Register Account API Documentation
The Register Account endpoint creates a security profile for an existing member within the Avios loyalty platform. The member may have joined from any partner or Avios channel, including offline channels. Registration stores the security credentials that enable the member to log in , along with other data elements such as security responses that enable the member to recover credentials in the future. Registration will only be successful if the member doesn’t have an existing security profile.
The credentials held within the security profile are used to identify the member when they log in to Avios and partner applications, including when a member pays with Avios . The same credentials are used by the member across the entire Avios ecosystem.
Business Context
Here’s the process flow:
- The member provides their details in the partner’s channel.
- The partner calls the Register Account endpoint.
- The Register Account endpoint processes the request and returns either success or failure.
- The partner finalises the account registration process in their channel.
- The partner confirms the outcome to the member and allows the member to continue their journey.
Important Technical Notes
- This API can receive upper or lower case ASCII or accented data but this will be converted to uppercase ASCII. The response message will contain only upper case ASCII characters. This conversion is a one-way process, converted ASCII character cannot be translated back to original accented character.
Pre-conditions
- The account must exist within the Avios loyalty platform for the member
- The account must not have an existing security profile
- The account must be active
- Partner must have an API key to call Register Account endpoint.
Post-conditions
Success outcome: HTTP status code 201 is returned with an empty response body.
Error outcome: Refer to error code table for list of possible error responses.
Service Details
URI Parameters
Production Endpoint:
`POST https://api.avios.com/{version}/memberships/{membership-identifier}/registrations?api_key={api_key}`
Example
https://api.avios.com/v2/memberships/3081470000000000/registrations?api_key=abcdefabcdefabcdefabcdef
Name | Data type | Description | Example |
---|---|---|---|
version Required | String | The version number of the endpoint being called. The correct version is confirmed during the partner on-boarding process. Format: Alphanumeric | v2 |
membership-identifier Required | String | The membership number of the loyalty programme member which starts with 30814. Format: Numeric only. Min length = 16, Max Length = 24. | 308140000000000 |
api_key Required | String | The API key provided during the partner configuration that take place as part of the partner on-boarding process. Format: Alphanumeric only. Min length = 24, Max length = 24. | abcdefabcdefabcdefabcdef |
Request Headers
Name | Data type | Description | Example |
---|---|---|---|
Accept Optional | String | The Accept request header is used to specify certain media types that are acceptable for the response. Restricted to application/json. Format: application/< content-type > | application/json |
Content-Type Required | String | The Content-Type request header indicates the media type of the request body sent to the endpoint. Restricted to application/json. Format: application/< content-type > | application/json |
X-Forwarded-For Optional | String | Identifies the originating IP address of a consumer. Format: Valid IP address | 172.128.25.24 |
Request Elements
The following is an example of a valid request body for the Register Account endpoint.
{
"member": {
"securityProfile": {
"credentials": {
"identifier": "my.name@email.com",
The elements that make up the request message are detailed in the following table and the following rules apply:
- Request element’s values may be sent as either upper, lower case ASCII characters or accented characters.
- Default values are not assigned to elements that have not been supplied within a request message
- Appendix A shows an example of a Register Account endpoint request call, expressed in JSON format
Name | Data type | Description |
---|---|---|
member Required | Complex type | The member element represents the details for this registration request. |
member. Required | Complex type | A complex type representing the member’s security profile, which contains the security credentials and responses to the chosen security questions. |
member. Required | Complex type | A complex type that represents the member’s security credentials (username and password) for the member’s account within the Avios ecosystem. |
member. Required | String | The username field. This field should not start or end with special characters. Format: Alphanumeric and special characters period (.), at (@), hyphen (-), underscore Min length: 6, Max length: 50. |
member. Required | String | The password associated with the account which member will use to login to system. Accented characters passed will not be converted and password will contain them.This must include at least 3 of below rules: At least one number appearing in the stringAt least one lowercase letter appearing in the stringAt least one upper case letter appearing in the string At least one special character appearing in the string Format: Alphanumeric, accented and special characters. Min length: 8, Max length: 20. |
member. Required | Array of Complex type | An array of 2 elements that represent the responses to the security questions to be used when a member attempts to recover forgotten credentials. Two security responses must be specified and each must have unique/different ids within the request. |
member. Required | String | A numeric value that represents the Identifier of the Security Question the response relates to. Maximum value of this element is 12. Format: Numeric only. Min length: 1, Max length: 2. |
member. Required | String | The member’s response to the security challenge (The answer to the security question). This field must start with an alphanumeric character. Accented characters with be converted to respective ASCII character before persisting the value in the system. This conversion is a one-way process, converted ASCII character cannot be translated back to original accented character. Other characters may be alphanumeric. Format: Alphanumeric, special characters and accented characters. ampersand (&), period (.), comma (,), apostrophe (‘), special quote/backtick , hyphen (-) and space ( ). Min length: 2, Max length: 50. |
member. Conditional | Complex type | A complex type representing a container for the postal address element required as part of a Register Account API request. The following rules are applicable on this element: The PostalAddress element will contain only a PostCode child. This element is conditional based on the country of residence retained in the member’s account during the joining process. Also, refer to Country address rules document. This element will only be used by the service if the member is from UK or ZA (South Africa). |
member. Required | String | The postCode of the member as previously stored in the member profile within the Avios platform as part of the joining process. This element is a mandatory child within the PostalAddress parent complex type. PostCode is alphanumeric and does not accept any other characters, including space, case insensitive. Format: Alphanumeric. Min Length: 1, Max length: 8. |
member. Conditional | Array of Complex type | A registered form of identity mandatory for some locations and countries. A registered form of identity may be a passport or national identity card. There may be multiple instances of this element required. This element is mandatory for members with country of residence as South Africa. This element will only be used by the service if member is from ZA country (South Africa). |
member. Required | String | The Identifier of the registered form of identity, mandatory when the parent element has been specified. In the case of a passport, this would be the passport number. All special characters are allowed. Format: Alphanumeric accented and special characters. Min Length: 1, Max length: 24. |
member. Required | String | Type of identification document. Mandatory when the parent element is specified, and must be one of the following: PASSPORT NATIONAL_IDENTITY_CARD Format: Enumeration. |
member. Conditional | String | Date of birth for the member as stored in the member’s account within the Avios loyalty platform as part of the Join Programme process. This element is required if the member resides in countries other than United Kingdom (GB) and South Africa (ZA.). Format: YYYY-MM-DD ISO-8601 calendar date format. |
Response Message
The Register Account API response is limited to mitigate any information disclosure vulnerability. A typical response will return success or failure as an HTTP status code, in this case a 201 for success. In the event of an error occurring, an appropriate error message will be returned.
Exception Message Elements
The following is an example of an error response.
{
"error": {
"code": "SECURITY_PROFILE_ALREADY_EXISTS",
"businessMessage": "Security Profile Already Exists",
"developerLink": "https://developer.iagloyalty.com/docs"
Name | Data type | Description |
---|---|---|
error Conditional | Complex type | Will only be present if an error has been detected and reported by the endpoint. |
error. Present | String | Error code. Example: REQUEST_INVALID Format: Alphabetic plus underscore |
error. Present | String | A business level message describing the error, which has occurred. Example: Request Invalid Format: Alphabetic |
error. Conditional | String | Developer message will be present when detailed technical description is required for the error, which has occurred, by the endpoint. If no specific developer message is required, developer message will be as business message. Format: Alphabetic |
error. Present | String | A link to supporting documentation for this API. Example: https://developer.iagloyalty.com/docs Format: Alphabetic plus colon (:), forward slash (/), dash (-), underscore or period (.). |
error. Conditional | Array of complex type | Present for certain errors (e.g. validation) where one or more child error may have occurred. |
error. Present | String | The error code for the child error (if returned). Example: DATA_INVALID Format: Alphabetic plus underscore |
error. Conditional | String | Identifies the element in the request, which has caused the error to occur. This will not appear in the case of any of the authorisation header elements being invalid or missing. Format: Alphabetic plus period (.), forward slash (/), open bracket ( |
error. Present | String | A business level message describing the error, which has occurred. Example: Programme not supported Format: Alphabetic |
Error Codes
HTTP Status Code | Description |
---|---|
400 REQUEST_INVALID MANDATORY_DATA_MISSING | The content of element 'ns3:Member' is not complete. A mandatory element is missing from the request and it must be provided (empty request body).The content of element 'ns3:SecurityProfile' is not complete. A mandatory element is missing from the request and it must be provided (only 1 Security Challenge was detected).The content of element 'ns3:SecurityProfile' is not complete. A mandatory element is missing from the request and it must be provided (empty security challenge in request)Invalid value for 'security_challenge' in element 'ns3:Response' (invalid security challenge).The content of element 'ns3:SecurityProfile' is not complete. A mandatory element is missing from the request and it must be provided (empty credentials in request). |
400 REQUEST_INVALID REGISTRATION_FAILED | Invalid MembershipID |
400 REQUEST_INVALID DATA_INVALID | Invalid MembershipID length (max length is 24 characters)Username format is invalid (can't contain special characters such as @, \$, -, etc.).Invalid Username length (min 6 characters, max 50 characters)Invalid Password length (min 8 characters, max 20 characters)Invalid content or format for postal code in element ns3:PostCode (max length is 8 characters; can't be empty)Invalid value for member.registeredIdentifier (value, type or token can't be empty)Invalid value for memberregisteredIdentifier.type (can't be only smallcase)Invalid Password format (must contain Upper Case characters, Special Characters and numbers ; can't contain ascentic characters)Invalid value for member.dateOfBirth. Date, month and year need to be specified, valid and within range |
400 REQUEST_INVALID USERNAME_ALREADY_EXISTS | Username is already in use |
400 REQUEST_INVALID AUTHENTICATION_FAILED | Postcode length needs to be greater than 1 character |
409 CUSTOMER_ALREADY_EXISTS | Customer is already registered |