production
development
https://emea.sandbox.api.citi.com/gcb
Custom Gateway API Endpoint
Paths
/v1/gb/auth/clients/register/{countryCode}/{businessCode}
post /v1/gb/auth/clients/register/{countryCode}/{businessCode}
Regulatory
Register a client by way of a Software Statement Assertion
Endpoint will be secured by way of Mutual Authentication over TLS
Authorization
Required in header
string
HTTP Basic authentication by passing base64 encoded value of the access_token.
Accept
Required in header
string
Content-Type that are acceptable for the response.
client_id
Required in header
string
Client ID generated during application registration.
Content-Type
Required in header
string
application/json
businessCode
Required in path
string
businessCode
countryCode
Required in path
string
DynamicClientRegistrationRequest
Required in body
object
DynamicClientRegistrationRequest
201
Successful operation.
400
Attribute description not found
Example Request
Example Response
POST https://emea.sandbox.api.citi.com/gcb/api/v1/gb/auth/clients/register/{countryCode}/{businessCode}
/v1/gb/auth/clients/register/{client_id}
get /v1/gb/auth/clients/register/{client_id}
Regulatory
Get a client by way of Client ID
oauth-1
oauth-1
(oauth2 application)
Token URL
https://emea.sandbox.api.citigroup.net/gcb/internal/confidential/clientCredentials/oauth2/token/gb/ipb
Scopes
/api
Authorization
Required in header
string
HTTP Basic authentication by passing base64 encoded value of the access_token.
Accept
Required in header
string
Content-Type that are acceptable for the response.
client_id
Required in path
string
This refer to the unique client id for this information is require
Content-Type
Required in header
string
application/json
200
Successful operation.
401
Attribute description not found
403
Attribute description not found
Example Request
Example Response
GET https://emea.sandbox.api.citi.com/gcb/api/v1/gb/auth/clients/register/{client_id}
put /v1/gb/auth/clients/register/{client_id}
Regulatory
Update a client by way of Client ID
oauth-1
oauth-1
(oauth2 application)
Token URL
https://emea.sandbox.api.citigroup.net/gcb/internal/confidential/clientCredentials/oauth2/token/gb/ipb
Scopes
/api
UpdateDynamicClientGbRegistrationRequest
Required in body
object
UpdateDynamicClientGbRegistrationRequest
client_id
Required in path
string
Client ID generated during application registration.
Authorization
Required in header
string
An Authorisation Token as per https://tools.ietf.org/html/rfc6750
Content-Type
Optional in header
string
application/jwt
Accept
Optional in header
string
application/json
200
Successful operation.
400
Attribute description not found
401
Attribute description not found
403
Attribute description not found
Example Request
Example Response
PUT https://emea.sandbox.api.citi.com/gcb/api/v1/gb/auth/clients/register/{client_id}
delete /v1/gb/auth/clients/register/{client_id}
Regulatory
Delete a client by way of Client ID
oauth-1
oauth-1
(oauth2 application)
Token URL
https://emea.sandbox.api.citigroup.net/gcb/internal/confidential/clientCredentials/oauth2/token/gb/ipb
Scopes
/api
Authorization
Required in header
string
HTTP Basic authentication by passing base64 encoded value of the access_token.
Accept
Required in header
string
Content-Type that are acceptable for the response.
client_id
Required in path
string
This refer to the unique client id for this information is require
Content-Type
Required in header
string
application/json
204
Client deleted
401
Attribute description not found
403
Attribute description not found
405
Attribute description not found
Example Request
Example Response
DELETE https://emea.sandbox.api.citi.com/gcb/api/v1/gb/auth/clients/register/{client_id}
Definitions
{
"type": "string",
"enum": [
"RS256",
"PS256",
"ES256"
]
}
{
"type": "object",
"required": [
"redirect_uris",
"token_endpoint_auth_method",
"grant_types",
"scope",
"software_statement",
"application_type",
"id_token_signed_response_alg",
"request_object_signing_alg"
],
"properties": {
"client_id": {
"description": "OAuth 2.0 client identifier string",
"type": "string",
"minLength": 1,
"maxLength": 36
},
"client_secret": {
"description": "OAuth 2.0 client secret string",
"type": "string",
"minLength": 1,
"maxLength": 36
},
"client_id_issued_at": {
"description": "Time at which the client identifier was issued expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC",
"type": "integer",
"format": "int32",
"minimum": 0
},
"client_secret_expires_at": {
"description": "Time at which the client secret will expire expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC. Set to 0 if does not expire",
"type": "integer",
"format": "int32",
"minimum": 0
},
"redirect_uris": {
"type": "array",
"items": {
"type": "string",
"format": "uri",
"minLength": 1,
"maxLength": 256
}
},
"token_endpoint_auth_method": {
"type": "string",
"enum": [
"private_key_jwt",
"client_secret_jwt",
"client_secret_basic",
"client_secret_post",
"tls_client_auth"
]
},
"grant_types": {
"type": "array",
"items": {
"type": "string",
"enum": [
"client_credentials",
"authorization_code",
"refresh_token"
]
},
"minItems": 1
},
"response_types": {
"type": "array",
"items": {
"type": "string",
"enum": [
"code",
"code id_token"
]
}
},
"software_id": {
"type": "string",
"minLength": 1,
"maxLength": 22,
"pattern": "^[0-9a-zA-Z]{1,22}$"
},
"scope": {
"type": "string",
"minLength": 1,
"maxLength": 256
},
"software_statement": {
"type": "string",
"format": "JWT"
},
"application_type": {
"type": "string",
"enum": [
"web",
"mobile"
]
},
"id_token_signed_response_alg": {
"$ref": "#/definitions/SupportedAlgorithms"
},
"request_object_signing_alg": {
"$ref": "#/definitions/SupportedAlgorithms"
},
"token_endpoint_auth_signing_alg": {
"$ref": "#/definitions/SupportedAlgorithms"
},
"tls_client_auth_subject_dn": {
"type": "string",
"minLength": 1,
"maxLength": 128
}
}
}
{
"allOf": [
{
"type": "object",
"required": [
"iss",
"iat",
"exp",
"aud",
"jti"
],
"properties": {
"iss": {
"description": "Unique identifier for the TPP. Implemented as Base62 encoded GUID",
"type": "string",
"pattern": "^[0-9a-zA-Z]{1,22}$",
"minLength": 1,
"maxLength": 22
},
"iat": {
"description": "The time at which the request was issued by the TPP expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC",
"type": "integer",
"format": "int32"
},
"exp": {
"description": "The time at which the request expires expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC",
"type": "integer",
"format": "int32"
},
"aud": {
"description": "The audience for the request. This should be the unique identifier\nfor the ASPSP issued by the issuer of the software statement.\nImplemented as Base62 encoded GUID\n",
"type": "string",
"pattern": "^[0-9a-zA-Z]{1,18}$",
"minLength": 1,
"maxLength": 18
},
"jti": {
"description": "Unique identifier for the JWT implemented as UUID v4",
"type": "string",
"pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$",
"minLength": 36,
"maxLength": 36
}
}
},
{
"$ref": "#/definitions/OBRegistrationProperties1"
}
]
}
{
"type": "object",
"required": [
"error"
],
"properties": {
"error": {
"type": "string",
"enum": [
"invalid_redirect_uri",
"invalid_client_metadata",
"invalid_software_statement",
"unapproved_software_statement"
]
},
"error_description": {
"type": "string",
"minLength": 1,
"maxLength": 500
}
}
}
JWT format of OBClientRegistration1
{
"type": "string",
"format": "OBClientRegistration1"
}
Client registration
{
"allOf": [
{
"$ref": "#/definitions/OBRegistrationProperties1"
}
]
}
Client registration
{
"allOf": [
{
"$ref": "#/definitions/OBRegistrationProperties1"
}
]
}
JWT format of OBClientRegistration1
{
"type": "string",
"format": "OBClientRegistration1"
}
Client registration
{
"allOf": [
{
"$ref": "#/definitions/OBRegistrationProperties1"
}
]
}