Appearance
Access Token B2B2C
Merchant uses this API to exchange the authCode for a B2B2C access token. The access token will then be used to perform payment transactions.
| Path | /v1.0/access-token/b2b2c |
|---|---|
| HTTP Method | POST |
| Service Code | 74 |
| Type Format | JSON |
Components
| Environment | URL |
|---|---|
| Staging | https://api-stage.ifortepay.id/v1.0/access-token/b2b2c |
| Production | https://api.ifortepay.id/v1.0/access-token/b2b2c |
Header Request
Details
| Parameter | Data Type | Mandatory | Length | Description |
|---|---|---|---|---|
| Content-Type | String | Mandatory | - | String represents indicate the media type of the resource (e.g. application/json, application/pdf) |
| X-TIMESTAMP | String | Mandatory | - | Client's current local time in yyyy-MM-ddTHH:mm:ssTZD format |
| X-CLIENT-KEY | String | Mandatory | - | Client’s client_id (PJP Name) (given at completion registration process) |
| X-SIGNATURE | String | Mandatory | - | Non-Repudiation & Integrity checking. X-Signature generated using asymmetric signature SHA256withRSA (Private_Key, stringToSign). stringToSign = client_ID + " |
| CHANNEL-ID | String | Mandatory | - | Payment channel ID |
Request Body
Details
| Parameter | Data Type | Mandatory | Length | Description |
|---|---|---|---|---|
| grantType | String | Mandatory | - | Apply token request key type, can be AUTHORIZATION_CODE or REFRESH_TOKEN. |
| authCode | String | Conditional | 256 | The authorization code received after the user provides consent. Mandatory if grantType = AUTHORIZATION_CODE |
| refreshToken | String | Conditional | 512 | Refresh token to get a new accessToken where the user doesn't need to provide consent again. Mandatory if grantType = REFRESH_TOKEN. Refresh token should be less than access token validity and will be managed by the PJP’s application to generate a new access_token |
| additionalInfo | Object | Optional | - | Additional information for custom use that are not provided by SNAP |
Example Request
Details
sh
POST /api/v1/access-token/b2b2c HTTP/1.1
Host: localhost:44339
X-TIMESTAMP: 2020-01-01T00:00:00+07:00
X-CLIENT-KEY: 962489e9-de5d-4eb7-92a4-b07d44d64bf4
X-SIGNATURE: 07abc7c30d245c0ecce3ef6c2a9ac76cd9ffaf6d0d090773b429c2b97437dc72047f46d9890abb2d6d8af7594ea19787e79ec80e388e2f6225b449c2e4d82e7df50f37c301424aede785935703c1c70235ba4e59f589f571218ce2dce4c061e598f0f38d1ac57f3feb52cf0c31078e3ceee8d796c53983fe1d38ebd71155aaa613700dc21f5a57941b787f921af7d287e72687d5242eb3063d543d5f5923f76db008cf4f56fb9c618f7f4bc8366ae70d88705617487754563e629119013fa0549e6645b397524b3dd2fa7e7f3fe9faf0fbf77da59f566861a3c510241fd4416ab7d0eba42d998e1178da51d607e0ef866607c458837c762323be53827d86e875
Content-Type: application/json
Content-Length: 119
{
"grantType":"authorization_code",
"authCode":"a6975f82-d00a-4ddc-9633-087fefb6275e",
"refreshToken":"83a58570-6795-11ec-90d6-0242ac120003",
"additionalInfo":{ }
}Header Response
| Parameter | Data Type | Mandatory | Length | Description |
|---|---|---|---|---|
| X-TIMESTAMP | String | Mandatory | Client's current local time in yyyy-MM-ddTHH:mm:ssTZD format | |
| X-CLIENT-KEY | String | Mandatory | Client’s client_id (PJP Name) (given at completion registration process) |
Response Body
| Parameter | Data Type | Mandatory | Length | Description |
|---|---|---|---|---|
| responseCode | String | Conditional | Refer to standar data dan spesifikasi teknis part 6 (Response Code). If access token failed to generate, this value must be filled. | |
| responseMessage | String | Conditional | Refer to standar data dan spesifikasi teknis part 6 (Response Code). If access token failed to generate, this value must be filled. | |
| accessToken | String | Mandatory | 2048 | A string representing an authorization issued to the client that used to access protected resources. |
| tokenType | String | Mandatory | The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). Token Type Value: Bearer: includes the access token string in the request. Mac: issuing a Message Authentication Code (MAC) key together with the access token that is used to sign certain components of the HTTP requests. Reference: OAuth2.0 RFC 6749 & 6750. | |
| accessTokenExpiryTime | String | Mandatory | Time when the accessToken will be expired. Access token valid time will be 15 days. Format ISO8601. | |
| refreshToken | String | Mandatory | A random string that can be used by specific client to get a refreshed accessToken to prolong the access to the User's resources. | |
| refreshTokenExpiryTime | String | Mandatory | Time when the refreshToken will be expired. Refresh Token should be less than access token validity and will be managed by the PJP’s application to generate a new access_token. Format ISO8601. | |
| additionalInfo | Object | Optional | Additional information for custom use. |
Example Response
Details
sh
{
"responseCode":"2007400",
"responseMessage":"Successful",
"accessToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIyMTFlZThiMi1hN2FlLTRhZGUtYmJlYS1mNzI3MDk3ZmQ0NmEiLCJjbGllbnRJZCI6IjZhZTk1N2M0LTI4NjMtNDcxMy1hY2NlLWJhMTJkZTYzNmNmYyIsIm5iZiI6MTYxMTQ2ODk3OCwiZXhwIjoxNjExNDY5ODc4LCJpYXQiOjE2MTE0Njg5Nzh9.KM7yz9GvuUaDR1bXwei4iO0h4e3g4o1Hct5Ie9VoBdo",
"tokenType":"Bearer",
"accessTokenExpiryTime":"2020-01-01T00:00:00+07:00",
"refreshToken":"57d21fe3-ba9c-4f2d-9fde-eae669bbf80d",
"refreshTokenExpiryTime":"2020-01-01T00:00:00+07:00",
"additionalInfo":{}
}