Card Registration SNAP

Endpoint to register Customer's Direct Debit Card.

Name	API Card Registration
Service Code	01
Path	/v1.0/registration-card-bind
Version	1.0
HTTP Method	POST
Type Format	JSON

Request Body

Field	Type	Mandatory	Length	Description
partnerReferenceNo	String	O	64	Transaction identifier on partner system
accountName	String	O	128	Customer's full name
cardData	Encrypted Object	M		Refer to Card Data Encryption section
> bankAccountNo	String	O	32	Account Number
> bankCardNo	String	M	19	Card Number. For BRI, in production users only need to input the last 4 digits. Example: 3210
> bankCardType	String	M	2	Type of Card. Possible value is only D : Debit
> identificationNo	String	O	64	Customer's ID number
> identificationType	String	O	2	Type of ID (01 - passport, 02 - eKTP & KTP, 03 - TKTp, 04 - SIM (Driver License), 99 - Others)
> email	String	M	254	RFC 3696. Unique ID Merchant
> expiryDate	String	M	4	Card expiry date. Format MMYY
custIdMerchant	String	M	18	Merchant's customer ID
merchantId	String	O	64	Merchant identifier that is unique per merchant. Use merchant index or same value as X-PARTNER-ID
phoneNo	String	M	16	Customer's Phone Number. Format: 62xxxxxxxxxxxxxx. For BRI, phone number must be registered with BRIMo
type	String	O	20	Action Type. Fill "subscribe"
additionalInfo	Object	O		Additional Information

Request sample:

--header 'X-TIMESTAMP: 2020-12-18T10:55:00+07:00' \
--header 'X-SIGNATURE: aDD9OZlDYzlcPt1g6hyRvgGgt3nSideihHBij64eL1xUKlh8WRuhDgzDpKPBbbfiukLejZgJH0+q+CnGFRs9hpS3cCBdfTZHNNgELDdxGVpmiqrmTqAthuhuXGWG/n9z1Z8mwJV6loI9WDRKKINV0c0FCdkfRLrfzuHgZjUb4Ld2zezjUQ8FYnS6VelYHCM/ksHupFgkwXJ9Sc+jPMfJhZ8z/tEGu9KOzoNfOb1yTEnSaIqzFU1SaJdoiBnbfk8d31kVnc6OIePIPKadKmLC4hYS27shGOF6PqSiCYjyp0wBPASW1gCL0gMaR3XB40IXv4TcAs/v4+ASL0zZsSuYAkCjebraA==' \
--header 'X-PARTNER-ID: IFP2024078155' \
--header 'CHANNEL-ID: DD003' \
--header 'X-EXTERNAL-ID: 15137152325409' \
--header 'X-TRACE-ID: 1' \
--header 'X-PUBLIC-ID: ipaaldkjf' \
--header 'Content-Type: application/json' \
--data '{
    "partnerReferenceNo": "QA-20240705-003",
    "accountName": "Farau Rawr",
    "cardData": "11bd790738cab1d329be496561bb2de901219fc7a861bf46b6932bdcbfd92dced9d6356d6fa4618b2ec323f9a6bd293978bac25a3ea1b2e88738facbc231a7c8b9f0c2951f22863093268da1a4fc8b10493b222559256505b2f6fc5121da2bbdcdd4784e20b1ead8a1ed65d316ad13dbfadd456aa0988c54706ee195dbb7602305636cec8b157e7992534a9bb6e76f2aaa1a4c6ce5b2b62e6e828c3732b913cd12d14eaff80b93ff631c81c4700a7b3e3b1fc5bdf01d029950d0713102e97a10",
    "custIdMerchant": "78678687613",
    "merchantId": "IFP2024068084",
    "phoneNo": "6283849420146",
    "type": "subscribe",
    "additionalInfo": {}
}'

Card Data Encryption

To encrypt card data, use the AES-256-CBC encryption algorithm with the Secret Key as the encryption key. The Secret Key must be encrypted with MD5 before use. AES-256-CBC requires an initialization vector (IV) that contains the unencrypted Secret Key. The encrypted card data output will be in hexadecimal format. To execute encryption, please refer to the following link: https://www.devglan.com/online-tools/aes-encryption-decryption The components of the AES-256-CBC algorithm are as follows:

No	Component	Description	Example
1	Plain Text	The original data to be encrypted. Fill with Card Data information.	json { "bankAccountNo": "507238120", "bankCardNo": "5221843000100021", "identificationNo": "284923840902938402", "identificationType": "02", "email": "crisevan@gmail.com", "expiryDate": "1010" }
2	Cipher Mode of Encryption	The specific algorithm used to apply the encryption key.	CBC
3	Padding	A method to ensure that the plaintext length is a multiple of the block size.	PKCS5
4	IV (Initialization Vector)	16 digit value used to initialize the encryption process. - For Sandbox environment, use value: IFPCardIV1234567 - For Production environment please contact IFP team	IFPCardIV1234567
5	Size in Bits	The length of the encryption key in bits. Fill with 256 bits	256
6	Secret Key	A secret value used to encrypt and decrypt data. To get Secret Key value, use value from IV (Initialization Vector) then Hash it using MD5	78a0a80c614dd895a8750b128610fe55

Example Result of the Encrypted Card Data:

11bd790738cab1d329be496561bb2de901219fc7a861bf46b6932bdcbfd92dced9d6356d6fa4618b2ec323f9a6bd293978bac25a3ea1b2e88738facbc231a7c8b9f0c2951f22863093268da1a4fc8b10493b222559256505b2f6fc5121da2bbdcdd4784e20b1ead8a1ed65d316ad13dbfadd456aa0988c54706ee195dbb7602305636cec8b157e7992534a9bb6e76f2aaa1a4c6ce5b2b62e6e828c3732b913cd12d14eaff80b93ff631c81c4700a7b3e3b1fc5bdf01d029950d0713102e97a10

Response Body

Field	Type	Mandatory	Length	Description
responseCode	String	M	7	Response Code
responseMessage	String	M	150	Response Description
referenceNo	String	M	64	Transaction identifier on iFortepay system
partnerReferenceNo	String	O	64	Transaction identifier on partner system
bankCardToken	String	M	128	Card Token for Payment. Card Token have an active period that follows the card's expiration date.
chargeToken	String	O	40	String Code for Verification OTP.
tokenExpiryTime	String	O	25	Time when the token will be expired. Format: ISO-8601. By default it will expire within 2 minutes 29 seconds
additionalInfo	Object	O		Additional Information
additionalInfo.remainingOtpRetry	String	O		Remaining OTP Retry. Not all banks have this data.
additionalInfo.merchantId	String	O	64	Merchant identifier that is unique per merchant. Use merchant index
additionalInfo.phoneNo	String	M	16	Customer's Phone Number. Format: 62xxxxxxxxxxxxxxxx
additionalInfo.email	String	O	254	RFC 3696

Sample response:

{
  "additionalInfo": {
    "email": "irham.raziqony@ifortepay.id",
    "merchantId": "IFP2024078155",
    "phoneNo": "6283849420146",
    "remainingOtpRetry": 3
  },
  "bankCardToken": "",
  "chargeToken": "TOK_QDD74GUP3XRPMG2GMOU4BMWXEE73IJ2Q::0146",
  "partnerReferenceNo": "QA-20240705-003",
  "referenceNo": "019081d2538c7e9bab9d10e82a5622af",
  "responseCode": "2000100",
  "responseMessage": "Successful",
  "tokenExpiryTime": "2024-07-05T14:38:33+07:00"
}