Appearance
Environment & Headers
Environment
Data sent in the Staging environment will not trigger an actual purchase.
Components
| Environment | URL |
|---|---|
| Staging | https://api-stage.ifortepay.id |
| Production | https://api.ifortepay.id |
ⓘ Whole service can be fully utilized in Production Environment.
Headers
All request headers will implement this format as a guide. Reference for the signature could be found in the upper section of the documents.
Header Request B2B
| Key | Requirement | Description | Example Value |
|---|---|---|---|
Content-Type | M | application/json | |
Authorization | C | String. Represents access_token of a request; string starts with keyword “Bearer ” followed by access_token (e.g. Bearer eyJraWQiOi...Jzc29zIiwiY) | |
X-TIMESTAMP | M | Client's current local time in yyyy-MM-ddTHH:mm:ssTZD format (ISO 8601) | 2021-11-02T13:14:15+07:00 |
X-SIGNATURE | M | Refers to the Signature & Security by using method: 1. Asymmetric Signature without Get Token 2. Symmetric Signature with Get Token | |
X-PARTNER-ID | M | Your Unique ID String (36). Merchant ID. | MCP2021110228 |
ORIGIN | O | Origin Domain | www.yourdomain.com |
X-EXTERNAL-ID | M | Numeric String (36). Reference number that should be unique in the same day | 41807553358950093184162180797837 |
CHANNEL-ID | M | Refers to each Payment Channel ID on Appendix. String (36) | VA001 |
Header Request Transaction Using B2B2C
| Name | Value / Format | Detail |
|---|---|---|
| Content-Type | application/json | Mandatory |
| Authorization | String | Mandatory. Represents access_token of a request; string starts with keyword Bearer followed by access_token (e.g. Bearer eyJraWQiOi...Jzc29zIiY) |
| Authorization-Customer | String | Conditional. Optional if the payment does not use account binding, but mandatory if the payment uses account binding. Represents access_token of a request belong customer; string starts with keyword Bearer followed by access_token (e.g. Bearer eyJrsWaiOi...Jzc523awiY) |
| X-TIMESTAMP | yyyy-MM-ddTHH:mm:ssTZD | Mandatory. Client current local time |
| X-SIGNATURE | String | Mandatory. Represents signature of a request. X-Signature uses symmetric signature algorithm HMAC_SHA512 (clientSecret). Formula: stringToSign = HTTPMethod + ":" + EndpointUrl + ":" + AccessToken + ":" + lowercase(hexEncode(SHA-256(minify(RequestBody)))) + ":" + TimeStamp |
| X-PARTNER-ID | String(36) | Mandatory. Unique ID for a partner (merchant_index) |
| X-EXTERNAL-ID | String(36) | Mandatory. Numeric string. Reference number that should be unique in the same day per merchant ID |
| CHANNEL-ID | String(20) | Mandatory. Payment channel |
Components response
| Name | Value | Detail |
|---|---|---|
Content-Type | application/json | |
X-TIMESTAMP | 2021-11-02T13:14:15+07:00 | Client's current local time in yyyy-MM-ddTHH:mm:ssTZD format (ISO 8601) |