Appearance
API Access Token B2B
API Information
| Field | Value |
|---|---|
| Path | /api/{version}/access-token/b2b |
| HTTP Method | POST |
| Service Code | 73 |
| Version | v1.0 |
| Type Format | JSON |
To access all Senmo APIs, OAuth 2.0 is used as the Authorization and Authentication framework. You need to request an access token by calling the URL above with:
- Request Body/Payload:
grantType=client_credentials - Request Header: filled with a formulated Signature derived from your
privateKey, along withX-TIMESTAMPandclientID.
Request Structure
Request Header
Details
| Field | Type | Mandatory | Description |
|---|---|---|---|
X-TIMESTAMP | String | M | Must follow ISO 8601 format. e.g.: 2020-01-01T04:10:00+07:00 |
X-CLIENT-KEY | String | M | Client ID given by iFortepay, sent after registration is complete |
X-SIGNATURE | String | M | Request signature using Asymmetric Signature mechanism: SHA256withRSA(Private_Key, stringToSign). `stringToSign = clientID + " |
Content-Type | String | M | Fill with: application/json |
ORIGIN | String | O | Origin domain registered on the iFortepay system |
M = Mandatory, O = Optional
Request Body
Details
| Field | Type | Mandatory | Description |
|---|---|---|---|
grantType | String | M | Fill with: client_credentials |
Example Request
Details
artifact
id: access-token-request
name: Example Request - API Access Token B2B
type: code.bash
content: |-
curl --location 'https://api-stage.senmo.id/api/v1.0/access-token/b2b' \
--header 'Content-Type: application/json' \
--header 'X-TIMESTAMP: 2022-11-14T15:00:00+07:00' \
--header 'X-CLIENT-KEY: MCPD00000006' \
--header 'X-SIGNATURE: F6wcrU1TSZAfB3qsDBsGGpE/0B5C4CXWmosja0OIT875C3ABzYiFOnQwS62pIT/bV+2Rsr5f7gL2UdE9H5yxd7rhaJo14YCZO/LJmvL9NwrZM8JwLFGayiB64Sy37FBy4cachg0AGT6ELIiCW9j0E7A4DdE4eDons8+Yk6WFGKdHaxkcokHbGI9bHb4S+WZ/W9MqQI1K8pdGoFQ91zifqT/+Vjj2YRz2KR1taua59+Lk2jMJe7q/58yFJBdFdG/oD1WpNMQztkM9TcLb2/rd1h7YiVdmky3BFc5+Qq3kkYltTnZsUPPecqIaY0EqhPOFDbHj8ygH36njXUwZwSpMEw==' \
--header 'origin: https://www.finalunion.co.id' \
--data '{
"grantType": "client_credentials"
}'Response Structure
Response Header
Details
| Field | Type | Mandatory | Description |
|---|---|---|---|
Content-Type | String | M | Value: application/json |
X-TIMESTAMP | String | M | Time at iFortepay Server in ISO 8601 format |
Response Body
Details
| Field | Type | Mandatory | Description |
|---|---|---|---|
responseCode | String | M | Response code |
responseMessage | String | M | Response message |
accessToken | String | M | Authorization token issued to the client, used to access iFortepay APIs |
tokenType | String | M | Token type — iFortepay uses "Bearer" |
expiresIn | String | M | Session expiry in seconds: 900 seconds (15 minutes) |
Example Response
Details
✅ Success Response
json
{
"responseCode": "2007300",
"responseMessage": "Successful",
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"tokenType": "Bearer",
"expiredIn": "900"
}❌ Failed Response
json
{
"responseCode": "4007300",
"responseMessage": "Bad Request - X-TIMESTAMP is Required"
}