Re: [GNC] AqBanking help for Citi CC (cont'd again)
> On Oct 22, 2019, at 12:33 AM, xngin wrote:
>
> Greetings everyone,
>
> I'm happy to report a working Citi CC OFX Direct Connect through AqBanking.
> It took quite a bit of tinkering to figure out. For a while I was stuck on
> the fact that had to be a UUID4, which AqBanking cannot produce,
> but it seems that Citi changed something and now it works as is.
>
> It may be helpful for me to mention that I first discovered the correct OFX
> request, and then got AqBanking working. A working OFX request is included
> at the bottom of this message. Unfortunately, it has been a while since I
> stumbled upon it and I vaguely recall that the request alone was not enough.
> I am speculating now, but I think I had to enable that 10 minute window
> mentioned in the thread and during it send a simple signon request (with no
> transaction/statement request field). Only after it returned a success was I
> able to request data.
>
> In terms of submitting the request, I have a few working options:
> 1) a POST request with the following headers 'Content-Type':
> "application/x-ofx", 'User-Agent':"InetClntApp/3.0", "Accept":"*/*"
> 2) a call to ofxget (part of ofxtools) with the following configuration file
> (~/.config/ofxtools/ofxget.cfg):
>
> [citi]
> version = 103
> appver = 2500
> creditcard = # 16 digit credit card number #
> org = Citigroup
> fid = 24909
> user = #username#
> url = https://mobilesoa.citi.com/CitiOFXInterface
> pretty = true
> unclosedelements = true
>
> 3) AqBanking v5.7.8 with the following configuration file:
> ~/.aqbanking/settings/users/uid0001.conf
>
> int uniqueId="58"
> char backendName="aqofxconnect"
> char userName="username"
> char userId="username "
> char customerId="username "
> char country="us"
> char bankCode="00"
> int lastSessionId="0"
>
> data {
> backend {
>char bankName="Citi Credit Card"
>char org="Citigroup"
>char fid="24909"
>char serverAddr="https%3A%2F%2Fmobilesoa.citi.com%2FCitiOFXInterface"
>char appId="QWIN"
>char appVer="2500"
>char headerVer="103"
>char clientUid="a fixed UUID4 string"
>int httpVMajor="0"
>int httpVMinor="0"
> } #backend
> } #data
>
>
>
> Finally, here is the working OFX request. If you find this information
> useful, please consider adding it to the GnuCash wiki.
>
> OFXHEADER:100
> DATA:OFXSGML
> VERSION:103
> SECURITY:NONE
> ENCODING:USASCII
> CHARSET:1252
> COMPRESSION:NONE
> OLDFILEUID:NONE
> NEWFILEUID:#random uuid4 or just some random large integer, like
> 20180912052115#
>
>
>
>
>20191020111537.000
>#username#
>#passsword#
>ENG
>Citigroup24909
>QWIN
>2500
>#uuid4, i keep it fixed between sessions, but don't
> recall setting it#
>
>
>
>
>20191021211537.000
>1
>
># 16 digit credit card number#
>
>2019101200
>20191019111537
>Y
>
>
>
>
>
It’s nice to be proven wrong on this…
For me the keys were changing the OFX Server URL in the Bank Settings tab of
the Edit User function in the Aqbanking Setup Wizard to:
https://mobilesoa.citi.com/CitiOFXInterface
Then using a web browser to log into Citicards and setting the 10 minute
validation window,
and going back to the Aqbanking setup (same Bank Settings tab in Edit User) and
clicking the [Retrieve Account List]
I have the Application Version ( in OFX-speak) set to 2700. That shows
up as Quicken 2018. The APPVER of 2500 in the example above is close, if not
already over, the sunset Quicken puts on downloadable transactions after 3
years. No telling how this all will work when Quicken goes to subscription-only
next year.
Hitting the [Retrieve Account List] button may not be necessary vs. just
kicking off a normal data connection. But there is some chatter in the Quicken
user community that you can’t ask for a transaction download during the
connection request with Citi’s 10-minute validation window open. Using the
button worked for me. I didn’t need the new account list from Citi, as my old
account definition still worked once I got the server address fixed.
I didn’t have to mess with NEWFILEID, as aqbanking’s default works fine for me.
(That changes with every connection, so I’m happy not to mess with it.)
--
Dave Reiser
dbrei...@icloud.com
___
gnucash-user mailing list
gnucash-user@gnucash.org
To update your subscription preferences or to unsubscribe:
https://lists.gnucash.org/mailman/listinfo/gnucash-user
If you are using Nabble or Gmane, please see
https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
-
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Re: [GNC] AqBanking help for Citi CC (cont'd again)
Greetings everyone,
I'm happy to report a working Citi CC OFX Direct Connect through AqBanking.
It took quite a bit of tinkering to figure out. For a while I was stuck on
the fact that had to be a UUID4, which AqBanking cannot produce,
but it seems that Citi changed something and now it works as is.
It may be helpful for me to mention that I first discovered the correct OFX
request, and then got AqBanking working. A working OFX request is included
at the bottom of this message. Unfortunately, it has been a while since I
stumbled upon it and I vaguely recall that the request alone was not enough.
I am speculating now, but I think I had to enable that 10 minute window
mentioned in the thread and during it send a simple signon request (with no
transaction/statement request field). Only after it returned a success was I
able to request data.
In terms of submitting the request, I have a few working options:
1) a POST request with the following headers 'Content-Type':
"application/x-ofx", 'User-Agent':"InetClntApp/3.0", "Accept":"*/*"
2) a call to ofxget (part of ofxtools) with the following configuration file
(~/.config/ofxtools/ofxget.cfg):
[citi]
version = 103
appver = 2500
creditcard = # 16 digit credit card number #
org = Citigroup
fid = 24909
user = #username#
url = https://mobilesoa.citi.com/CitiOFXInterface
pretty = true
unclosedelements = true
3) AqBanking v5.7.8 with the following configuration file:
~/.aqbanking/settings/users/uid0001.conf
int uniqueId="58"
char backendName="aqofxconnect"
char userName="username"
char userId="username "
char customerId="username "
char country="us"
char bankCode="00"
int lastSessionId="0"
data {
backend {
char bankName="Citi Credit Card"
char org="Citigroup"
char fid="24909"
char serverAddr="https%3A%2F%2Fmobilesoa.citi.com%2FCitiOFXInterface"
char appId="QWIN"
char appVer="2500"
char headerVer="103"
char clientUid="a fixed UUID4 string"
int httpVMajor="0"
int httpVMinor="0"
} #backend
} #data
Finally, here is the working OFX request. If you find this information
useful, please consider adding it to the GnuCash wiki.
OFXHEADER:100
DATA:OFXSGML
VERSION:103
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:#random uuid4 or just some random large integer, like
20180912052115#
20191020111537.000
#username#
#passsword#
ENG
Citigroup24909
QWIN
2500
#uuid4, i keep it fixed between sessions, but don't
recall setting it#
20191021211537.000
1
# 16 digit credit card number#
2019101200
20191019111537
Y
--
Sent from: http://gnucash.1415818.n4.nabble.com/GnuCash-User-f1415819.html
___
gnucash-user mailing list
gnucash-user@gnucash.org
To update your subscription preferences or to unsubscribe:
https://lists.gnucash.org/mailman/listinfo/gnucash-user
If you are using Nabble or Gmane, please see
https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
-
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Re: [GNC] AqBanking help for Citi CC (cont'd again)
> On Oct 21, 2019, at 12:13 PM, Jonathan Stickel wrote:
>
> On 10/20/19 22:13, John Ralls wrote:
>>> On Oct 20, 2019, at 7:46 PM, Jonathan Stickel wrote:
>>>
>>> As with messages in January and August, I too would like AqBanking to work
>>> with a Citi credit card account. I've followed the recommend settings
>>> described here:
>>>
>>> https://lists.gnucash.org/pipermail/gnucash-user/2018-October/080548.html
>>>
>>> but still no luck.
>>>
>>> I did find a feature when logged in to my citi.com account to "manage
>>> access" for third party software applications ("like Quicken® or
>>> Quickbooks®"). This is through Profile->More Settings. Clicking on Add
>>> Access then gives 10 minutes to make a connection. I've tried running
>>> AqBanking during this 10 minute window, but it still does not retrieve an
>>> account list or download transactions. So I am at a loss. If anyone is
>>> currently being successful using a Citi cards connection, please post!
>> That 10-minute window makes it seem like it's OFX Web Connect, where you
>> authenticate via the web and then connect with your financial software.
>> AQBanking and therefor GnuCash doesn't support that. It supports only OFX
>> Direct Connect where the financial software handles the authentication.
>> Regards,
>> John Ralls
>
> Thanks for the observation. Perhaps that part is a red herring.
>
> My main question remains: is anyone successfully running AqBanking with Citi
> Cards? If so, how did you make it work?
>
> Thanks,
> Jonathan
Not anymore. I used aqbanking for many years to download Citicard transactions.
A couple years ago the connections started failing about half the time. And a
couple hours later, whether I got the data or not, I’d get an email from Citi
saying they had detected suspicious activity on my account and I was required
to change my password. Kinda weird for them to cough up all the transaction
data, and then decide the connection was suspicious. But this is not the first
disagreement I’ve had with Citi over weird security policies. Eventually I gave
up on directconnect downloads. If I need Citi transactions (not often
recently), I log in via the web interface, download the qfx file, and import
that into Gnucash.
https://community.quicken.com/discussion/7859184/new-8-27-19-citi-cards-returning-ol-301-error#latest
indicates that Citi has further modified their permitted third part access, and
even Quicken users are having problems.
I tried the old aqbanking connect attempt last night, and got no response. The
ofx.log showed the outgoing commands, with nothing coming back. I had activated
Citi’s 10 minute window, to no avail. I also got no notice that anyone had
tried to break in. I’d love to see the ofx.log and conn.log from a successful
download in Quicken of Citi transaction data. There’s a chance the old ofx
server just drops the connection on any attempted login.
Citi’s description of the third party authorization (once an app is authorized,
changing your password won’t prevent access by the app…) leads me to believe
there is some additional handshake/authentication going on during that logon in
10 minute window that is outside the ofx spec. If so, there’s no way for
aqbanking to handle that. I seriously doubt we’ll ever see published-standard
ofxdirectconnect transaction downloads from Citi again. The banking regulators
are making it hard to accomplish, Quicken would just as soon the handshake be
totally proprietary, and the banks don’t want to bother with software
development if they can help it.
Good luck.
--
Dave Reiser
dbrei...@icloud.com
___
gnucash-user mailing list
gnucash-user@gnucash.org
To update your subscription preferences or to unsubscribe:
https://lists.gnucash.org/mailman/listinfo/gnucash-user
If you are using Nabble or Gmane, please see
https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
-
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Re: [GNC] AqBanking help for Citi CC (cont'd again)
On 10/20/19 22:13, John Ralls wrote:
On Oct 20, 2019, at 7:46 PM, Jonathan Stickel wrote:
As with messages in January and August, I too would like AqBanking to work with
a Citi credit card account. I've followed the recommend settings described here:
https://lists.gnucash.org/pipermail/gnucash-user/2018-October/080548.html
but still no luck.
I did find a feature when logged in to my citi.com account to "manage access" for third
party software applications ("like Quicken® or Quickbooks®"). This is through
Profile->More Settings. Clicking on Add Access then gives 10 minutes to make a connection. I've
tried running AqBanking during this 10 minute window, but it still does not retrieve an account list
or download transactions. So I am at a loss. If anyone is currently being successful using a Citi
cards connection, please post!
That 10-minute window makes it seem like it's OFX Web Connect, where you
authenticate via the web and then connect with your financial software.
AQBanking and therefor GnuCash doesn't support that. It supports only OFX
Direct Connect where the financial software handles the authentication.
Regards,
John Ralls
Thanks for the observation. Perhaps that part is a red herring.
My main question remains: is anyone successfully running AqBanking with
Citi Cards? If so, how did you make it work?
Thanks,
Jonathan
___
gnucash-user mailing list
gnucash-user@gnucash.org
To update your subscription preferences or to unsubscribe:
https://lists.gnucash.org/mailman/listinfo/gnucash-user
If you are using Nabble or Gmane, please see
https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
-
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
Re: [GNC] AqBanking help for Citi CC (cont'd again)
> On Oct 20, 2019, at 7:46 PM, Jonathan Stickel wrote:
>
> As with messages in January and August, I too would like AqBanking to work
> with a Citi credit card account. I've followed the recommend settings
> described here:
>
> https://lists.gnucash.org/pipermail/gnucash-user/2018-October/080548.html
>
> but still no luck.
>
> I did find a feature when logged in to my citi.com account to "manage access"
> for third party software applications ("like Quicken® or Quickbooks®"). This
> is through Profile->More Settings. Clicking on Add Access then gives 10
> minutes to make a connection. I've tried running AqBanking during this 10
> minute window, but it still does not retrieve an account list or download
> transactions. So I am at a loss. If anyone is currently being successful
> using a Citi cards connection, please post!
That 10-minute window makes it seem like it's OFX Web Connect, where you
authenticate via the web and then connect with your financial software.
AQBanking and therefor GnuCash doesn't support that. It supports only OFX
Direct Connect where the financial software handles the authentication.
Regards,
John Ralls
___
gnucash-user mailing list
gnucash-user@gnucash.org
To update your subscription preferences or to unsubscribe:
https://lists.gnucash.org/mailman/listinfo/gnucash-user
If you are using Nabble or Gmane, please see
https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
-
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
[GNC] AqBanking help for Citi CC (cont'd again)
As with messages in January and August, I too would like AqBanking to
work with a Citi credit card account. I've followed the recommend
settings described here:
https://lists.gnucash.org/pipermail/gnucash-user/2018-October/080548.html
but still no luck.
I did find a feature when logged in to my citi.com account to "manage
access" for third party software applications ("like Quicken® or
Quickbooks®"). This is through Profile->More Settings. Clicking on Add
Access then gives 10 minutes to make a connection. I've tried running
AqBanking during this 10 minute window, but it still does not retrieve
an account list or download transactions. So I am at a loss. If anyone
is currently being successful using a Citi cards connection, please post!
Thanks,
Jonathan
___
gnucash-user mailing list
gnucash-user@gnucash.org
To update your subscription preferences or to unsubscribe:
https://lists.gnucash.org/mailman/listinfo/gnucash-user
If you are using Nabble or Gmane, please see
https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
-
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
