production
development
https://api.banamex.com/mx-gcgapi
Paths
/v1/customers/{customerId}/customerName
get /v1/customers/{customerId}/customerName
Wallet Security
This API will allow the customer to receive the masked name based on the entered valid customer ID.
To use this operation you must use one of the following sets of security requirements.
ClientID (Query)
client_id
(apiKey located in query)
ClientID
ClientID
X-IBM-Client-Id
(apiKey located in header)
ClientID
Accept
Required in header
string
Content-Types that are acceptable for the response
{
"default": "application\/json"
}customerId
Required in path
string
userId
bizToken
Required in header
string
Business Token received during previous API call. Required in all calls after authorization is established
{
"default": "5cf5ab07-3899-4c9f-95f7-93a2c33c5d1f"
}Authorization
Required in header
string
OAuth token
{
"default": "15208502-4efb-4a60-85e6-583829e32ab4"
}client_id
Required in header
string
The client ID you received during application registration in the developer portal
{
"default": "4fe1a7fa-b67c-4c4e-a4b6-1ad91f6e1f7a"
}walletServiceProviderId
Required in query
string
walletServiceProviderId
200
400
Request was not processed.
| Type | Code | Details |
|---|---|---|
| error | invalidRequest | Missing or invalid Parameters |
401
Missing or invalid authorization header.
| Type | Code | Details |
|---|---|---|
| error | unAuthorized | Authorization credentials are missing or invalid |
403
Unauthorized to perform the requested operation on resource.
| Type | Code | Details | More Info |
|---|---|---|---|
| error | accessNotConfigured | The request operation is not configured to access this resource | Channel/Country/Business provided in the request is not supported currently |
404
Resource does not exist.
| Type | Code | Details | More Info |
|---|---|---|---|
| error | resourceNotFound | The requested resource was not found | Empty resource/resource not found |
500
API Server Error
| Type | Code | Details |
|---|---|---|
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability |
Example Request
Example Response
GET https://api.banamex.com/mx-gcgapi/api/v1/customers/{customerId}/customerName
/v1/mx/mfa/isMFArequired
post /v1/mx/mfa/isMFArequired
Wallet Security
To check if MFA is required.
Accept
Required in header
string
Content-Types that are acceptable for the response
{
"default": "application\/json"
}uuid
Required in header
string
Universally unique identifier (UUID) that you generate for every request and is used for tracking. It is recommended to use the output from Java UUID class or an equivalent
{
"default": "01c69886-89ad-4424-98b4-38a3a33ab3ec"
}bizToken
Required in header
string
Business Token received during previous API call. Required in all calls after authorization is established
{
"default": "5cf5ab07-3899-4c9f-95f7-93a2c33c5d1f"
}Authorization
Required in header
string
OAuth token
{
"default": "15208502-4efb-4a60-85e6-583829e32ab4"
}client_id
Required in header
string
The client ID you received during application registration in the developer portal
{
"default": "4fe1a7fa-b67c-4c4e-a4b6-1ad91f6e1f7a"
}Content-Type
Required in header
string
Content-Types that is acceptable for the request. Currently we support application/json. Use only for PUT & POST methods
{
"default": "application\/json"
}request
Required in body
object
request
200
400
Request was not processed.
| Type | Code | Details |
|---|---|---|
| error | invalidRequest | Missing or invalid Parameters |
401
Missing or invalid authorization header.
| Type | Code | Details |
|---|---|---|
| error | unAuthorized | Authorization credentials are missing or invalid |
403
Unauthorized to perform the requested operation on resource.
| Type | Code | Details | More Info |
|---|---|---|---|
| error | accessNotConfigured | The request operation is not configured to access this resource | Channel/Country/Business provided in the request is not supported currently |
500
API Server Error
| Type | Code | Details |
|---|---|---|
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability |
Example Request
Example Response
POST https://api.banamex.com/mx-gcgapi/api/v1/mx/mfa/isMFArequired
/v1/mx/mfa/mfaChannels
post /v1/mx/mfa/mfaChannels
Wallet Security
Retrieve MFA channels for multifactor authentication.
Accept
Required in header
string
Content-Types that are acceptable for the response
{
"default": "application\/json"
}uuid
Required in header
string
Universally unique identifier (UUID) that you generate for every request and is used for tracking. It is recommended to use the output from Java UUID class or an equivalent
{
"default": "01c69886-89ad-4424-98b4-38a3a33ab3ec"
}bizToken
Required in header
string
Business Token received during previous API call. Required in all calls after authorization is established
{
"default": "5cf5ab07-3899-4c9f-95f7-93a2c33c5d1f"
}Authorization
Required in header
string
OAuth token
{
"default": "15208502-4efb-4a60-85e6-583829e32ab4"
}client_id
Required in header
string
The client ID you received during application registration in the developer portal
{
"default": "4fe1a7fa-b67c-4c4e-a4b6-1ad91f6e1f7a"
}Content-Type
Required in header
string
Content-Types that is acceptable for the request. Currently we support application/json. Use only for PUT & POST methods
{
"default": "application\/json"
}request
Required in body
object
request
200
400
Request was not processed.
| Type | Code | Details |
|---|---|---|
| error | invalidRequest | Missing or invalid Parameters |
401
Missing or invalid authorization header.
| Type | Code | Details |
|---|---|---|
| error | unAuthorized | Authorization credentials are missing or invalid |
403
Unauthorized to perform the requested operation on resource.
| Type | Code | Details | More Info |
|---|---|---|---|
| error | accessNotConfigured | The request operation is not configured to access this resource | Channel/Country/Business provided in the request is not supported currently |
500
API Server Error
| Type | Code | Details |
|---|---|---|
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability |
Example Request
Example Response
POST https://api.banamex.com/mx-gcgapi/api/v1/mx/mfa/mfaChannels
/v1/mx/mfa/otp
post /v1/mx/mfa/otp
Wallet Security
Generates and send OTP to customer. As this is a post login api, this api expects customer phone number/email to be available in the shared profile.
To use this operation you must use one of the following sets of security requirements.
ClientID (Query)
client_id
(apiKey located in query)
ClientID
ClientID
X-IBM-Client-Id
(apiKey located in header)
ClientID
Accept
Required in header
string
Content-Types that are acceptable for the response
{
"default": "application\/json"
}uuid
Required in header
string
Universally unique identifier (UUID) that you generate for every request and is used for tracking. It is recommended to use the output from Java UUID class or an equivalent
{
"default": "01c69886-89ad-4424-98b4-38a3a33ab3ec"
}bizToken
Required in header
string
Business Token received during previous API call. Required in all calls after authorization is established
{
"default": "5cf5ab07-3899-4c9f-95f7-93a2c33c5d1f"
}Authorization
Required in header
string
OAuth token
{
"default": "15208502-4efb-4a60-85e6-583829e32ab4"
}client_id
Required in header
string
The client ID you received during application registration in the developer portal
{
"default": "4fe1a7fa-b67c-4c4e-a4b6-1ad91f6e1f7a"
}Content-Type
Required in header
string
Content-Types that is acceptable for the request. Currently we support application/json. Use only for PUT & POST methods
{
"default": "application\/json"
}request
Required in body
object
request
200
OK
400
Request was not processed.
| Type | Code | Details |
|---|---|---|
| error | invalidRequest | Missing or invalid Parameters |
401
Missing or invalid authorization header.
| Type | Code | Details |
|---|---|---|
| error | unAuthorized | Authorization credentials are missing or invalid |
403
Unauthorized to perform the requested operation on resource.
| Type | Code | Details | More Info |
|---|---|---|---|
| error | accessNotConfigured | The request operation is not configured to access this resource | Channel/Country/Business provided in the request is not supported currently |
500
API Server Error
| Type | Code | Details |
|---|---|---|
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability |
Example Request
Example Response
POST https://api.banamex.com/mx-gcgapi/api/v1/mx/mfa/otp
put /v1/mx/mfa/otp
Wallet Security
Validate the OTP provided against the chosen MFA type - SMS OTP,
To use this operation you must use one of the following sets of security requirements.
ClientID (Query)
client_id
(apiKey located in query)
ClientID
ClientID
X-IBM-Client-Id
(apiKey located in header)
ClientID
Accept
Required in header
string
Content-Types that are acceptable for the response
{
"default": "application\/json"
}uuid
Required in header
string
Universally unique identifier (UUID) that you generate for every request and is used for tracking. It is recommended to use the output from Java UUID class or an equivalent
{
"default": "01c69886-89ad-4424-98b4-38a3a33ab3ec"
}bizToken
Required in header
string
Business Token received during previous API call. Required in all calls after authorization is established
{
"default": "5cf5ab07-3899-4c9f-95f7-93a2c33c5d1f"
}Authorization
Required in header
string
OAuth token
{
"default": "15208502-4efb-4a60-85e6-583829e32ab4"
}client_id
Required in header
string
The client ID you received during application registration in the developer portal
{
"default": "4fe1a7fa-b67c-4c4e-a4b6-1ad91f6e1f7a"
}Content-Type
Required in header
string
Content-Types that is acceptable for the request. Currently we support application/json. Use only for PUT & POST methods
{
"default": "application\/json"
}request
Required in body
object
request
200
400
Request was not processed.
| Type | Code | Details |
|---|---|---|
| error | invalidRequest | Missing or invalid Parameters |
401
Missing or invalid authorization header.
| Type | Code | Details |
|---|---|---|
| error | unAuthorized | Authorization credentials are missing or invalid |
403
Unauthorized to perform the requested operation on resource.
| Type | Code | Details | More Info |
|---|---|---|---|
| error | accessNotConfigured | The request operation is not configured to access this resource | Channel/Country/Business provided in the request is not supported currently |
404
Resource does not exist.
| Type | Code | Details | More Info |
|---|---|---|---|
| error | resourceNotFound | The requested resource was not found | Empty resource/resource not found |
500
API Server Error
| Type | Code | Details |
|---|---|---|
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability |
Example Request
Example Response
PUT https://api.banamex.com/mx-gcgapi/api/v1/mx/mfa/otp
/v1/wallets/auth/login
post /v1/wallets/auth/login
Wallet Security
Login
To use this operation you must use one of the following sets of security requirements.
ClientID (Query)
client_id
(apiKey located in query)
ClientID
ClientID
X-IBM-Client-Id
(apiKey located in header)
ClientID
Accept
Required in header
string
Content-Types that are acceptable for the response
{
"default": "application\/json"
}uuid
Required in header
string
Universally unique identifier (UUID) that you generate for every request and is used for tracking. It is recommended to use the output from Java UUID class or an equivalent
{
"default": "01c69886-89ad-4424-98b4-38a3a33ab3ec"
}bizToken
Required in header
string
Business Token received during previous API call. Required in all calls after authorization is established
{
"default": "5cf5ab07-3899-4c9f-95f7-93a2c33c5d1f"
}Authorization
Required in header
string
OAuth token
{
"default": "15208502-4efb-4a60-85e6-583829e32ab4"
}client_id
Required in header
string
The client ID you received during application registration in the developer portal
{
"default": "4fe1a7fa-b67c-4c4e-a4b6-1ad91f6e1f7a"
}Content-Type
Required in header
string
Content-Types that is acceptable for the request. Currently we support application/json. Use only for PUT & POST methods
{
"default": "application\/json"
}request
Required in body
object
request
200
400
Request was not processed.
| Type | Code | Details |
|---|---|---|
| error | invalidRequest | Missing or invalid Parameters |
401
Missing or invalid authorization header.
| Type | Code | Details |
|---|---|---|
| error | unAuthorized | Authorization credentials are missing or invalid |
403
Unauthorized to perform the requested operation on resource.
| Type | Code | Details | More Info |
|---|---|---|---|
| error | accessNotConfigured | The request operation is not configured to access this resource | Channel/Country/Business provided in the request is not supported currently |
500
API Server Error
| Type | Code | Details |
|---|---|---|
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability |
Example Request
Example Response
POST https://api.banamex.com/mx-gcgapi/api/v1/wallets/auth/login
Definitions
{
"type": "object",
"properties": {
"adaIndicator": {
"type": "string",
"example": "Y",
"description": "If customer is Citi ADA customer"
},
"applicationId": {
"type": "string",
"example": "CITIPAY",
"description": "Application Unique Identifier"
},
"deviceDetails": {
"$ref": "#/definitions/DeviceDetails"
},
"eventData": {
"$ref": "#/definitions/EventData"
},
"hostName": {
"type": "string",
"example": "SSSS85369L00606",
"description": "Host name of the customer for both Web and Device"
},
"inetData": {
"$ref": "#/definitions/InetData"
},
"languageCode": {
"type": "string",
"example": "EN",
"description": "LanguageCode"
},
"loginAuthority": {
"type": "string",
"example": "BANK",
"description": "Request Origination Realm e.g BANK"
},
"loginIdentity": {
"type": "string",
"example": "CCS",
"description": "Host used to authenticate user e.g CCS"
},
"ruleType": {
"type": "string",
"example": "Login",
"description": "Event type to be executed in Cyota. E.g Login"
},
"sourcePort": {
"type": "string",
"example": "33790",
"description": "Port number of the customer for both Web and Device"
},
"userIpAddress": {
"type": "string",
"example": "121.211.45.22",
"description": "IP Address of the user device"
}
}
}
{
"type": "object",
"properties": {
"channelId": {
"type": "string",
"description": "Unique ID to address"
},
"channelType": {
"type": "string",
"example": "SMS",
"description": "This is customer delivery option opted by Customer Mode of OTP Delivery in case MFA Challenge type is OTP"
},
"channelValue": {
"type": "string",
"description": "This is customer delivery address.Last 4 digits of Phone Number in case MFA Challenge type is OTP."
}
}
}
{
"type": "object",
"properties": {
"password": {
"type": "string",
"description": "user password."
},
"userId": {
"type": "string",
"description": "user id"
}
}
}
{
"type": "object",
"properties": {
"firstName": {
"type": "string",
"description": "Customer first name."
},
"fullName": {
"type": "string",
"description": "Customer full name"
},
"lastName": {
"type": "string",
"description": "Customer last name."
},
"maskedName": {
"type": "string",
"description": "masked CBOL Customer Name"
},
"middleName": {
"type": "string",
"description": "Customer middle name."
},
"motherMaidenName": {
"type": "string",
"description": "Customer mother maiden name"
},
"suffix": {
"type": "string",
"description": "Customer name suffix."
}
}
}
{
"type": "object",
"required": [
"applicationCategory",
"applicationVersion",
"blackboxId",
"cellTowerId",
"clientDefinedChannelIndicator",
"deviceId",
"deviceLocation",
"deviceModel",
"deviceName",
"deviceOsName",
"deviceOsVersion",
"deviceSerialNumber",
"deviceType",
"deviceUptime",
"deviceVersion",
"eventType",
"languageSupport",
"locationAreaCode",
"misin",
"mobileCountryCode",
"mobileInfoJs",
"mobileInfoSdk",
"mobileNetworkCode",
"multitaskingSupportFlag",
"networkId",
"numberOfAddressBookEntries",
"osId",
"otherId",
"paymentAppInstanceId",
"primaryPortfolio",
"rsaApplicationkey",
"screenSize",
"secondryPortfolio",
"simId",
"stableHardwareId",
"vendorClientId",
"wapClientId",
"wifiMacAddress"
],
"properties": {
"applicationCategory": {
"type": "string",
"example": "INTERNET",
"description": "Application Category.ie. INTERNET, MOBILE_THIN or MOBILE_THICK"
},
"applicationVersion": {
"type": "string",
"example": "1.0",
"description": "The version of the application"
},
"blackboxId": {
"type": "string",
"example": "XCVEDG-DOFGM",
"description": "iOvation blackbox id-Required for MFA Authentication"
},
"cellTowerId": {
"type": "string",
"example": "342332432423",
"description": "A GSM Cell ID (CID) is a unique number used to identify each Base Transceiver Station (BTS), or sector of a BTS, within a Location Area Code (LAC) or GSM network."
},
"clientDefinedChannelIndicator": {
"type": "string",
"example": "MOBILE",
"description": "Channel Indicator assiged to Wallet Provider app. E.g. WEB, MOBILE"
},
"deviceId": {
"type": "string",
"example": "243e23ewed234ed",
"description": "Unique ID of the device. Typically, this is the IMEI number for mobile devices"
},
"deviceLocation": {
"type": "string",
"example": "USA",
"description": "This is the device location"
},
"deviceModel": {
"type": "string",
"example": "4.0",
"description": "The device model"
},
"deviceName": {
"type": "string",
"example": "Samsung",
"description": "The name of the device being used"
},
"deviceOsName": {
"type": "string",
"example": "Windows",
"description": "The OS of the device"
},
"deviceOsVersion": {
"type": "string",
"example": "7.0",
"description": "This is OS version"
},
"deviceSerialNumber": {
"type": "string",
"example": "w343d34wd3234234",
"description": "This is the device serial number"
},
"deviceType": {
"type": "string",
"example": "MOBILE",
"description": "The device which is used to perform this operation. Valid values are MOBILE, TABLET, WATCH"
},
"deviceUptime": {
"type": "string",
"example": "31667",
"description": "Time elapsed since last boot in seconds"
},
"deviceVersion": {
"type": "string",
"example": "6.0",
"description": "The version of the device being used"
},
"eventType": {
"type": "string",
"example": "MOBILE",
"description": "The Event initiated by the user.i.e CITI_WALLET_PURCHASE"
},
"languageSupport": {
"type": "string",
"example": "EN",
"description": "The languages supported by the mobile device."
},
"locationAreaCode": {
"type": "string",
"example": "91",
"description": "The local area code."
},
"misin": {
"type": "string",
"example": "711",
"description": "MISIN of the client device"
},
"mobileCountryCode": {
"type": "string",
"example": "412",
"description": "The mobile country code."
},
"mobileInfoJs": {
"type": "string",
"description": "The string that is created by the location collection JavaScript."
},
"mobileInfoSdk": {
"type": "string",
"description": "The JSON from the mobile application. This field contains the string that is collected by the RSA Mobile SDK."
},
"mobileNetworkCode": {
"type": "string",
"example": "01",
"description": "The mobile network code."
},
"multitaskingSupportFlag": {
"type": "boolean",
"example": false,
"description": "Indicates whether or not the mobile device supports multi-tasking."
},
"networkId": {
"type": "string",
"example": "networkName_networkID",
"description": "ID to uniquely identify the network which is used to perform the operations. Typically, retrieved using public methods provided by the device OS,"
},
"numberOfAddressBookEntries": {
"type": "string",
"example": "5",
"description": "The total number of entries in the mobile device's address book."
},
"osId": {
"type": "string",
"description": "The ID of the operating system. Options include: Android ID, iPhone UDID, and Blackberry PIN number."
},
"otherId": {
"type": "string",
"description": "A unique identifier that is created by the mobile application itself.This field is required to ensure an accurate risk score for mobile applications."
},
"paymentAppInstanceId": {
"type": "string",
"example": "2423435345453511111212121212",
"description": "paymentAppInstanceID/SEID of the device."
},
"primaryPortfolio": {
"type": "string",
"example": "CONSUMER",
"description": "Reason for the call \"SignOff or LogOff\""
},
"rsaApplicationkey": {
"type": "string",
"description": "A unique identifier"
},
"screenSize": {
"type": "string",
"description": "The screen size of the mobile device."
},
"secondryPortfolio": {
"type": "string",
"example": "BANK",
"description": "Reason for the call \"SignOff or LogOff\""
},
"simId": {
"type": "string",
"example": "42342341235235235",
"description": "IMSI value of the SIM"
},
"stableHardwareId": {
"type": "string",
"example": "23534645756234234234",
"description": "Stable Hardware ID for NFC devices"
},
"vendorClientId": {
"type": "string",
"description": "A unique ID that represents the mobile user, created by an application vendor."
},
"wapClientId": {
"type": "string",
"description": "The unique ID number of the WAP profile client."
},
"wifiMacAddress": {
"type": "string",
"description": "The Wi-Fi card MAC address"
},
"wifinetworksData": {
"$ref": "#/definitions/WifiNetworksData"
}
}
}
{
"type": "object",
"required": [
"code",
"type"
],
"properties": {
"code": {
"type": "string",
"description": "Error code which qualifies the error"
},
"details": {
"type": "string",
"description": "Human readable explanation specific to the occurrence of the problem"
},
"location": {
"type": "string",
"description": "The name of the field that resulted in the error"
},
"moreInfo": {
"type": "string",
"description": "URI to human readable documentation of the error"
},
"type": {
"type": "string",
"description": "invalid - Request did not confirm to the specification and was unprocessed & rejected. Please fix the value and try again
warn - Request was partially processed. E.g. some of the fields are missing in response to the system issues, request was accepted successfully but will be processed asynchronously
error - The request was accepted but could not be processed successfully
fatal - There was an internal system error while processing the request. These are technical errors and will be resolved by Citi, and the consumer should retry after some time. Business errors will not be categorized as fatal"
}
}
}
{
"type": "object",
"properties": {
"errors": {
"type": "array",
"description": "List of one or more errors",
"items": {
"$ref": "#/definitions/ErrorResponse"
}
}
}
}
{
"type": "object",
"properties": {
"clientDefinedFactListDataType": {
"type": "string",
"example": "String",
"description": "datatype"
},
"clientDefinedFactListName": {
"type": "string",
"example": "CUSTOM_FIELD_10",
"description": "Name defined at client side CUSTOM_FIELD_10"
},
"clientDefinedFactListValue": {
"type": "string",
"example": "CYOTASQ_CVV_FAILURE",
"description": "Event value defined at client side e.g CYOTASQ_CVV_ABANDEND or CYOTASQ_CVV_FAILURE"
},
"eventType": {
"type": "string",
"example": "CLIENT_DEFINED",
"description": "Tyep of event initiated at client side. E.g. CLIENT_DEFINED"
},
"level": {
"type": "string",
"example": "851",
"description": "701 - SQ +CVV 851 - OTP SMS; 861 -OTP Voice"
},
"mfaSuccessfulIndicator": {
"type": "string",
"example": "true",
"description": "specifies if MFA is successful"
}
}
}
{
"type": "object",
"required": [
"accountType",
"ccsId",
"walletServiceProviderId"
],
"properties": {
"accountType": {
"type": "string",
"example": "CREDIT",
"description": "Customer Plastic Card Type"
},
"ccsId": {
"type": "string",
"example": "CREDIT",
"description": "This is the ID for CCS system (common credentials system)"
},
"challengeType": {
"type": "string",
"description": "Type of Challenge user has to be presented with"
},
"communicationChannels": {
"$ref": "#/definitions/CommunicationChannels"
},
"transactionMemo": {
"type": "string",
"example": "GENERATE_OTP",
"description": "This specifies the below login context events. 1. GenerateOTP 2. GenerateNetKey"
},
"userId": {
"type": "string",
"description": "cbol id of customer"
},
"userType": {
"type": "string",
"description": "customer type"
},
"walletServiceProviderId": {
"type": "string",
"example": "APPLE_PAY",
"description": "It is the ID assigned for a Wallet Service Provider for the Wallet where CITI cards are provisioned, values=[APPLE_PAY, SAMSUNG_PAY, ANDROID_PAY, CITI_HCE_PAY, ALL_WALLETS, CITI_WALLET]"
}
}
}
{
"type": "object",
"properties": {
"ccsId": {
"type": "string",
"example": "CREDIT",
"description": "This is the ID for CCS system (common credentials system)"
},
"transactionMemo": {
"type": "string",
"example": "GENERATE_OTP",
"description": "This specifies the below login context events.1. GenerateOTP. 2. GenerateNetKey"
},
"userId": {
"type": "string",
"description": "cbol id of customer"
},
"userType": {
"type": "string",
"description": "customer type"
},
"walletServiceProviderId": {
"type": "string",
"example": "APPLE_PAY",
"description": "It is the ID assigned for a Wallet Service Provider for the Wallet where CITI cards are provisioned"
}
}
}
{
"type": "object",
"properties": {
"challengeType": {
"type": "string",
"description": "Type of Challenge user has to be presented with"
},
"communicationChannels": {
"type": "array",
"items": {
"$ref": "#/definitions/CommunicationChannels"
}
}
}
}
{
"type": "object",
"properties": {
"accept": {
"type": "string"
},
"acceptLanguage": {
"type": "string",
"example": "en-US",
"description": "language expected in response/locale."
},
"devicePrint": {
"type": "string",
"example": "312323YYF412312FTG2132",
"description": "Device Print details"
},
"reference": {
"type": "string",
"example": "https://citiwallet.sit2.citibank. com/USCWP/REST/wallet/interdiction/performRiskScoring.jws",
"description": "URL from which getting redirected"
},
"userAgent": {
"type": "string",
"example": "Iphone",
"description": "Browser Type e.g Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36"
},
"userCookieValue": {
"type": "string",
"example": "3123232",
"description": "Cookie String passed from Browser"
},
"userLangauge": {
"type": "string",
"example": "EN",
"description": "Language passed in request"
}
}
}
{
"type": "object",
"properties": {
"firstName": {
"type": "string",
"description": "first name of customer"
},
"fullName": {
"type": "string",
"description": "customer full name"
},
"lastName": {
"type": "string",
"description": "last name of customer"
},
"middleName": {
"type": "string",
"description": "middle name of customer"
},
"motherMaidenName": {
"type": "string",
"description": "mother maiden name of customer"
},
"suffix": {
"type": "string",
"description": "customer suffix"
}
}
}
{
"type": "object",
"properties": {
"accountId": {
"type": "string",
"description": "Alternate to account number coming from Cards ESB"
},
"accountType": {
"type": "string",
"description": "This will specify if the card is Debit card / Credit Card."
},
"associationNetwork": {
"type": "string",
"description": "It is the card associated network i.e. Visa or Mastercard et"
},
"communicationChannels": {
"type": "array",
"items": {
"$ref": "#/definitions/CommunicationChannels"
}
},
"customerInformation": {
"$ref": "#/definitions/LoginCustomerInformation"
},
"displayAccountNumber": {
"type": "string",
"description": "This is the Credit Card/Debit Card Number"
},
"productCode": {
"type": "string",
"description": "This will specify the code associated to the product type"
},
"productType": {
"type": "string",
"description": "This defines the type of card like Blue, gold etc."
},
"questionList": {
"type": "array",
"items": {
"$ref": "#/definitions/SecurityQuestions"
}
}
}
}
{
"type": "object",
"properties": {
"clientDetails": {
"$ref": "#/definitions/ClientDetails"
},
"clientDetailsSdk": {
"type": "string",
"description": "This is specific to RSA SDK JSON string values and constitutes of the elements in appendix."
},
"hmac": {
"type": "string",
"description": "The check digit of the symmetric key used to compare with the check digit value of the decrypted AES key in server."
},
"keyIndex": {
"type": "string",
"description": "The symmetric key encrypted with static RSA public key .This is a dynamic key for every session,"
},
"loginInformation": {
"$ref": "#/definitions/CustomerCredentialInformation"
},
"transactionMemo": {
"type": "string",
"example": "WALLET_REGISTRATION",
"description": "This specifies the below login context events. 1. GenerateOTP 2. GenerateNetKey"
},
"walletServiceProviderId": {
"type": "string",
"example": "APPLE_PAY",
"description": "It is the ID assigned for a Wallet Service Provider for the Wallet where CITI cards are provisioned , values=[APPLE_PAY, SAMSUNG_PAY, ANDROID_PAY, CITI_HCE_PAY, ALL_WALLETS, CITI_WALLET]"
}
}
}
{
"type": "object",
"properties": {
"accountEligibilityFlag": {
"type": "boolean",
"example": false,
"description": "Specifies if user has at least one valid card to tokenize. This is returned only when transactionMemo=WALLET_REGISTRATION."
},
"ccsId": {
"type": "string",
"description": "This is the ID for CCS system (common credentials system)"
},
"challangeType": {
"type": "string",
"description": "Type of Challenge user has to be presented with eg. OTP/SQ/CVV_SQ/VRU"
},
"citiPayEnrollmentFlag": {
"type": "boolean",
"example": false,
"description": "Specifies if the customer is already enrolled in Citipay or not"
},
"fpanInformation": {
"$ref": "#/definitions/LoginFpanInformation"
},
"lastLoginTime": {
"type": "string",
"description": "Timestamp when the user last logged"
},
"mfaRequireFlag": {
"type": "boolean",
"example": false,
"description": "Specifies if Customer has to undergo Multi Factor Authentication. e. g. YES or NO. If DENY, user should NOT be treated as Authenticated and flow should end."
}
}
}
{
"type": "object",
"required": [
"activatedWalletInstanceCount",
"clientDetailsSDK",
"transactionMemo",
"walletServiceProviderId"
],
"properties": {
"activatedWalletInstanceCount": {
"type": "string",
"example": "4",
"description": "No of Activated Wallet Instances"
},
"clientDetailsSDK": {
"type": "string",
"description": "This is specific to RSA SDK JSON string values and constitutes of the elements in appendix."
},
"transactionMemo": {
"type": "string",
"example": "WALLET_REGISTRATION",
"description": "The Wallet Event initiated by user which triggered MFA Challenge."
},
"walletServiceProviderId": {
"type": "string",
"example": "APPLE_PAY",
"description": "It is the ID assigned for a Wallet Service Provider for the Wallet where CITI cards are provisioned.values=[APPLE_PAY, SAMSUNG_PAY, ANDROID_PAY, CITI_HCE_PAY, ALL_WALLETS, CITI_WALLET]"
}
}
}
{
"type": "object",
"properties": {
"challengeType": {
"type": "string",
"example": "OTP/CVV/SQ/CVV_SQ",
"description": "Type of Challenge user has to be presented with eg. OTP/CVV/SQ/CVV_SQ"
},
"communicationChannels": {
"$ref": "#/definitions/CommunicationChannels"
},
"fpanInformation": {
"$ref": "#/definitions/MfaFpanInforamtion"
},
"mfaActionFlag": {
"type": "boolean",
"example": false,
"description": "Specifies if Customer has to undergo Multi Factor Authentication. e. g. YES or NO. If DENY, user should NOT be treated as Authenticated and flow should end."
},
"securityQuestions": {
"$ref": "#/definitions/SecurityQuestions"
},
"tokenApprovalInformation": {
"type": "string",
"example": "Success",
"description": "This element contains the object of session validation variables."
}
}
}
{
"type": "object",
"properties": {
"accountId": {
"type": "string",
"example": "0000002312300",
"description": "Citi Account Number (FPAN) alternate Identifier."
},
"accountType": {
"type": "string",
"example": "CREDIT",
"description": "Customer Plastic Card Type e.g: CREDIT"
},
"displayAccountNumber": {
"type": "string",
"example": "5678",
"description": "Last 4 digits of Citi Account Number (FPAN)."
},
"productCode": {
"type": "string",
"example": "083",
"description": "The Product Code of the Default Credit Account linked to the customer Profile."
},
"productType": {
"type": "string",
"example": "MP",
"description": "The Product Type of the Default Credit Account linked to the customer Profile."
}
}
}
{
"type": "object",
"required": [
"accountId",
"accountType",
"displayAccountNumber"
],
"properties": {
"accountId": {
"type": "string",
"example": "34rwer3rwer343",
"description": "Citi Account Number (FPAN) alternate Identifier."
},
"accountType": {
"type": "string",
"example": "CREDIT",
"description": "Customer Plastic Card Type",
"enum": [
"CREDIT",
"DEBIT"
]
},
"displayAccountNumber": {
"type": "string",
"example": "3423433212124444",
"description": "Last 4 digits of Citi Account Number (FPAN)."
}
}
}
{
"type": "object",
"properties": {
"customerInformation": {
"$ref": "#/definitions/CustomerInformation"
}
}
}
{
"type": "object",
"properties": {
"questionId": {
"type": "string",
"description": "This is the id generated for the question"
},
"questionText": {
"type": "string",
"description": "This is the text of the question"
}
}
}
{
"type": "object",
"required": [
"ccsId",
"channelType",
"hmac",
"transactionMemo",
"walletServiceProviderId"
],
"properties": {
"authenticationKey": {
"type": "string"
},
"ccsId": {
"type": "string",
"example": "This is the ID for CCS system (common credentials system)",
"description": "mode in which the otp has to send to user"
},
"challengeType": {
"type": "string",
"description": "Type of Challenge user has to be presented with"
},
"channelType": {
"type": "string",
"example": "SMS",
"description": "mode in which the otp has to send to user"
},
"fpanInformation": {
"$ref": "#/definitions/OtpFpanInformation"
},
"hmac": {
"type": "string",
"example": "4wre34rewf3rw3r",
"description": "HMAC_256 value of the encrypted sensitive data."
},
"transactionMemo": {
"type": "string",
"example": "ENROLLCARD",
"description": "Type of the specific transaction."
},
"userId": {
"type": "string",
"description": "cbol id of customer"
},
"userType": {
"type": "string",
"description": "customer type"
},
"walletServiceProviderId": {
"type": "string",
"example": "APPLE_PAY",
"description": "It is the ID assigned for a Wallet Service Provider for the Wallet where CITI cards are provisioned, values=[APPLE_PAY, SAMSUNG_PAY, ANDROID_PAY, CITI_HCE_PAY, ALL_WALLETS, CITI_WALLET]"
}
}
}
{
"type": "object",
"required": [
"tokenApprovalInformation"
],
"properties": {
"tokenApprovalInformation": {
"type": "string",
"example": "Sucess",
"description": "This element contains the object of session validation variables."
}
}
}
{
"type": "object",
"required": [
"basicServiceSetId",
"serviceSetId",
"signalStrength",
"stationName",
"wifiChannel"
],
"properties": {
"basicServiceSetId": {
"type": "string",
"description": "The basic service set identification (BBSID) for each basic service set."
},
"serviceSetId": {
"type": "string",
"example": "SignOff",
"description": "The Service Set Identifier (SSID)."
},
"signalStrength": {
"type": "string",
"description": "The wireless signal strength in the database management system."
},
"stationName": {
"type": "string",
"description": "The Wi-Fi station name."
},
"wifiChannel": {
"type": "string",
"description": "The Wi-Fi band is divided into multiple channels, each with different frequencies. This element defines which channel is currently being used by the Wi-Fi connection."
}
}
}