Appearance
Access Token B2B
Components
| Product | Environment | URL |
|---|---|---|
| Payment | Stage | https://kronos-stage.ifortepay.id/auth/merchants/v1.0/access-token/b2b |
| Payment | Production | https://kronos.ifortepay.id/auth/merchants/v1.0/access-token/b2b |
| Disbursement | Stage | https://api-stage.senmo.id/api/v1.0/access-token/b2b |
| Disbursement | Production | https://api.senmo.id/api/v1.0/access-token/b2b |
ⓘ Whole service can be fully utilized in Production Environment.
privateKey
The private key which you generate along with the public key. Make sure that you have sent the public key to Ifortepay . We will use the public key to validate the private key. We are using RSA 2048 bit as the public and private key using PKCS8 type with DER/PEM format. This is the example of private key:
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDOfmGb5tlo2q+xg0OhaEg9yzREKYPhl70/6Cktfw6ljpLzyR/DZ9/qEP9J1wAMn+FSo/dXj7p82uerlnyeJRmS30R5dFLcTD6js3PwRPyTuu+JxmUHQgLagD2iT2aW0+E/QiSptcHA3cEe42G9GBizpGop3nGk585gw37qmCSbFHoYzp0qkABQvXUKPYs130nauTB2W0kg/Ylt2uJAmodgCTfTwyWP3DEtrRz9K+Ue9WEAg8U7M30unyYV76HIC3fdjPZ4SpxwM8yr9rGuvJhKErWnYk5T+yPrBdAgiwdeESsTm+fXpaBXx8dWKHmgRUF5QmE4udKIopIxN2dH9+qnAgMBAAECggEAWDE9Eh9l8rUX/dpgy7KkzBOaVpRemb67muxWjfJquIXsuIdJdCVMyoUI66oSgNHWI/wYu0KNNR8vfCcRQV/6DLMj5TWr4CAGTtdpqJBmSdg4z2C3LILighzsdgKwf7Gtzd07mGoi/vMXNNCLoX4FqtAJcalqYzKH/+bvMVXaqIqxMV/qrQ5LA/AQAoSGFuu8vQaQUeNadowOgq9Qs8t/ff6mrur2M5R2RAiMlYdMY0Yb42LTFVtHLFX0HU2WP4ItF3aoBj3e/8HL2sHJf6mAuY8Zd2pMgeh2AGMwgoA5Rn0hY7s3JqNuWgevNlnMUtx88oBNv2ayCYNLr6dGsn2zNQKBgQDaFaQJKAub6dSbymrCq0Z37R0YyjGiZly8RoOhWJW5WY/u8PfGJY0lN6YpqgteoNQ7+J0ZD8zqsrJr8nh5ZIX005V/WiknfsxUvnZd1P9SVcHd5Zfh+gtBnTkSvH5GggzMBo0auK0qvqldhLENk48J2G8+aFtqHK0aU478OGf9dQKBgQDyZNzKkyuBq+kZwnWadJWO28I1rSBCfqmXEkd+/0scmlXPe1fYLG9TAJjVAVFIgoYtuDXanZpcZf3Vx6SLS/+yR/cA6DdZm+62nRkMjJH+4D8geMkFIff4SHTvWVCdJagZS8jQGEG0cxNq7dwq9NaFx9Ih2gu0xAWzUv8PKzv4KwKBgCfvaI9ort+JLS6uHWiydoAFgpuEgxxLBFZRz07fauN7HBlUNPsq6zLSgvIEOnrElri4qQPq2cpsmLGdwCPynXkcubaNaxXZaU9nZUN/epW4MH0SywJNiHwmb0oYDEObEv7VgEdRZBx8t4TxhH6I89uIr65M69h9kdFNVdSn+5r1AoGBAInU1L/UI78ek/Pz4Y+sj4ama669/UQSZjjjSghq/rkLAZRznKXtzneyNTWaBDBpGAdTYjwntiioTkiLt4MF+iXUSh4X7bFku77XYfEC1dnKhdrfE995S1nBScz4SqCxUv7fWxcJVANaFEaPbsx2YK29zD03kcR+Wod3wFVNzlH1AoGBAJTtP4mA9swEc/6v6Opts+b5KUa54+yk5e06pS03J9Tz5cVnexIso7/u16P4ORZdLdRI91m4oboa/kchOY6LPF8Z91w2pe6UGC0rqjAmK4lWl7iydQDPxMAnFwowo40t26osPNMy4bFvqQz+kMYEedR2X+albeqe/XYlogc+/F3n
-----END PRIVATE KEY-----publicKey
This is the example of public key:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzn5hm+bZaNqvsYNDoWhIPcs0RCmD4Ze9P+gpLX8OpY6S88kfw2ff6hD/SdcADJ/hUqP3V4+6fNrnq5Z8niUZkt9EeXRS3Ew+o7Nz8ET8k7rvicZlB0IC2oA9ok9mltPhP0IkqbXBwN3BHuNhvRgYs6RqKd5xpOfOYMN+6pgkmxR6GM6dKpAAUL11Cj2LNd9J2rkwdltJIP2JbdriQJqHYAk308Mlj9wxLa0c/SvlHvVhAIPFOzN9Lp8mFe+hyAt33Yz2eEqccDPMq/axrryYShK1p2JOU/sj6wXQIIsHXhErE5vn16WgV8fHVih5oEVBeUJhOLnSiKKSMTdnR/fqpwIDAQAB
-----END PUBLIC KEY-----Header Request
Details
| Parameter | Mandatory | Type | Description |
|---|---|---|---|
| Content-Type | Mandatory | String | String represents indicate the media type of the resource (e.g. application/json, application/pdf) |
| X-TIMESTAMP | Mandatory | String | Client's current local time in yyyy-MM-ddTHH:mm:ssTZD format |
| X-CLIENT-KEY | Mandatory | String | Client’s client_id (PJP Name) (given at completion registration process) |
| X-SIGNATURE | Mandatory | String | Non-Repudiation & Integrity checking. X-Signature: dengan algoritma asymmetric signature SHA256withRSA. (Private_Key, stringToSign). stringToSign = client_ID + "|" + X-TIMESTAMP |
Request Body
Details
| Parameter | Mandatory | Type | Description |
|---|---|---|---|
| grantType | Mandatory | String | client_credentials: Used to request access token using client credentials (OAuth 2.0 RFC 6749 & 6750) |
| additionalInfo | Optional | Object | Additional Information |
Example Request - Payment
Details
sh
curl --location 'https://kronos-stage.mcpayment.id/auth/merchants/v1.0/access-token/b2b' \
--header 'X-TIMESTAMP: 2020-12-18T10:55:00+07:00' \
--header 'X-CLIENT-KEY: MCP00000001' \
--header 'X-SIGNATURE: PKiS0Gh2OLs+ibZaL9oWbYAAFRjMjJiS0MCmMbmFImoItuPZwicceUOhidRiNMt1PDH2fDHKFDkrJ+LQzNSukDU4gn9GIlusaGOkLaycIaU/ENKThupw3Z1ng3J3zkbBHJ/bMO1jOXS9zHEfqblYCdzyoEFe9p9pS8nnzHcS82yn4iisd1CQWfzW5z/aGQVVkLIWQAZQqRJSfG1lFCtKlB1DYOdSKHm62Wfu9bCxUIVWYsAbwTY6yYJEajfQYSdhIZv8i8uW/l4KE357pf4HNWhfpws3TA2SqHSwqRCLecP1a7+x824wa6AIaapKyiKpRfEG45F1OCO3JMVRkhmcJg==' \
--header 'Content-Type: application/json' \
--data '{
"grantType": "client_credentials",
"additionalInfo": {}
}'Example Request - Disbursement
Details
sh
curl --location 'https://api-stage.senmo.id/api/v1.0/access-token/b2b' \
--header 'X-TIMESTAMP: 2020-12-18T10:55:00+07:00' \
--header 'X-CLIENT-KEY: MCP00000001' \
--header 'X-SIGNATURE: PKiS0Gh2OLs+ibZaL9oWbYAAFRjMjJiS0MCmMbmFImoItuPZwicceUOhidRiNMt1PDH2fDHKFDkrJ+LQzNSukDU4gn9GIlusaGOkLaycIaU/ENKThupw3Z1ng3J3zkbBHJ/bMO1jOXS9zHEfqblYCdzyoEFe9p9pS8nnzHcS82yn4iisd1CQWfzW5z/aGQVVkLIWQAZQqRJSfG1lFCtKlB1DYOdSKHm62Wfu9bCxUIVWYsAbwTY6yYJEajfQYSdhIZv8i8uW/l4KE357pf4HNWhfpws3TA2SqHSwqRCLecP1a7+x824wa6AIaapKyiKpRfEG45F1OCO3JMVRkhmcJg==' \
--header 'Content-Type: application/json' \
--data '{
"grantType": "client_credentials",
"additionalInfo": {}
}'Header Response
Details
| Parameter | Mandatory | Type | Description |
|---|---|---|---|
| X-TIMESTAMP | Mandatory | String | Client's current local time in yyyy-MM-ddTHH:mm:ssTZD format |
| X-CLIENT-KEY | Mandatory | String | Client’s client_id (PJP Name) (given at completion registration process) |
Response Body
Details
| Parameter | Mandatory | Type | Description |
|---|---|---|---|
| responseCode | Conditional | String | Refer to standar data dan spesifikasi teknis part 6 (Response Code). If access token failed to generate, this value must be filled. |
| responseMessage | Conditional | String | Refer to standar data dan spesifikasi teknis part 6 (Response Message). If access token failed to generate, this value must be filled. |
| accessToken | Mandatory | String (2048) | A string representing an authorization issued to the client that used to access protected resources |
| tokenType | Mandatory | String | The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). Token Type Value: - “Bearer”: includes the access token string in the request - “Mac”: issuing a Message Authentication Code (MAC) key together with the access token that is used to sign certain components of the HTTP requests Reference: OAuth2.0 RFC 6749 & 6750 |
| expiresIn | Mandatory | String | Session expiry in seconds: 900 (15 menit) |
| additionalInfo | Optional | Object | Additional information for custom use that are not provided by SNAP |
Example Response - Payment
Details
sh
{
"responseCode": "2007300",
"responseMessage": "Successful",
"accessToken": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJNQzIwMjYwMTYwNTgiLCJpYXQiOjE3Njg5NjU3MzcsImV4cCI6MTc2ODk2NjYzN30.whW6B-b_hkkPP7pJ_dqAFeqAenVNNYUo38OuFGBbv-5RIDU_kXQb_Am4luzqsDvEkHOamrqxiRYZ-Zkr6vUhBA",
"tokenType": "Bearer",
"expiresIn": "900"
}Example Response - Disbursement
Details
sh
{
"responseCode": "2007300",
"responseMessage": "Successful",
"accessToken": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJNQzIwMjYwMTYwNTgiLCJpYXQiOjE3Njg5NjU3MzcsImV4cCI6MTc2ODk2NjYzN30.whW6B-b_hkkPP7pJ_dqAFeqAenVNNYUo38OuFGBbv-5RIDU_kXQb_Am4luzqsDvEkHOamrqxiRYZ-Zkr6vUhBA",
"tokenType": "Bearer",
"expiresIn": "900"
}