E-Money Account Linkage
  • Introduction
  • API SPECIFICATION
    • Functional Requirement
    • Authentication
    • Merchant Resource
      • Merchant Registration
        • Merchant Registration Request
        • Merchant Registration Complete
      • Merchant Transfer to Other Account
        • Inquiry Merchant Transfer to Other Account
        • Payment Merchant Transfer to Other Account
      • Merchant Transfer To Bank
        • Inquiry Merchant Transfer Out to Bank
        • Payment Merchant Transfer Out to Bank
      • Merchant Disbursement To Bank
        • Inquiry Merchant Disbursement to Bank
        • Payment Merchant Disbursement to Bank
      • Merchant Verify User Name
      • Resend Registration SMS Token
      • Resend Registration E-Mail
      • Check Balance & Status
      • Check History
      • Change Password for Merchant Account
      • Change E-Mail
      • Change Phone Number
        • Change Phone Number Request
        • Change Phone Number Response
    • Customer Resource
      • Customer Registration
      • Check Balance & Status
      • Check History
      • Customer Upgrade
      • Customer Transaction to Other Account
        • Inquiry Customer Transfer to Other Account
        • Request Customer Transfer to Other Account
        • Confirm Customer Transfer to Other Account
      • Customer Transfer to Bank
        • Inquiry Transfer to Bank Account
        • Payment Transfer to Bank Account
      • Customer Disburse To Bank
        • Inquiry Disbursement to Bank Account
        • Payment Disbursement to Bank Account
      • QR / QRIS Feature
        • QR Internal Feature
          • QR Internal Inquiry
          • QR Internal Payment
        • Qris Feature
          • Qris Customer Inquiry
          • Qris Customer Payment
          • Qris Customer Check Status
      • Balance Limitation Check
    • Log Out
    • Transaction Code
    • Response Code
    • Get List Bank
      • Get List Bank Transfer Out
      • Get List Bank Disbursement
      • Get List Bank BI-Fast
    • List Bank
    • FAQ
Powered by GitBook
On this page
  • Step 1: Authorization Link
  • Description
  • Step 2 : Request Access Token
  • Description
  • Step 3 : Client Host Authorization
  • Description
  • Step 4 : Refresh Token
  • Description
  1. API SPECIFICATION

Authentication

This API is used to authorize user or customer using their own credential to access their respected resources.

Step 1: Authorization Link

This API used for authorization (login) process.

Canonical Path

/rest/h2h/authorization/

Method

POST

Query Param

-

Content-Type

application/json

Content

{
    “client_id”: <String, not null>, 
    “client_secret”: <String, not null>, 
    “response_type”: “code”, 
    “user_type”: <String, not null>, 
    “username”: <String, not null>, 
    “password”: <String, not null>
}

Content-Type

application/json

Content

{
    "status": <string, not null>, 
    "code": <String, not null
}

Description

Field

Description

client_id

Public identifier of the client

client_secret

Client Secret Key

response_type

The value "code"specify that an application is requesting authorization code grant

user_type

User type: CUSTOMER or MERCHANT

username

Username for Login (using phone number)

password

Login Password/PIN (must be hashed using MD5 UPPERCASE)

Step 2 : Request Access Token

Using the authorization code from step 1 the client application can request the access token that can be used to access the API.

Canonical Path

/rest/oauth/token

Method

POST

Query Param

-

Content-Type

application/x-www-form-urlencoded

Content

▪client_id=<String>,

▪client_secret=<String>

▪grant_type=authorization_code

▪code=<String> redirect_uri=<String>

Content-Type

application/json

{
    "access_token": <String>, 
    "token_type": <String>, 
    "expires_in": <String>, 
    "refresh_token": <String>,
    "scope": <String>
}

Description

Field

Description

client_id

Public identifier of the client

client_secret

Secret key of the client

grant_type

Type of grant: authorization_code

code

Authorization code

redirect_uri

Redirection endpoint where the service redirect user-agent after an authorization code is granted

access_token

User access token as requested

token_type

The type of token: Bearer

expires_in

The lifetime in seconds of the access token

refresh_token

Token that can be used to obtain new access token using the same authorization grant

scope

The scope of the access token

Step 3 : Client Host Authorization

This API is used to authorize the host of client to access client resources. The flow of this process is based on OAuth client credentials to get access token. The access token then can be used to request the respected resource API.

Canonical Path

rest/oauth/token

Method

POST

Query Param

-

Content-Type

application/x-www-form-urlencoded

Content

▪ client_id=<String>

▪ client_secret=<String>

▪ grant_type=client_credentials

Content-Type

application/json

Content

{
    "access_token": <String>, 
    "token_type": <String>, 
    "expires_in": <String>, 
    "refresh_token": <String>, 
    "scope": <String>
}

Description

Field

Description

client_id

Public identifier of the client

client_secret

Secret key of the client

grant_type

Type of grant: client_credentials

access_token

Host access token as requested

token_type

The type of token: Bearer

expires_in

The lifetime in seconds of the access token

refresh_token

Token that can be used to obtain new access token using the same authorization grant (never expired)

scope

The scope of the access token

Step 4 : Refresh Token

This API is used to refresh access_token before or after access_token expires as long the refresh_token is still valid.

Canonical Path

/rest/oauth/token

Method

POST

Query Param

-

Content-Type

application/x-www-form-urlencoded

Content

▪ client_id=<String>

▪ client_secret=<String>

▪ grant_type=refresh_token

▪ refresh_token=<refresh_token>

▪ redirect_uri=<String>

Content-Type

application/json

Content

{
    "access_token": <String>, 
    "token_type": <String>, 
    "expires_in": <String>, 
    "scope": <String>
}

Description

Field

Description

client_id

Public identifier of the client

client_secret

Secret key of the client

grant_type

Type of grant: refresh_token

access_token

Host access token as requested

token_type

The type of token: Bearer

expires_in

The lifetime in seconds of the access token

refresh_token

Token that can be used to obtain new access token using the same authorization grant (never expired)

scope

The scope of the access token

PreviousFunctional RequirementNextMerchant Resource

Last updated 2 years ago