[GNC] AqBanking help for Citi CC (cont'd again)

David Reiser dbreiser at icloud.com
Mon Oct 28 22:32:16 EDT 2019 

> On Oct 22, 2019, at 12:33 AM, xngin <eugeniu at plamadeala.com> wrote:
> 
> Greetings everyone,
> 
> I'm happy to report a working Citi CC OFX Direct Connect through AqBanking.
> It took quite a bit of tinkering to figure out. For a while I was stuck on
> the fact that <TRNUID> had to be a UUID4, which AqBanking cannot produce,
> but it seems that Citi changed something and now it works as is.
> 
> It may be helpful for me to mention that I first discovered the correct OFX
> request, and then got AqBanking working. A working OFX request is included
> at the bottom of this message. Unfortunately, it has been a while since I
> stumbled upon it and I vaguely recall that the request alone was not enough.
> I am speculating now, but I think I had to enable that 10 minute window
> mentioned in the thread and during it send a simple signon request (with no
> transaction/statement request field). Only after it returned a success was I
> able to request data.
> 
> In terms of submitting the request, I have a few working options: 
> 1) a POST request with the following headers 'Content-Type':
> "application/x-ofx", 'User-Agent':"InetClntApp/3.0", "Accept":"*/*"
> 2) a call to ofxget (part of ofxtools) with the following configuration file
> (~/.config/ofxtools/ofxget.cfg):
> 
> [citi]
> version = 103
> appver = 2500
> creditcard = # 16 digit credit card number # 
> org = Citigroup
> fid = 24909
> user = #username#
> url = https://mobilesoa.citi.com/CitiOFXInterface
> pretty = true
> unclosedelements = true
> 
> 3) AqBanking v5.7.8 with the following configuration file:
> ~/.aqbanking/settings/users/uid0001.conf
> 
> int  uniqueId="58"
> char backendName="aqofxconnect"
> char userName="username"
> char userId="username "
> char customerId="username "
> char country="us"
> char bankCode="0000000000"
> int  lastSessionId="0"
> 
> data {
>  backend {
>    char bankName="Citi Credit Card"
>    char org="Citigroup"
>    char fid="24909"
>    char serverAddr="https%3A%2F%2Fmobilesoa.citi.com%2FCitiOFXInterface"
>    char appId="QWIN"
>    char appVer="2500"
>    char headerVer="103"
>    char clientUid="a fixed UUID4 string"
>    int  httpVMajor="0"
>    int  httpVMinor="0"
>  } #backend
> } #data
> 
> 
> 
> Finally, here is the working OFX request. If you find this information
> useful, please consider adding it to the GnuCash wiki.
> 
> OFXHEADER:100
> DATA:OFXSGML
> VERSION:103
> SECURITY:NONE
> ENCODING:USASCII
> CHARSET:1252
> COMPRESSION:NONE
> OLDFILEUID:NONE
> NEWFILEUID:#random uuid4 or just some random large integer, like
> 20180912052115#
> 
> <OFX>
>    <SIGNONMSGSRQV1>
>    <SONRQ>
>        <DTCLIENT>20191020111537.000
>        <USERID>#username#
>        <USERPASS>#passsword#
>        <LANGUAGE>ENG
>        <FI><ORG>Citigroup<FID>24909</FI>
>        <APPID>QWIN
>        <APPVER>2500
>        <CLIENTUID>#uuid4, i keep it fixed between sessions, but don't
> recall setting it#
>    </SONRQ>
>    </SIGNONMSGSRQV1>
>    <CREDITCARDMSGSRQV1>
>    <CCSTMTTRNRQ>
>    <TRNUID>20191021211537.000
>    <CLTCOOKIE>1
>    <CCSTMTRQ>
>        <CCACCTFROM><ACCTID># 16 digit credit card number#</CCACCTFROM>
>        <INCTRAN>
>        <DTSTART>20191012000000
>        <DTEND>20191019111537
>        <INCLUDE>Y</INCTRAN>
>    </CCSTMTRQ>
>    </CCSTMTTRNRQ>
>    </CREDITCARDMSGSRQV1>
> </OFX>
> 

It’s nice to be proven wrong on this…

For me the keys were changing the OFX Server URL in the Bank Settings tab of the Edit User function in the Aqbanking Setup Wizard to:
https://mobilesoa.citi.com/CitiOFXInterface <https://mobilesoa.citi.com/CitiOFXInterface>
Then using a web browser to log into Citicards and setting the 10 minute validation window,
and going back to the Aqbanking setup (same Bank Settings tab in Edit User) and clicking the [Retrieve Account List]

I have the Application Version (<APPVER> in OFX-speak) set to 2700. That shows up as Quicken 2018. The APPVER of 2500 in the example above is close, if not already over, the sunset Quicken puts on downloadable transactions after 3 years. No telling how this all will work when Quicken goes to subscription-only next year.

Hitting the [Retrieve Account List] button may not be necessary vs. just kicking off a normal data connection. But there is some chatter in the Quicken user community that you can’t ask for a transaction download during the connection request with Citi’s 10-minute validation window open. Using the button worked for me. I didn’t need the new account list from Citi, as my old account definition still worked once I got the server address fixed.

I didn’t have to mess with NEWFILEID, as aqbanking’s default works fine for me. (That changes with every connection, so I’m happy not to mess with it.)


--
Dave Reiser
dbreiser at icloud.com

More information about the gnucash-user mailing list