Paths
/v3/channels/bne/legacy/authenticate/login
This API is to authenticate customer
Random 128 bit UUID generated uniquely for every request from the Customer, which will represent transaction unique identifier and it is recommended to send.
Session is generated and returned on the first API call as response header, which needs to be resent on succesive calls of same session
Language to be send to the backend systems mus bw ‘es’ for spanish and ‘en’ for english
{
"default": "es"
}2 character ISO country code
{
"default": "MX"
}3 character business code
{
"default": "GCB"
}channel ID used by the user, it is required for the first call in a new session.
The client ID you received during application registration in the developer portal
Bearer token aquired from APIM token endpoint
Content-Types that are sent in the request
{
"default": "application\/json"
}Content-Types that are acceptable for the response.
Encoding types accepted for the request. Used for MX RSA risk scoring evaluation.
This request is to authenticate customer
Authentication Successful
| Type | Code | Details |
| error | invalidRequest | Missing or invalid Parameters |
| error | userAccountNotActive | 180-account not active |
| error | userAccountLocked | 15-account locked | error | passwordExpired | 9-password has expired |
| error | credentialValidationFailed | 20-master validation failure |
| error | cannotDecryptData | 620-Cannot decrypt, please re-check the encrypted value |
| error | aliasNotFound | Alias not found |
| error | aliasNotFound | Alias not found |
| Type | Code | Details |
| error | unAuthorized | Authorization credentials are missing or invalid |
| Type | Code | Details |
| error | accessNotConfigured | The request operation is not configured to access this resource |
| Type | Code | Details |
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability | fatal | backendError | Failed during a call to backend service |
/v4/channels/bne/legacy/authenticate/login
This API is to authenticate customer using STS E2EE for password encryption
Random 128 bit UUID generated uniquely for every request from the Customer, which will represent transaction unique identifier and it is recommended to send.
Session is generated and returned on the first API call as response header, which needs to be resent on succesive calls of same session
Language to be send to the backend systems mus bw ‘es’ for spanish and ‘en’ for english
{
"default": "es"
}2 character ISO country code
{
"default": "MX"
}3 character business code
{
"default": "GCB"
}channel ID used by the user, it is required for the first call in a new session.
The client ID you received during application registration in the developer portal
Bearer token aquired from APIM token endpoint
Content-Types that are sent in the request
{
"default": "application\/json"
}This request is to authenticate customer
Authentication Successful
| Type | Code | Details |
| error | invalidRequest | Missing or invalid Parameters |
| error | userAccountNotActive | 180-account not active |
| error | userAccountLocked | 2960-account locked | error | passwordExpired | 9-password has expired |
| error | credentialValidationFailed | 0050-master validation failure |
| error | cannotDecryptData | 620-Cannot decrypt, please re-check the encrypted value |
| error | aliasNotFound | Alias not found |
| Type | Code | Details |
| error | unAuthorized | Authorization credentials are missing or invalid |
| Type | Code | Details |
| error | accessNotConfigured | The request operation is not configured to access this resource |
| Type | Code | Details |
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability | fatal | backendError | Failed during a call to backend service |
/v2/channels/bne/legacy/authenticate/password
This API is to change corporate customer password, using STS E2EE for password encryption and validating the new password againts the customer's last 6 passwords History
Random 128 bit UUID generated uniquely for every request from the Customer, which will represent transaction unique identifier and it is recommended to send.
Session is generated and returned on the first API call as response header, which needs to be resent on succesive calls of same session
2 character ISO country code
{
"default": "MX"
}3 character business code
{
"default": "GCB"
}channel ID used by the user, it is required for the first call in a new session.
The client ID you received during application registration in the developer portal
Bearer token aquired from APIM token endpoint
Content-Types that are sent in the request
{
"default": "application\/json"
}This request is used to change the password of corporate banking customer
Successful Change of Password
Bad Request
| Type | Code | Details |
| invalid | invalidRequest | Missing or invalid Parameters |
| invalid | invalidCredentials | Credentials used in the request are invalid | invalid | repeatedPassword | API found that newPassword was already used before in one of the last 6 password used by Cstomer |
| error | cannotDecryptData | 620-Cannot decrypt, please re-check the encrypted values |
Unauthorized
| Type | Code | Details |
| error | unAuthorized | Authorization credentials are missing or invalid |
| Type | Code | Details |
| error | accessNotConfigured | The request operation is not configured to access this resource |
| Type | Code | Details |
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability | fatal | backendError | Failed during a call to backend service |
/v1/x-global/security/user/corporate/session/validate
Validate the session in a specific backend.
This API is meant to validate the session for a specific system and promote the scope to Customer
A 128 bit universally unique identifier (UUID) that you generate for every request and is used for tracking. It is recommended to use the output from Java UUID class or an equivalent.If not provided by, PSG will automatically inject one.
{
"default": "a7d1e304-83a9-4413-af97-62615e57eae66807840"
}Session is generated and returned on the first API call as response header, which needs to be resent on succesive calls of same session
Content-Types that are acceptable for the response. Currently we support application/json by default.
{
"default": "application\/json"
}application/json.If not provided, PSG will automatically inject default (application/json)
{
"default": "application\/json"
}HTTP Accept-Language header.If not provided, PSG will automatically inject default (application/json)
{
"default": "en-US"
}2 character ISO country code.If not provided, PSG will automatically inject default (MX)
{
"default": "MX"
}3 character business code.If not provided, PSG will automatically inject default (GCB)
{
"default": "GCB"
}channel Id used by the user.
The client ID you received during application registration in the developer portal
Bearer token aquired from APIM token endpoint
Request object with the data to validate the session
Session Validated successfully
(BAD REQUEST) - Request was not processed
| Type | Code | Details |
| invalid | invalidRequest | Missing or invalid Parameters |
| invalid | invalidHMAC | 629-HMAC comparison failed |
| invalid | invalidServerRandom | 630-EventID/Server random comparison failed |
| error | cannotDecryptData | 620-Cannot decrypt, please re-check the encrypted value. |
| Type | Code | Details |
| error | unAuthorized | Invalid session |
(FORBIDDEN) - Unauthorized to perform the requested operation on resource
| Type | Code | Details | More Info |
| invalid | accessNotConfigured | The request operation is not configured to access this resource | Channel/Country/Business provided in the request is not supported currently |
| Type | Code | Details |
| error | notFound | API not found |
(INTERNAL SERVER ERROR) - API Server Error
| Type | Code | Details |
| fatal | serverUnavailable | The request failed due to an internal error/server unavailability |
| error | hostSystemNotSupported | Host backend system not supported. |
Definitions
{
"type": "object",
"required": [
"customerCredentials",
"sessionRequired",
"device"
],
"properties": {
"sessionRequired": {
"type": "boolean",
"default": true,
"description": "To create a session in Backend Systems, this is always true"
},
"customerCredentials": {
"$ref": "#/definitions/Credentials"
},
"device": {
"$ref": "#/definitions/device"
}
}
}
{
"type": "object",
"required": [
"loginId",
"loginIdType",
"legalRepresentativeId",
"encryptedPasswordText"
],
"properties": {
"loginId": {
"type": "string",
"description": "cusmtomer client number or alias",
"maxLength": 12
},
"loginIdType": {
"type": "string",
"enum": [
"ALIAS",
"CUSTOMER_NUM"
],
"description": "type of login ID used to authenticate",
"maxLength": 11
},
"legalRepresentativeId": {
"type": "string",
"description": "representative number",
"maxLength": 2,
"minLength": 2
},
"encryptedPasswordText": {
"type": "string",
"description": "\"E2EE encrypted customer password, must be Alphanumeric. The first 2 must be numeric and the last 6 must be alphanumeric\"\n",
"maxLength": 8,
"minLength": 8
},
"applicationUrl": {
"type": "string",
"description": "application url"
}
}
}
{
"properties": {
"devicePrint": {
"description": "The device printId for Cyota request",
"type": "string"
},
"deviceTokenCookie": {
"description": "devicetokencookie to be passed for all request excluding first request.",
"type": "string"
},
"userAgent": {
"description": "userAgent of the device.",
"type": "string"
},
"ipAddress": {
"type": "string",
"description": "Client IP address"
},
"hardwareId": {
"type": "string",
"description": "Mobile Hardware Id"
},
"simId": {
"type": "string",
"description": "Mobile Sim Id"
}
}
}
{
"type": "object",
"required": [
"passwordExpiryDate",
"contingency",
"lastLoginDate",
"lastLoginTime",
"lastChannelId",
"stationName",
"virtualAccountExistsFlag",
"dataCenterLocation",
"customerService",
"products",
"fullName"
],
"properties": {
"passwordExpiryDate": {
"type": "string",
"description": "Customer expiration date in format YYYY-MM-DD",
"pattern": "date"
},
"contingency": {
"type": "string",
"enum": [
"OK",
"DUMMY"
],
"default": "OK",
"description": "flag to determine whether the SPA service is down and you have to send a dummy Challenge"
},
"lastLoginDate": {
"type": "string",
"description": "Customer Last Date access logged in whenever channel in format YYYY-MM-DD",
"format": "Date"
},
"lastLoginTime": {
"type": "string",
"description": "Customer Last time access logged in whenever channel in format HH:mm"
},
"lastChannelId": {
"type": "string",
"description": "Customer last channel id logged"
},
"stationName": {
"type": "string",
"description": "Station Name to use in challenge"
},
"dataCenterLocation": {
"description": "CSI register customer",
"type": "string"
},
"fullName": {
"description": "Customer full name",
"type": "string"
},
"virtualAccountExistsFlag": {
"description": "Field to know if the Customer have Virtual Accounts",
"type": "boolean"
},
"lastUpdatedDate": {
"description": "Last Updated Date",
"type": "string",
"format": "Date"
},
"products": {
"type": "array",
"items": {
"$ref": "#/definitions/Product"
}
},
"legalRepresentativeData": {
"$ref": "#/definitions/Representative"
},
"customerService": {
"type": "array",
"items": {
"$ref": "#/definitions/Service"
},
"description": "If enrolment notification is present or not"
}
}
}
{
"properties": {
"legalRepresentativeName": {
"description": "Executive Name",
"type": "string"
},
"legalRepresentativeId": {
"description": "Number of representative",
"type": "string"
}
}
}
{
"properties": {
"productTypeCode": {
"description": "product Type Code",
"type": "integer"
},
"productSubtypeCode": {
"description": "product Sub type Code",
"type": "integer"
},
"totalrelatedAccountsCount": {
"description": "total related Accounts Count",
"type": "integer"
}
}
}
{
"required": [
"customerServiceNumber",
"customerServiceType"
],
"properties": {
"customerServiceNumber": {
"type": "string",
"description": "Id of bank service used by customer"
},
"customerServiceType": {
"type": "string",
"description": "type of bank service used by customer"
}
}
}
{
"type": "object",
"required": [
"newPassword",
"oldPassword"
],
"properties": {
"newPassword": {
"type": "string",
"description": "E2EE encryptrd new Password to set."
},
"oldPassword": {
"type": "string",
"description": "E2EE encrypted Old Password."
}
}
}
{
"type": "object",
"required": [
"customerId",
"legalRepresentativeId",
"sessionContext"
],
"properties": {
"customerId": {
"type": "string",
"description": "this is the customer Id of client",
"example": "972831"
},
"legalRepresentativeId": {
"type": "string",
"description": "legal representative of client",
"example": "01"
},
"sessionContext": {
"type": "string",
"description": "this is the session context with a length 49 positions",
"example": "000026202T2603C6202000010000000000000000000000000"
}
}
}
{
"properties": {
"type": {
"description": "Invalid - Request did not confirm to the specification and was unprocessed and rejected. Please fix the value and try again",
"enum": [
"error",
"warn",
"invalid",
"fatal"
],
"type": "string"
},
"code": {
"description": "Error code which qualifies the error",
"type": "string"
},
"details": {
"description": "Human readable explanation specific to the occurrence of the problem",
"type": "string"
},
"location": {
"description": "The name of the field that resulted in the error",
"type": "string"
},
"moreInfo": {
"description": "URI to human readable documentation of the error",
"type": "string"
}
},
"required": [
"type",
"code",
"details"
]
}
{
"required": [
"code",
"type",
"details",
"location",
"moreInfo",
"uuid",
"timestamp"
],
"properties": {
"type": {
"type": "string",
"description": "
invalid - Request did not confirm to the specification and was unprocessed & rejected. Please fix the value and try again
warn - Request was partially processed. E.g. some of the fields are missing in response to the system issues, request was accepted successfully but will be processed asynchronously
error - The request was accepted but could not be processed successfully
fatal - There was an internal system error while processing the request. These are technical errors and will be resolved by Citi, and the consumer should retry after some time. Business errors will not be categorized as fatal ",
"enum": [
"error",
"warn",
"invalid",
"fatal"
]
},
"code": {
"type": "string",
"description": "Error code which qualifies the error"
},
"details": {
"type": "string",
"description": "Human readable explanation specific to the occurrence of the problem"
},
"location": {
"type": "string",
"description": "The name of the field that resulted in the error"
},
"moreInfo": {
"type": "string",
"description": "URI to human readable documentation or detailed description of the error"
},
"uuid": {
"type": "string",
"description": "128 bit UUID that you generate for every request"
},
"timestamp": {
"type": "string",
"description": "Timestamp of the error"
}
}
}