Register Account API Documentation

The Register Account endpoint creates a security profile for an existing member within the Avios loyalty platform. The member may have joined from any partner or Avios channel, including offline channels. Registration stores the security credentials that enable the member to log in , along with other data elements such as security responses that enable the member to recover credentials in the future. Registration will only be successful if the member doesn’t have an existing security profile.

The credentials held within the security profile are used to identify the member when they log in to Avios and partner applications, including when a member pays with Avios . The same credentials are used by the member across the entire Avios ecosystem.

Business Context

Here’s the process flow:

The member provides their details in the partner’s channel.
The partner calls the Register Account endpoint.
The Register Account endpoint processes the request and returns either success or failure.
The partner finalises the account registration process in their channel.
The partner confirms the outcome to the member and allows the member to continue their journey.

Important Technical Notes

This API can receive upper or lower case ASCII or accented data but this will be converted to uppercase ASCII. The response message will contain only upper case ASCII characters. This conversion is a one-way process, converted ASCII character cannot be translated back to original accented character.

Pre-conditions

The account must exist within the Avios loyalty platform for the member
The account must not have an existing security profile
The account must be active
Partner must have an API key to call Register Account endpoint.

Post-conditions

Success outcome: HTTP status code 201 is returned with an empty response body.

Error outcome: Refer to error code table for list of possible error responses.

Service Details

URI Parameters

Production Endpoint:

`POST https://api.avios.com/{version}/memberships/{membership-identifier}/registrations?api_key={api_key}`

Example

https://api.avios.com/v2/memberships/3081470000000000/registrations?api_key=abcdefabcdefabcdefabcdef

Name	Data type	Description	Example
`version` Required	String	The version number of the endpoint being called. The correct version is confirmed during the partner on-boarding process. Format: Alphanumeric	v2
`membership-identifier` Required	String	The membership number of the loyalty programme member which starts with 30814. Format: Numeric only. Min length = 16, Max Length = 24.	308140000000000
`api_key` Required	String	The API key provided during the partner configuration that take place as part of the partner on-boarding process. Format: Alphanumeric only. Min length = 24, Max length = 24.	abcdefabcdefabcdefabcdef

Request Headers

Name	Data type	Description	Example
`Accept` Optional	String	The Accept request header is used to specify certain media types that are acceptable for the response. Restricted to application/json. Format: application/< content-type >	application/json
`Content-Type` Required	String	The Content-Type request header indicates the media type of the request body sent to the endpoint. Restricted to application/json. Format: application/< content-type >	application/json
`X-Forwarded-For` Optional	String	Identifies the originating IP address of a consumer. Format: Valid IP address	172.128.25.24

Request Elements

The following is an example of a valid request body for the Register Account endpoint.

{
  "member": {
    "securityProfile": {
      "credentials": {
        "identifier": "my.name@email.com",...

The elements that make up the request message are detailed in the following table and the following rules apply:

Request element’s values may be sent as either upper, lower case ASCII characters or accented characters.
Default values are not assigned to elements that have not been supplied within a request message
Appendix A shows an example of a Register Account endpoint request call, expressed in JSON format

Name	Data type	Description
`member` Required	Complex type	The member element represents the details for this registration request.
`member.securityProfile` Required	Complex type	A complex type representing the member’s security profile, which contains the security credentials and responses to the chosen security questions.
`member.securityProfile.credentials` Required	Complex type	A complex type that represents the member’s security credentials (username and password) for the member’s account within the Avios ecosystem.
`member.securityProfile.credentials.identifier` Required	String	The username field. This field should not start or end with special characters. Format: Alphanumeric and special characters period (.), at (@), hyphen (-), underscore Min length: 6, Max length: 50.
`member.securityProfile.credentials.token` Required	String	The password associated with the account which member will use to login to system. Accented characters passed will not be converted and password will contain them. This must include at least 3 of below rules: At least one number appearing in the string At least one lowercase letter appearing in the string At least one upper case letter appearing in the string At least one special character appearing in the string Format: Alphanumeric, accented and special characters. Min length: 8, Max length: 20.
`member.securityProfile.securityChallenge` Required	Array of Complex type	An array of 2 elements that represent the responses to the security questions to be used when a member attempts to recover forgotten credentials. Two security responses must be specified and each must have unique/different ids within the request.
`member.securityProfile.securityChallenge.identifier` Required	String	A numeric value that represents the Identifier of the Security Question the response relates to. Maximum value of this element is 12. Format: Numeric only. Min length: 1, Max length: 2.
`member.securityProfile.securityChallenge.response` Required	String	The member’s response to the security challenge (The answer to the security question). This field must start with an alphanumeric character. Accented characters with be converted to respective ASCII character before persisting the value in the system. This conversion is a one-way process, converted ASCII character cannot be translated back to original accented character. Other characters may be alphanumeric. Format: Alphanumeric, special characters and accented characters. ampersand (&), period (.), comma (,), apostrophe (‘), special quote/backtick , hyphen (-) and space ( ). Min length: 2, Max length: 50.
`member.postalAddress` Conditional	Complex type	A complex type representing a container for the postal address element required as part of a Register Account API request. The following rules are applicable on this element: The PostalAddress element will contain only a PostCode child. This element is conditional based on the country of residence retained in the member’s account during the joining process. Also, refer to Country address rules document. This element will only be used by the service if the member is from UK or ZA (South Africa).
`member.postalAddress.postCode` Required	String	The postCode of the member as previously stored in the member profile within the Avios platform as part of the joining process. This element is a mandatory child within the PostalAddress parent complex type. PostCode is alphanumeric and does not accept any other characters, including space, case insensitive. Format: Alphanumeric. Min Length: 1, Max length: 8.
`member.registeredIdentifier` Conditional	Array of Complex type	A registered form of identity mandatory for some locations and countries. A registered form of identity may be a passport or national identity card. There may be multiple instances of this element required. This element is mandatory for members with country of residence as South Africa. This element will only be used by the service if member is from ZA country (South Africa).
`member.registeredIdentifier.token` Required	String	The Identifier of the registered form of identity, mandatory when the parent element has been specified. In the case of a passport, this would be the passport number. All special characters are allowed. Format: Alphanumeric accented and special characters. Min Length: 1, Max length: 24.
`member.registeredIdentifier.type` Required	String	Type of identification document. Mandatory when the parent element is specified, and must be one of the following: PASSPORT NATIONAL_IDENTITY_CARD Format: Enumeration.
`member.dateOfBirth` Conditional	String	Date of birth for the member as stored in the member’s account within the Avios loyalty platform as part of the Join Programme process. This element is required if the member resides in countries other than United Kingdom (GB) and South Africa (ZA.). Format: YYYY-MM-DD ISO-8601 calendar date format.

Response Message

The Register Account API response is limited to mitigate any information disclosure vulnerability. A typical response will return success or failure as an HTTP status code, in this case a 201 for success. In the event of an error occurring, an appropriate error message will be returned.

Exception Message Elements

The following is an example of an error response.

{
  "error": {
    "code": "SECURITY_PROFILE_ALREADY_EXISTS",
    "businessMessage": "Security Profile Already Exists",
    "developerLink": "https://developer.iagloyalty.com/docs"...

Name	Data type	Description
`error` Conditional	Complex type	Will only be present if an error has been detected and reported by the endpoint.
`error.code` Present	String	Error code. Example: REQUEST_INVALID Format: Alphabetic plus underscore
`error.businessMessage` Present	String	A business level message describing the error, which has occurred. Example: Request Invalid Format: Alphabetic
`error.developerMessage` Conditional	String	Developer message will be present when detailed technical description is required for the error, which has occurred, by the endpoint. If no specific developer message is required, developer message will be as business message. Format: Alphabetic
`error.developerLink` Present	String	A link to supporting documentation for this API. Example: https://developer.iagloyalty.com/docs Format: Alphabetic plus colon (:), forward slash (/), dash (-), underscore or period (.).
`error.childError` Conditional	Array of complex type	Present for certain errors (e.g. validation) where one or more child error may have occurred.
`error.childError.code` Present	String	The error code for the child error (if returned). Example: DATA_INVALID Format: Alphabetic plus underscore
`error.childError.path` Conditional	String	Identifies the element in the request, which has caused the error to occur. This will not appear in the case of any of the authorisation header elements being invalid or missing. Format: Alphabetic plus period (.), forward slash (/), open bracket (
`error.childError.businessMessage` Present	String	A business level message describing the error, which has occurred. Example: Programme not supported Format: Alphabetic

Error Codes

HTTP Status Code	Description
`400` REQUEST_INVALID MANDATORY_DATA_MISSING	The content of element 'ns3:Member' is not complete. A mandatory element is missing from the request and it must be provided (empty request body). The content of element 'ns3:SecurityProfile' is not complete. A mandatory element is missing from the request and it must be provided (only 1 Security Challenge was detected). The content of element 'ns3:SecurityProfile' is not complete. A mandatory element is missing from the request and it must be provided (empty security challenge in request) Invalid value for 'security_challenge' in element 'ns3:Response' (invalid security challenge). The content of element 'ns3:SecurityProfile' is not complete. A mandatory element is missing from the request and it must be provided (empty credentials in request).
`400` REQUEST_INVALID REGISTRATION_FAILED	Invalid MembershipID
`400` REQUEST_INVALID DATA_INVALID	Invalid MembershipID length (max length is 24 characters) Username format is invalid (can't contain special characters such as @, \$, -, etc.). Invalid Username length (min 6 characters, max 50 characters) Invalid Password length (min 8 characters, max 20 characters) Invalid content or format for postal code in element ns3:PostCode (max length is 8 characters; can't be empty) Invalid value for member.registeredIdentifier (value, type or token can't be empty) Invalid value for memberregisteredIdentifier.type (can't be only smallcase) Invalid Password format (must contain Upper Case characters, Special Characters and numbers ; can't contain ascentic characters) Invalid value for member.dateOfBirth. Date, month and year need to be specified, valid and within range
`400` REQUEST_INVALID USERNAME_ALREADY_EXISTS	Username is already in use
`400` REQUEST_INVALID AUTHENTICATION_FAILED	Postcode length needs to be greater than 1 character
`409` CUSTOMER_ALREADY_EXISTS	Customer is already registered