Closed Loop Citi PayLite

Cards

Closed Loop Citi PayLite

Enhance customers' shopping experiences with Citi PayLite by providing them with new ways to pay for merchandise and services. Customers can choose to pay using Citi reward points or miles, pay in installments or a combination of both.

Singapore

Customers register for flexible payment options

Customers can enjoy a great shopping experience when they check out on your app or website using Citi PayLite. They have the option to pay for their purchase either entirely or partially with points, and they can choose to pay all at once or in installments by using Easy Payment Plans.

Zoom In

Secure identification

Customers can enroll in Shop With Points and Citi PayLite by registering with their preferred Citi credit card. This allows them to verify their identity without compromising on their security. 

 

Refer to the API callout 1 and 2 to be called during the screen load.

Refer to the API Callout 3 for information about generating a card access token upon clicking the button.

Zoom In

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Client Credentials Grant: Retrieve Access Token

This API is used to retrieve the access token for your application credentials. You can use this for APIs which do not require customer credential verification and consent (e.g. Onboarding).

Endpoint

Singapore: POST /clientCredentials/oauth2/token/sg/gcb

Parameters

FormData

grant_type

scope

View Api Callout 2 >
×

Use Case Callout

GetEncryptionKey (E2E)

This API is used by browser based applications for retrieving the public key used for encryption. It returns the modulus and exponent for setting up a business public key. This is a pre login API.

Endpoint

Singapore : GET /partner/v1/prelogin/security/e2eKey

Parameters

PATH

NA

View Api Callout 3 >
×

Use Case Callout

JWEAuthorizationAccessToken

This API needs to be used to generate a JSON Web Token [JWT] and token can be either signed or could be signed and encrypted.

Endpoint

Singapore : POST /v1/issuedDeviceAdministration/accessToken/retrieve/sg/gcb

Parameters

Body

Customers validate the one-time password

Customers complete their registration by validating the one-time password sent to their registered mobile number. They’ll receive a notification from their bank after a successful registration.

 

Refer to the API callout for information about activating card access token.

Zoom In

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Activate Card Access Token 

This API activates a customer's access token. Separate token activation is required for each credit card held by the customer.

Endpoint

Singapore: GET  /v1/issuedDeviceAdministration/accessToken/confirmation/sg/gcb

Parameters

PATH

Body

Registration completed

Customers are informed when their registration has been completed. 

 

Once they click on 'Shop now', they can retrieve their point balance and see if they are eligible for Easy Payment Plans.

 

Refer to the API Callout 1 for information about retrieving a point balance.

Refer to the API Callout 2 for information about determining Easy Payment Plan eligibility.

Zoom In

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Get Rewards Points Balance

This API returns the Citi Rewards Points balance and the details for converting the specified token to a dollar amount.

Endpoint

Singapore: POST  /v1/creditCards/rewards/pointBalance/search

Parameters

PATH

NA

Body

RewardsInquiryRequest (cardId)

View Api Callout 2 >
×

Use Case Callout

Transaction Eligibility and Easy Payment Plans

This API is used to check the Easy Payment Plans eligibility for a card and the available Payment Plans details.

Endpoint

Singapore: GET /v1/creditCards/{cardId}/transactions/eligibility/easyPaymentPlan

Parameters

PATH

cardId

Query

eligbleLoanAmount

Refresh Token

When checking the availability of the access token for a customer’s credit card: 


If the access token is not available, customers need to register themselves to get the access token, as illustrated in the above steps of this journey. 

 

If the token is already available, then the validity of the existing access token is determined. 

 

If the access token has expired, then you can refresh a customer’s access token by calling the Refresh Token API. Subsequent API calls in this journey are dependent on the availability of a valid access token. 

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Refresh Card Access Token 

This API generates a fresh access token. If your access token has expired and you still have a valid refresh token, you can exchange it for a new set of valid access and refresh tokens. 

End Point

Singapore: POST /v1/issuedDeviceAdministration/accessToken/refresh

Parameters

PATH

NA

Body

refresh_token

Customers select the product to purchase

Customers select the product they want and then click on 'Check out' to proceed with their purchase.
Zoom In

Customers select points for redemption and Easy Payment Plan

Customers can decide the number of points to redeem and may use them for full or partial payment of their purchases. Based on their inputs, a list of payment plans will be displayed. If they choose to pay partially with points, a part of the transaction amount will be settled through point redemption and the remaining will be billed as per the selected payment plan. Customers then click on 'Proceed' to submit the point redemption and plan booking request.

 

Refer to the below API callout to check the Easy Payment Plans eligibility for a card and the available Payment Plans details.

Zoom In

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Transaction Eligibility and Easy Payment Plans

This API is used to check the Easy Payment Plans eligibility for a card and the available Payment Plans details.

Endpoint

Singapore: GET /v1/creditCards/{cardId}/transactions/eligibility/easyPaymentPlan

Parameters

PATH

cardId

Query

eligbleLoanAmount

Points redemption and easy payment plan booking

In this scenario, the partner's app or website already has the customer's credit card details to initiate the authorization.

 

After the customers select the redemption points and payment plan, point redemption occurs in the background by calling the API Callout 1.

After that, the API Callout 2 is invoked to convert to easy payment plan.

Zoom In

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

Redeem Reward Points

This API is used by the customer to submit Shop with Points redemption request. Redemption takes place at the checkout stage, hence the customer can pay for all or part of his transaction bill by using his Rewards Points.

Endpoint

Singapore: POST /v1/rewards/shopWithPoints/redemption

Parameters

Body

ShopWithPointsPointRedemptionRequest (cardId, transactionReferenceId, transactionAmount, currencyCode, pointsToRedeem, transactionDescription)
 

View Api Callout 2 >
×

Use Case Callout

Authorize Card Purchase

This API is used to authorize a purchase done using a card.

Endpoint

Singapore: POST /partner/v1/moneyMovement/cards/purchases/authorization

Parameters

Body

CardPurchaseAuthorizationRequest (accountId, draweeId, displayAccountNumber, currencyCode, transactionReferenceId, requestTimestamp, transactionAmount, transactionCurrencyCode, merchantName, merchantNumber, tenor, eppMonthlyInterestRate, eppPromoId)

Customers validate the one-time password

As per the Citi Fraud Rule, the customers need to validate the one-time password sent to their registered mobile number to proceed with loan booking.


 
Refer to:
•    API Callout 1 to retrieve the public key used for encryption.
•    API Callout 2 to validate the one time password.
•    API Callout 3 to re-generate and send the one time password.
•    API Callout 4 to confirm the authorization of a purchase done using card.

 

In an ideal scenario, APIs 1, 2, and 4 will be called.

 

Refer to : 
•    API Callout 5 for timeout reversal scenario in case API Callout 1 fails.

Zoom In

API(s) Callout

View Api Callout 1 >
×

Use Case Callout

E2E Public Key Modulas and Exponent

This API is used by browser based applications for retrieving the public key used for encryption. It returns the modulus and exponent for setting up a business public key. This is a post login API.

Endpoint

Singapore: GET /v1/security/e2ekey

Parameters

PATH

NA

View Api Callout 2 >
×

Use Case Callout

Validate OTP

This API validates the OTP token submitted by customer.

Endpoint

Singapore : PUT /v1/mfa/otp

Parameters

PATH

N/A

Body

ValidateOTPRequest

View Api Callout 3 >
×

Use Case Callout

Generate and Send OTP

This API allows you to generate the one time password and delivers to customer.

Endpoint

Singapore : POST /v1/mfa/otp

Parameters

PATH

N/A

Body

GenerateOTPRequest

View Api Callout 4 >
×

Use Case Callout

Confirm Card Purchase Authorization

This API is used to confirm the authorization of a purchase done using a card post additional multifactor authentication.

Endpoint

Singapore : POST /partner/v1/moneyMovement/cards/purchases/authorization/confirmation

Parameters

Body

CardPurchaseAuthorizationConfirmationRequest (controlFlowId)

View Api Callout 5 >
×

Use Case Callout

Authorize Card Purchase Reversal

This API is used to authorize the reversal of a purchase done using a card.

Endpoint

Singapore : POST /partner/v1/moneyMovement/cards/purchases/reversals/authorization

Parameters

Body

CardPurchaseReversalAuthorizationRequest(accountId, draweeId, displayAccountNumber, currencyCode, transactionReferenceId, requestTimestamp, transactionAmount, transactionCurrencyCode, merchantName, merchantNumber, tenor, eppMonthlyInterestRate, eppPromoId)

Transaction is processed

Customers wait until their transaction is processed.
Zoom In

Order confirmation

After a successful order placement, customers receive a confirmation message that shows the payment amount redeemed through points and paid through an Easy Payment Plan, along with the order number, date and time. They also receive a notification from their bank shortly after.
Zoom In