factor authentication page.

Swagger

Query Parameters

client_id

string required

Client ID generated during application registration.

mfaCode

string required

A valid mfa security token received in the 403 error response of the functional API call. Example KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==

redirect_uri

string required

Absolute uri for user-agent redirection. You should provide the uri used during client registration process.

state

string required

Opaque value to maintain the state between request and call back. This will be used to prevent cross-site request forgery.

cURL
Ruby
Python
PHP
Java
Node
Go
Swift

Example Request

Responses

302 redirect will have the location header pointing to a new resource. The path will have specific query parameters as per the status of the response - success or failure

field name	field type	description
redirect_uri	location	This is the absolute uri provided in the request
mfaStatus	query	returned as 'success' when the mfa flow is completed successfully
state	query	echo back of the value sent in the request
error	query	field returned when an error occurs due to invalid inputs from client or server side fault. The possible values are as follows - invalid_request \| unauthorized_client \| access_denied \| service_unavailable \| temporary_unavailable
error_description	query	An optional parameter returned in few error scenarios with detailed description of the error for debugging.

This operation returns no content.

Enroll and Generate Card Access Token

post /cardAuth/oauth2/authorize/{countrycode}/{businesscode}

Description

This API is used to enroll the customer to avail services like Rewards Redemption, EPP, LOP etc. from the partner's site through a common registration.

Swagger

Header Parameters

Authorization

string required

uuid

string required

128 bit random UUID generated uniquely for every request.

string required

Content-Type that are acceptable for the response.

client_id

string required

Client ID generated during application registration.

Content-Type

string required

application/json

clientDetails

string Optional

This field is used to capture device,browser and network information. Refer the developer portal for more information.These are the fields which will be passed as part of the header devicePrint,deviceTokenCookie,userIpAddress,userAgent,hardwareId,simId,deviceModel,deviceName,deviceOsName,deviceOsVersion,multitaskingSupportFlag,languageSupport,wifiMacAddress,cellTowerId,locationAreaCode,rsaApplicationKey,wapClientId,mobileCarrierCode,mobileCountryCode,osId,geoLongitude,geoLatitude,geoHorizontalAccuracy,geoAltitude,geoAltitudeAccuracy,geoSpeed,geoTimestamp,geoStatus,basicServiceSetId,signalStrength,wifiChannel,serviceSetId

channelId

string Optional

ChannelId

ConsumerOrg

string Optional

ConsumerOrg

Body Parameters

CardAuthorizationRequest

required

CardAuthorizationRequest

Path Parameters

countrycode

string required

Countrycode

businesscode

string required

Businesscode

cURL
Ruby
Python
PHP
Java
Node
Go
Swift

Example Request

Responses

Successful operation.

This operation returns no content.

Type	Code	Details
invalid	invalid_request	Missing or invalid Parameters

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/authorize/{countrycode}/{businesscode}

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Type	Code	Details
error	unAuthorized	Authorization credentials are missing or invalid

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/authorize/{countrycode}/{businesscode}

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Type	Code	Details
error	accessNotConfigured	The request operation is not configured to access this resource
error	mfaRequired	MFA is required

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/authorize/{countrycode}/{businesscode}

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Type	Code	Details
error	registrationFailed	Registration failed
invalid	invalid_grant	The provided access grant is invalid, expired, or revoked

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/authorize/{countrycode}/{businesscode}

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Type	Code	Details
fatal	serverUnavailable	The request failed due to an internal error

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/authorize/{countrycode}/{businesscode}

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Activate Card Access Token

post /cardAuth/oauth2/token/{countrycode}/{businesscode}

Description

This API activates customer's access token. Separate token activation is required for each credit card held by the customer.

Swagger

Header Parameters

Authorization

string required

uuid

string required

128 bit random UUID generated uniquely for every request.

string required

Content-Type that are acceptable for the response.

client_id

string required

Client ID generated during application registration.

Content-Type

string required

application/json

clientDetails

string Optional

channelId

string Optional

channelId

ConsumerOrg

string Optional

ConsumerOrg

Body Parameters

CardAuthorizationAccessTokenRequest

required

CardAuthorizationAccessTokenRequest

{
    "properties": {
        "grant_type": {
            "description": "The grant type. Valid value is refresh_token",
            "type": "string",
            "example": "card_authorization"
        },
        "controlFlowId": {
            "description": "Control Flow ID",
            "type": "string",
            "example": "44125873852316f2b4d4d796c344e38756339654972776f663745446e6d4c32486f455a4165374a476858343d"
        },
        "linkageConfirmationCode": {
            "description": "Confirmation for activation",
            "type": "string",
            "example": 123455
        }
    },
    "required": [
        "controlFlowId",
        "linkageConfirmationCode"
    ]
}

Path Parameters

countrycode

string required

Countrycode

businesscode

string required

Businesscode

cURL
Ruby
Python
PHP
Java
Node
Go
Swift

Example Request

Responses

Successful operation.

Definitions

token_type
- The token type
- type : string
expires_in
- The access token expiry time (in seconds)
- type : integer
- format : int32
scope
- The list of scopes separated by space
- type : string
refresh_token
- The refresh token value
- type : string
cardId
- The card id in encrypted format
- type : string
access_token
- This field should be passed as Authorization header in API request calls
- type : string
refresh_token_expires_in
- This refer to the time in refersh token expiry
- type : integer
consented_on
- This refer to the customer consent time for authorization
- type : string
customerId
- Customer number in the encrypted format
- type : string
cardReferenceNumber
- Partner will include Card reference number in the settlement file to sent it to Citi to aprove the purchase
- type : string

Example Response for post /cardAuth/oauth2/token/{countrycode}/{businesscode}

Type	Code	Details
invalid	invalidRequest	Missing or invalid Parameters

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/token/{countrycode}/{businesscode}

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Type	Code	Details
error	unAuthorized	Authorization credentials are missing or invalid

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/token/{countrycode}/{businesscode}

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Type	Code	Details
error	accessNotConfigured	The request operation is not configured to access this resource

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/token/{countrycode}/{businesscode}

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Type	Code	Details
error	activationFailed	Link code activation is failed
error	exceedsMaximumAttempts	Maximum attempts exceeded for activation. Link credit card to a merchant again.
error	linkageConfirmationCodeExpired	The linkage confirmation Code is expired . Link credit card to a merchant again.

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/token/{countrycode}/{businesscode}

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Type	Code	Details
fatal	serverUnavailable	The request failed due to an internal error

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/token/{countrycode}/{businesscode}

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Refresh Card Access Token

post /cardAuth/oauth2/refresh

Description

This API generates a fresh access token. If your access token has expired and you still have a valid refresh token, you can exchange it for a new set of valid access and refresh tokens.

Swagger

Header Parameters

Authorization

string required

uuid

string required

128 bit random UUID generated uniquely for every request.

string required

Content-Type that are acceptable for the response.

client_id

string required

Client ID generated during application registration.

Content-Type

string required

application/json

clientDetails

string Optional

Body Parameters

CardAuthorizationRefreshTokenRequest

required

CardAuthorizationRefreshTokenRequest

{
    "properties": {
        "grant_type": {
            "description": "The grant type. Valid value is refresh_token",
            "type": "string",
            "example": "card_authorization"
        },
        "refresh_token": {
            "description": "The refresh token issued to the client",
            "type": "string",
            "example": "AAGsyASCzlBplxGvA-5CFCkLhNinu6-0HQt-y7PuzsRLVAHok6yYs6KS2Np4t7bL0R8FMeT62wYXFxxY6F7LU_cc00QTXPfoQFFtay2tu3eGpBAGDg07ll_vNk_AEJo9l1GaEKYev7Q7drDOeRCDRqcD12zJzk36PsQEM6j1txFV2jR3snW5PLs3HVjxNRjUHWLR5IoI2qfb8zCZNahrFCRQ7T7ZVB_-E6Qk22tN3hZkZH7_kB3bZjtVoNxyjJ6qBDcrYdgtAvPvBV-xXDBmfUXD44JBYiZffHjEr2dFb_e3yA"
        }
    },
    "required": [
        "refresh_token"
    ]
}

cURL
Ruby
Python
PHP
Java
Node
Go
Swift

Example Request

Responses

Successful operation.

Definitions

token_type
- The token type
- type : string
access_token
- This field should be passed as Authorization header in API request calls
- type : string
expires_in
- The access token expiry time (in seconds)
- type : integer
- format : int32
scope
- The list of scopes separated by space
- type : string
refresh_token
- The refresh token value
- type : string
cardId
- The card id in encrypted format
- type : string

Example Response for post /cardAuth/oauth2/refresh

Type	Code	Details
invalid	invalidRequest	Missing or invalid Parameters

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/refresh

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Type	Code	Details
error	unAuthorized	Authorization credentials are missing or invalid

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/refresh

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Type	Code	Details
error	accessNotConfigured	The request operation is not configured to access this resource

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/refresh

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Type	Code	Details
invalid	invalid_grant	The provided access grant is invalid, expired, or revoked
error	unsupported_grant_type	grant type not supported

error	unauthorized_client	The client is not authorized to request an authorization code using this method
error	invalidCustomer	Customer not found or invalid

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/refresh

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Type	Code	Details
fatal	serverUnavailable	The request failed due to an internal error

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/refresh

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Revoke Card Access Token

post /cardAuth/oauth2/revoke

Description

This API is used to revoke the access token. The revoke call will terminate the access granted by Citi customer to avail services from your application.

Swagger

Header Parameters

Authorization

string required

uuid

string required

128 bit random UUID generated uniquely for every request.

string required

Content-Type that are acceptable for the response.

client_id

string required

Client ID generated during application registration.

Content-Type

string required

application/json

clientDetails

string Optional

Body Parameters

CardAuthorizationRevokeTokenRequest

required

CardAuthorizationRevokeTokenRequest

{
    "properties": {
        "token": {
            "description": "The token to be revoked",
            "type": "string",
            "example": "AAEkYzFjMDQ0Y2UtNTBmMy00NmY4LWI4YjEtYmQ5ODJkMWZiNGZh3xGP85xjqyxoHR7pXxzQJf223kWPL-HyWHD4zrRCvHZUkeBkTgxppbmpFtmWeVmjzDOxs1wFzI4s45YDS15eYmyuxzLbVog4d8H9pYSelrvL6naDYOLL9U16EaY0iyAMPBGX1H7RhCqtmd-7u_Eanw7QshbruLaZh2stOrdq2thC5CCSwW2r0e8PM1QbWubJOcMp8UGv-zNc0I3cTSihymSCF44HJ_yeuPAcXJ7kj-iPzQqxaO6FiWPmIsIh2YSxdGYo8alTyjJfG5AQDnM0HA"
        },
        "token_type_hint": {
            "description": "A hint about the type of the token submitted for revocation.  Clients MAY pass this parameter in order to help the authorization server to optimize the token lookup. Valid values are access_token,  refresh_token",
            "type": "string",
            "example": "refresh_token"
        }
    },
    "required": [
        "token",
        "token_type_hint"
    ]
}

cURL
Ruby
Python
PHP
Java
Node
Go
Swift

Example Request

Responses

Successful operation.

This operation returns no content.

Type	Code	Details
invalid	invalidRequest	Missing or invalid Parameters

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/revoke

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Type	Code	Details
error	unAuthorized	Authorization credentials are missing or invalid

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/revoke

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Type	Code	Details
error	accessNotConfigured	The request operation is not configured to access this resource

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/revoke

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Type	Code	Details
invalid	invalid_grant	The provided access grant is invalid, expired, or revoked
error	unsupported_grant_type	grant type not supported

error	unauthorized_client	The client is not authorized to request an authorization code using this method
error	invalidCustomer	Customer not found or invalid

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/revoke

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Type	Code	Details
fatal	serverUnavailable	The request failed due to an internal error

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /cardAuth/oauth2/revoke

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Generate and Send OTP

post /v1/mfa/otp

Description

This API allows to generate the one time password and delivers to customer.

Swagger

Header Parameters

Authorization

string required

The most recent Authorization token. This will have the format Bearer + {space} + {accessToken}. Example: Bearer KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==.

uuid

string required

128 bit random UUID generated uniquely for every request.

string required

Content-Type that are acceptable for the response.

Content-Type

string required

application/json

client_id

string required

Client ID generated during application registration.

clientDetails

string Optional

Body Parameters

GeneratOTPRequest

required

OTP request with required details to generate and send OTP to customer.

{
    "required": [
        "otpDeliveryOption"
    ],
    "type": "object",
    "properties": {
        "otpDeliveryOption": {
            "type": "string",
            "description": "Method of OTP(one time PIN) delivery. The possible values are SMS, SOFTTOKEN, HARDTOKEN, VOICE, VRU, EMAIL",
            "example": "SMS"
        },
        "interdictionId": {
            "type": "string",
            "description": "The identifier used to retrieve phone number of the user from cache for which OTP needs to be delivered",
            "example": "1111214678"
        },
        "transactionType": {
            "type": "string",
            "description": "The string representing the transaction flow Eg: SIGNON, ADD_PAYEE",
            "example": "SIGNON"
        },
        "controlFlowId": {
            "description": "Control Flow Id",
            "type": "string",
            "example": "6e3774334f724a2b7947663653712f52456f524c41797038516a59347a437549564a77755676376e616a733d"
        },
        "emailAddress": {
            "description": "Email address of the customer",
            "type": "string",
            "example": "john.1@gmailcom"
        },
        "messageCode": {
            "description": "The alert code that is used by CitiAlerts to send alerts to customers.",
            "type": "string",
            "example": "CCPAYMNTDUE"
        }
    }
}

cURL
Ruby
Python
PHP
Java
Node
Go
Swift

Example Request

Responses

Successful operation.

Definitions

maskedPhoneNumber
- type : string
- The Customer's phone number having last four digits unmasked

Example Response for post /v1/mfa/otp

Type	Code	Details
invalid	invalidRequest	Missing or invalid Parameters
error	maximumAttemptsLimitExceeded	Max Attempt count reached
error	phoneNumberNotFound	Missing mobile phone number
error	smsDeliveryFailed	SMS delivery failed

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /v1/mfa/otp

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

error

unAuthorized

Authorization credential is missing or invalid

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /v1/mfa/otp

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

error

accessNotConfigured

Access is not configured for this resource

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /v1/mfa/otp

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

fatal

serverUnavailable

The request failed due to an internal error

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for post /v1/mfa/otp

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Validate OTP

put /v1/mfa/otp

Description

This API validates the OTP token submitted by the customer.

Swagger

Header Parameters

Authorization

string required

The most recent Authorization token. This will have the format Bearer + {space} + {accessToken}. Example: Bearer KGNsaWVudF9pZDpjbGllbnRfc2VjcmV0KQ==.

uuid

string required

128 bit random UUID generated uniquely for every request.

string required

Content-Type that are acceptable for the response.

Content-Type

string required

application/json

client_id

string required

Client ID generated during application registration.

clientDetails

string Optional

Body Parameters

ValidateOTPRequest

required

Otp request with the required details to validate otp token.

{
    "required": [
        "otpDeliveryOption",
        "otpToken"
    ],
    "type": "object",
    "properties": {
        "otpDeliveryOption": {
            "type": "string",
            "description": "Method of OTP(one time PIN) delivery. This is a reference data field.Please use \/utilities\/referenceData\/{otpDeliveryOption} resource to get valid values of this field with descriptions.",
            "example": "SMS"
        },
        "otpToken": {
            "type": "string",
            "description": "The encrypted OTP Token.",
            "example": "hQEMA8pL8pXB67DjAQf+lI1CnFXuF\/"
        },
        "transactionMemo": {
            "description": "Type of the specific transaction. This is a reference data field. Please use \/v1\/apac\/utilities\/referenceData\/{transactionMemo} resource to get possible values of this field with descriptions.",
            "type": "string",
            "example": "ENROLLCARD"
        },
        "controlFlowId": {
            "description": "It is used to control the flow for subsequent requests in the session.",
            "type": "string",
            "example": "6e3774334f724a2b7947663653712f52456f524c41797038516a59347a437549564a77755676376e616a733d"
        }
    }
}

cURL
Ruby
Python
PHP
Java
Node
Go
Swift

Example Request

Responses

Successful operation.

This operation returns no content.

Type	Code	Details
invalid	invalidRequest	Missing or invalid Parameters
error	invalidOTP	Invalid OTP
error	maximumAttemptsLimitExceeded	Max number of one-time password failures exceeded
error	otpTokenExpired	OTP Token Expired

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for put /v1/mfa/otp

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

error

unAuthorized

Authorization credential is missing or invalid

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for put /v1/mfa/otp

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

error

accessNotConfigured

Access is not configured for this resource

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for put /v1/mfa/otp

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

fatal

serverUnavailable

The request failed due to an internal error

Definitions

error_description
- Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred
- type : string
error
- If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.
- type : string
- enum : invalid_request, unauthorized_client, access_denied, unsupported_response_type, invalid_scope, server_error, temporarily_unavailable, unsupported_token_type
error_uri
- A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.
- type : string
required
- error

Response Schema for put /v1/mfa/otp

{
    "properties": {
        "error_description": {
            "description": "Human-readable ASCII [USASCII] text providing additional information, used to assist the client developer in understanding the error that occurred",
            "type": "string"
        },
        "error": {
            "description": "If the request fails due to a missing, invalid, or mismatching redirection URI, or if the client identifier is missing or invalid, the authorization server SHOULD inform the resource owner of the error and MUST NOT automatically redirect the user-agent to the invalid redirection URI.",
            "type": "string",
            "enum": [
                "invalid_request",
                "unauthorized_client",
                "access_denied",
                "unsupported_response_type",
                "invalid_scope",
                "server_error",
                "temporarily_unavailable",
                "unsupported_token_type"
            ]
        },
        "error_uri": {
            "description": "A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.",
            "type": "string"
        }
    },
    "required": [
        "error"
    ]
}

Menu

Authorize

Warning message

Authorize

Authorize

Summary

Client Credentials Grant: Retrieve Access Token

Authorization Code Grant: Retrieve Authorization Code

Authorization Code Grant: Retrieve Access Token

Authorization Code Grant: Refresh Access Token

Authorization Code Grant: Revoke Access Token

Multi-Factor Authentication

Enroll and Generate Card Access Token

Activate Card Access Token

Refresh Card Access Token

Revoke Card Access Token

Generate and Send OTP

Validate OTP