Card Lost or Stolen

Cards

Card Lost or Stolen

Customers can request to either block or block and replace their card in case of loss or theft to prevent any misuse or fraudulent activity. They can also request a card replacement if their card gets damaged.

Australia

India

Citibank ensures the protection of customers' cards and bank accounts

Customers can easily report their missing or stolen card to Citibank and have it blocked instantly to avoid any misuse or fraudulent activity. They can also replace their old card with a new one in case of any damage.
Zoom In

Secure identification

Customers can log in securely with their Citi user ID and password.

Refer to the below API callout for information on retrieving authorization code.

Zoom In

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Authorization code grant: Retrieve authorization code

This API gets invoked by a web browser redirection and requires user interaction. It is used to retrieve an authorization code by redirecting the user to a login page followed by the consent approval page. At the end of this flow, this endpoint returns to the redirect_uri configured for the associated application.

Endpoint

Endpoint

Australia: GET /authCode/oauth2/authorize

India: GET /authCode/oauth2/authorize

Parameters

PATH

NA

Query

response_type

client_id

scope

countryCode

businessCode

locale

state

redirect_uri

 

Customers validate the one-time password sent to their registered mobile number

Customers validate the one-time password sent to their registered mobile number. In the three-legged OAuth flow, one-time password validation is based on a fraud and risk recommendation, which is not mandatory. 

Refer to the below API callout for information on retrieving access token.

Zoom In

Customer consent

Customers are presented with Citi’s consent page where they can review the Terms & Conditions regarding what account information will and will not be shared with the third-party application. If they agree, the customers click on ‘Authorize'. 

Zoom In

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Authorization code grant: Retrieve access token

Get an access token issued by calling our token endpoint and passing the authorization code from the previous call. The issued access token will have an expiry, and it will be valid only for the scope for which the consent has been provided by the customer. You can call the APIs by passing this token in Authorization header.
You also get a refresh token that can be used to get a new access token in case the original one expires.

Endpoint

Australia: POST /authCode/oauth2/token/<countryCode>/<businessCode>

India:  POST /authCode/oauth2/token/<countryCode>/<businessCode>

Parameters

PATH

NA

Query

response_type

client_id

scope

countryCode

businessCode

locale

state

redirect_uri

Refresh Access Token

If the access token has expired and the partner still has a valid refresh token, they can refresh customer’s access token by calling the Refresh Token API and can exchange it for a new set of valid access and refresh tokens.

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Authorization code grant: Refresh access token

This API generates a fresh access token. If your access token has expired and you still have a valid refresh token, you can exchange it for a new set of valid access and refresh tokens. 

End Point

Australia: POST /authCode/oauth2/refresh

India: POST /authCode/oauth2/refresh

Parameters

PATH

NA

FormData

grant_type

refresh_token

Revoke Access Token

This API is used to revoke the access token and the corresponding refresh token. 
After successful revocation, the tokens are marked invalid and customer needs to register again to access the APIs.

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Authorization code grant: Revoke access token

This API is used to revoke the access token and requires the resource owner to pass the valid client credentials, a valid token and the token type as inputs. Along with the access token, the corresponding refresh token is also revoked and vice-versa.

End Point

Australia: POST /authCode/oauth2/revoke

India: POST /authCode/oauth2/revoke

Parameters

PATH

NA

FormData

token

token_type_hint

Customers select the card to be blocked or replaced

Customers can view their credit and debit cards and select the card they need to either block or replace. Refer to the below API callout for information on retrieving card details.

 

There is a variation in API callouts for aggregators and cobrand partners. Please refer as applicable.

Zoom In

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Retrieve all cards - For Aggregators

Returns an array of credit card numbers, credit limits, statuses and types for the customer who authorized your app.

Endpoint

Australia: GET /v1/cards

India: GET /v1/cards

Parameters

PATH

NA

Query

cardFunction

View Api Callout 2 >
×

Use Case Callout

Retrieve all cards - For Cobrand Partners

Returns an array of credit card numbers, credit limits, statuses and types for the customer who authorized your app.

Endpoint

Australia: GET partner/v1/cards

India: GET partner/v1/cards

Parameters

PATH

NA

Query

cardFunction

Customers review their card details

Customers can review the details of their selected card such as closing balance, minimum payment due, payment due date, etc.. They click on the type of request they wish to submit, and then click on 'Proceed'.

Zoom In

Customers submit the request for card blocking or replacement

Customers can either request to immediately block their card or lock it temporarily and then click on 'Submit'. If they choose to block their card, a replacement card will be sent to their registered address. 

 

Refer to the below API callout for information on reporting a lost or stolen card.

Zoom In

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Report card as lost or stolen

Reports a specified card as lost or stolen and returns a reference number to track the request.

Endpoint

Australia: PUT /v1/cards/{cardId}/lostStolen

India : PUT /v1/cards/{cardId}/lostStolen

Parameters

PATH

cardId

 

Request confirmation

Customers get a confirmation message after submitting their card block or replace request. A new card is issued to the customer if a replacement request was raised for a damaged card.

Zoom In