[GNC] AqBanking help for Citi CC

David Reiser dbreiser at icloud.com
Wed Oct 24 12:47:40 EDT 2018 

My experience this week suggests that your Application Version setting is at least sufficient to cause your problem. Direct connection from gnucash to citicards stopped working for me earlier this year, and any time I attempted to make the connection, Citi decided someone was trying break into my account and a couple hours later would require me to reset my password (providing erroneous information about what constituted a valid password, argh). Since Citi would never tell me why they thought someone was trying to break into my account, I gave up on them after a while.

But when Chase stopped responding to requests for transaction data from gnucash this week, I figured out that something else was amiss. Quicken has always disabled data connections after 3-3.5 years from any version release. They’ll give you an informative message if you’re using Quicken, but either aqbanking or gnucash  haven’t handled such messages. I had been running with AppVer=2500. I changed that to 2700 last night and both Chase and Citicards resumed working from within gnucash. I believe Quicken 2019 is AppVer=2800, but I’m not sure.
--
Dave Reiser
dbreiser at icloud.com





> On Oct 24, 2018, at 10:17 AM, Fross, Michael <michael at fross.org> wrote:
> 
> Hello Jim,
> 
> This is great news.  I had the Citibank Credit Card download working for
> years, but it broke early this year.  I've attempted to setup GNUCash based
> on the above, but continue to struggle.  I receive the following error
> during the initial bank connection:
> 
> *Error on gnutls_bye: -24 (Decryption has failed.)*
> 
> After looking at your OFX settings above, I used the following during the
> GNUCash setup:
> 
>   - Create User - Select OFX
>   - Bank Name:  Citi Credit Card
>   - Broker Id:
>   - FID: 24909
>   - ORG: Citigroup
>   - Server URL: https://www.accountonline.com/cards/svc/CitiOfxManager.do
>   - User Name: myusername
>   - User Id: myusername<space>    <--- I added a space per your comments
>   - Client UID:
>   - Emulated App: Quicken 2013
>   - Application ID: QWIN
>   - Application Version: 2400
>   - Header Version: 103
> 
> After accepting the certificate , the log window has that error.  If I
> retrieve accounts after this, I get the following:
> 
> 09:12:27 Sending request...
> 09:12:27 Using GnuTLS default ciphers.
> 09:12:28 TLS: SSL-Ciphers negotiated: TLS1.2:ECDHE-RSA-AES-256-GCM:AEAD
> 09:12:28 Signer not found
> 09:12:28 Certificate is not trusted
> 09:13:31 Waiting for response...
> 09:13:31 No message received
> 09:13:31 Network error while waiting for response
> 09:13:31 Operation finished, you can now close this window.
> 
> I have a long password, but no special characters in it.  I'm on windows
> and need to read up a bit more on how to get the OFX.log.  Setting the ENV
> variable and starting GNUCash from the command session didn't seem to
> produce one.
> 
> I appreciate the guidance and the time.  I'm sure a lot of people use Citi
> Cards and your debugging can benefit a lot of people.  Can you provide any
> differences in your GNUCash config settings that what I have above?  I've
> tried a few variations but to no avail.
> 
> Thank you!
> 
> Michael
> 
> 
> On Tue, Oct 23, 2018 at 11:12 PM Jim Maki via gnucash-user <
> gnucash-user at gnucash.org> wrote:
> 
>> I just successfully set up GnuCash to download Citi credit card data
>> using AqBanking - for now all you have to do is add a space to the end
>> of your userid (assuming everything else is correct).The issue seems to
>> be with Citi ...
>> 
>> When it consistently failed with code 403, I turned on OFX logging
>> (export AQOFX_LOG_COMM=1), snagged the OFX request (from /tmp/ofx.log),
>> formatted it to make it more readable, and created a bash script using
>> curl to make the OFX request. Paradoxically it worked while the
>> equivalent un-beautified GnuCash request failed.
>> 
>> After little debugging, the key lines in the GnuCash ofx.log were:
>> 
>> ================== OFX ==================
>> ...
>> ... <USERID>myuserid
>> <USERPASS>mypassword
>> ...
>> ================== OFX ==================
>> 
>> The above will work if you add a space either at the end of the
>> "...<USERID>myuserid" line, or before "<USERPASS>" in the next line. At
>> the GnuCash user interface level that involves adding a trailing space
>> to the AqBanking userid for Citi.
>> 
>> For reference, below is the OFX template file I use to feed my
>> curl-based script. Eventually GnuCash makes an equivalent request.
>> (Again, eliminate the leading spaces before "<USERPASS>" and it, too
>> fails.)
>> 
>> ================== OFX ==================
>> OFXHEADER:100
>> DATA:OFXSGML
>> VERSION:103
>> SECURITY:NONE
>> ENCODING:USASCII
>> CHARSET:1252
>> COMPRESSION:NONE
>> OLDFILEUID:NONE
>> NEWFILEUID:$OFX_DATETIME
>> 
>> <OFX>
>> <SIGNONMSGSRQV1>
>> <SONRQ>
>> <DTCLIENT>$OFX_DATETIME
>> <USERID>$OFX_USER
>> <USERPASS>$OFX_PW
>> <LANGUAGE>ENG
>> <FI>
>> <ORG>$OFX_ORG
>> <FID>$OFX_FID
>> </FI>
>> <APPID>QWIN
>> <APPVER>2400
>> </SONRQ>
>> </SIGNONMSGSRQV1>
>> <CREDITCARDMSGSRQV1>
>> <CCSTMTTRNRQ>
>> <TRNUID>$OFX_DATETIME
>> <CLTCOOKIE>1
>> <CCSTMTRQ>
>> <CCACCTFROM>
>> <ACCTID>$OFX_ACCOUNT
>> </CCACCTFROM>
>> <INCTRAN>
>> <DTSTART>$OFX_STARTDATE
>> <DTEND>$OFX_ENDDATE
>> <INCLUDE>Y
>> </INCTRAN>
>> </CCSTMTRQ>
>> </CCSTMTTRNRQ>
>> </CREDITCARDMSGSRQV1>
>> </OFX>
>> ================== OFX ==================
>> 
>> If GnuCash did prettified SGML it would avoid this problem with Citi's
>> parsing.
>> 
>>   Jim
>> 
>> _______________________________________________
>> gnucash-user mailing list
>> gnucash-user at gnucash.org
>> To update your subscription preferences or to unsubscribe:
>> https://lists.gnucash.org/mailman/listinfo/gnucash-user
>> If you are using Nabble or Gmane, please see
>> https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
>> -----
>> Please remember to CC this list on all your replies.
>> You can do this by using Reply-To-List or Reply-All.
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> To update your subscription preferences or to unsubscribe:
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> If you are using Nabble or Gmane, please see https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.

More information about the gnucash-user mailing list