Register Account API Documentation

v2

The Register Account endpoint creates a security profile for an existing member within the Avios loyalty platform. The member may have joined from any partner or Avios channel, including offline channels. Registration stores the security credentials that enable the member to log in , along with other data elements such as security responses that enable the member to recover credentials in the future. Registration will only be successful if the member doesn’t have an existing security profile.

The credentials held within the security profile are used to identify the member when they log in to Avios and partner applications, including when a member pays with Avios . The same credentials are used by the member across the entire Avios ecosystem.

Business Context

Here’s the process flow:

Register Account Flow

  • The member provides their details in the partner’s channel.
  • The partner calls the Register Account endpoint.
  • The Register Account endpoint processes the request and returns either success or failure.
  • The partner finalises the account registration process in their channel.
  • The partner confirms the outcome to the member and allows the member to continue their journey.

Important Technical Notes

  • This API can receive upper or lower case ASCII or accented data but this will be converted to uppercase ASCII. The response message will contain only upper case ASCII characters. This conversion is a one-way process, converted ASCII character cannot be translated back to original accented character.

Pre-conditions

  • The account must exist within the Avios loyalty platform for the member
  • The account must not have an existing security profile
  • The account must be active
  • Partner must have an API key to call Register Account endpoint.

Post-conditions

Success outcome: HTTP status code 201 is returned with an empty response body.

Error outcome: Refer to error code table for list of possible error responses.

Service Details

URI Parameters

Production Endpoint:

`POST https://api.avios.com/{version}/memberships/{membership-identifier}/registrations?api_key={api_key}`

Example

https://api.avios.com/v2/memberships/3081470000000000/registrations?api_key=abcdefabcdefabcdefabcdef
NameData typeDescriptionExample
version
Required
StringThe version number of the endpoint being called. The correct version is confirmed during the partner on-boarding process.
Format: Alphanumeric v
v2
membership-identifier
Required
StringThe membership number of the loyalty programme member which starts with 30814.
Format: Numeric only. Min length = 16, Max Length = 24.
0123456789012345
api_key
Required
StringThe API key provided during the partner configuration that take place as part of the partner on-boarding process.
Format: Alphanumeric only. Min length = 24, Max length = 24.
abcdefabcdefabcdefabcdef

Request Headers

NameData typeDescriptionExample
Accept
Optional
StringThe Accept request header is used to specify certain media types that are acceptable for the response. Restricted to application/json.
Format: application/< content-type >
application/json
Content-Type
Required
StringThe Content-Type request header indicates the media type of the request body sent to the endpoint. Restricted to application/json.
Format: application/< content-type >
application/json
X-Forwarded-For
Optional
StringIdentifies the originating IP address of a consumer.
Format: Valid IP address
172.128.25.24

Request Elements

The following is an example of a valid request body for the Register Account endpoint.

{
  "member": {
    "securityProfile": {
      "credentials": {
        "identifier": "my.name@email.com",

The elements that make up the request message are detailed in the following table and the following rules apply:

  • Request element’s values may be sent as either upper, lower case ASCII characters or accented characters.
  • Default values are not assigned to elements that have not been supplied within a request message
  • Appendix A shows an example of a Register Account endpoint request call, expressed in JSON format
NameData typeDescription
member
Required
Complex type 1..1The member element represents the details for this registration request.
member.securityProfile
Required
Complex type 1..1A complex type representing the member’s security profile, which contains the security credentials and responses to the chosen security questions.
member.securityProfile.credentials
Required
Complex type 1..1A complex type that represents the member’s security credentials (username and password) for the member’s account within the Avios ecosystem.
member.securityProfile.credentials.identifier
Required
StringThe username field. This field should not start and end with special characters.
Format: Alphanumeric and special characters period (.), at (@), hyphen (-), underscore (
member.securityProfile.credentials.token
Required
StringThe password associated with the account which member will use to login to system. Accented characters passed will not be converted and password will contain them. This must include at least 3 of below rules: At least one number appearing in the string At least one lowercase letter appearing in the string At least one upper case letter appearing in the string At least one special character appearing in the string
Format: Alphanumeric, accented and special characters. Min length: 8, Max length: 20.
member.securityProfile.securityChallenge
Required
Array of Complex type 2..2An array of 2 elements that represent the responses to the security questions to be used when a member attempts to recover forgotten credentials. Two security responses must be specified and each must have a unique Id within the request (they must have different Ids).
member.securityProfile.securityChallenge.identifier
Required
StringA numeric value that represents the Identifier of the Security Question the response (in the following field) relates to. Maximum value of this element is 12.
Format: Numeric only. Min length: 1, Max length: 2.
member.securityProfile.securityChallenge.response
Required
String
member.postalAddress
Conditional
Complex type 0..1A complex type representing a container for the postal address element required as part of a Register Account API request. The following rules are applicable on this element: The PostalAddress element will contain only a PostCode child. This element is conditional based on the country of residence retained in the member’s account during the joining process. Also, refer to Country address rules document. This element will only be used by the service If member is from UK or ZA (South Africa).
member.postalAddress.postCode
Required
StringThe postCode of the member as previously stored in the member profile within the Avios platform as part of the joining process. This element is a mandatory child within the PostalAddress parent complex type. PostCode is alphanumeric and does not accept any other characters, including space, case insensitive.
Format: Alphanumeric. Min Length: 1, Max length: 8.
member.registeredIdentifier
Conditional
Array of Complex type 0..nA registered form of identity mandatory for some locations and countries. A registered form of identity may be a passport or national identity card. There may be multiple instances of this element required. This element is mandatory for members with country of residence as South Africa. This element will only be used by the service if member is from ZA country (South Africa).
member.registeredIdentifier.token
Required
StringThe Identifier of the registered form of identity, mandatory when the parent element has been specified. In the case of a passport, this would be the passport number. All special characters are allowed.
Format: Alphanumeric accented and special characters. Min Length: 1, Max length: 24.
member.registeredIdentifier.type
Required
StringType of identification document. Mandatory when the parent element is specified, and must be one of the following: PASSPORT NATIONAL_IDENTITY_CARD
Format: Enumeration.
member.dateOfBirth
Conditional
StringDate of birth for the member as stored in the member’s account within the Avios loyalty platform as part of the Join Programme process. This element is required if the member resides in countries other than United Kingdom (GB) and South Africa (ZA.).
Format: YYYY-MM-DD ISO-8601 calendar date format.

Response Message

The Register Account API response is limited to mitigate any information disclosure vulnerability. A typical response will return success or failure as an HTTP status code, in this case a 201 for success. In the event of an error occurring, an appropriate error message will be returned.

Exception Message Elements

The following is an example of an error response.

{
  "error": {
    "code": "SECURITY_PROFILE_ALREADY_EXISTS",
    "businessMessage": "Security Profile Already Exists",
    "developerLink": "https://developer.iagloyalty.com/docs"
NameData typeDescription
error
Conditional
Complex type 0...1Will only be present if an error has been detected and reported by the endpoint.
error.code
Present
StringError code. Example: REQUEST_INVALID
Format: Alphabetic plus underscore (
error.businessMessage
Present
StringA business level message describing the error, which has occurred. Example: Request Invalid
Format: Alphabetic
error.developerMessage
Conditional
StringDeveloper message will be present when detailed technical description is required for the error, which has occurred, by the endpoint. If no specific developer message is required, developer message will be as business message.
Format: Alphabetic
error.developerLink
Present
StringA link to supporting documentation for this API. Example: https://developer.iagloyalty.com/docs
Format: Alphabetic plus colon (:), oblique (/), dash (-), underscore (
error.childError
Conditional
Array of complex type 0...nPresent for certain errors (e.g. validation) where one or more child error may have occurred.
error.childError.code
Present
StringThe error code for the child error (if returned). Example: DATA_INVALID
Format: Alphabetic plus underscore (
error.childError.path
Conditional
StringIdentifies the element in the request, which has caused the error to occur. This will not come in case of any of the authorisation header elements are invalid or missing.
Format: Alphabetic plus period (.), oblique (.), open bracket (
error.childError.businessMessage
Present
StringA business level message describing the error, which has occurred. Example: Programme not supported
Format: Alphabetic

Error Codes

HTTP Status CodeDescription
400
REQUEST_INVALID
MANDATORY_DATA_MISSING
A mandatory element is missing from the request and must be provided.
400
REQUEST_INVALID
DATA_INVALID
An element has been specified, but fails to meet the defined validation rules.
400
REQUEST_INVALID
CUSTOMER_AGE_INVALID
Date of birth cannot be under 18 years.
415
REQUEST_INVALID
HEADER_INVALID
The provided Content-Type header is invalid.
400
AUTHENTICATION_FAILED
The member could not be identified successfully based upon the post code or date of birth or registerIdentifier. This error also will be returned if member which resides in ZA wants to create a security profile but security profile already exists.
400
USERNAME_ALREADY_EXISTS
The specified username already exists.
400
SECURITY_PROFILE_ALREADY_EXISTS
A security profile already exists for the specified member, i.e. the member must have successfully registered previously.
400
REGISTRATION_FAILED
Registration could fail as a result of: The member could not be found The account is disabled or locked Security question identifiers have the same IDs.