Apply Token

POST/v1.0/access-token/b2b2c.htm

This API is used to finalized account binding process by exchanging the authCode into accessToken that can be used as user authorization

API Type

SNAP API

Expected Timeout

8 second

SNAP Service Code

74

Accept

application/json

Content Type

application/json

This API is used for the following solution:

DANA Widget Binding

Seamlessly integrate DANA payments into merchant's platform, allowing customers to link their DANA accounts for faster, smoother transactions across all merchant's services.

---

Content-Type

string

1 - 127 charactersRequired

Content type, value always application/json

X-TIMESTAMP

string

25 charactersRequired

Transaction date time, in format YYYY-MM-DDTHH:mm:ss+07:00. Time must be in GMT+7 (Jakarta time)

X-CLIENT-KEY

string

Required

Unique identifier for partner was generated by DANA, or known as clientId

X-SIGNATURE

string

Required

Signature can be generated by asymmetricSignature method only

---

grantType

string

1 - 64 charactersRequired

Apply token request type. The values are AUTHORIZATION_CODE or REFRESH_TOKEN

authCode

string

1 - 256 charactersConditional

An authorization code which the caller get from API Get OAuth 2.0 URL

Conditional Info

Y:= grantType is AUTHORIZATION_CODE

refreshToken

string

1 - 512 charactersConditional

This token is used for refresh session if existing token has been expired

Conditional Info

Y:= grantType is REFRESH_TOKEN

additionalInfo

json object

Additional information

POST .../v1.0/access-token/b2b2c.htm HTTP/1.2
Content-type: application/json
X-TIMESTAMP: 2020-12-18T15:06:00+07:00
X-CLIENT-KEY: ${clientId}
X-SIGNATURE: asymmetric signature SHA256withRSA(Private_Key, stringToSign)
Where:
stringToSign = client_ID + “|” + X-TIMESTAMP
{
    "grantType": "AUTHORIZATION_CODE",
    "authCode": "ABC3821738137123",
    "refreshToken": "",
    "additionalInfo": {}
}

---

Content-Type

string

1 - 127 charactersRequired

Content type, value always application/json

X-TIMESTAMP

string

25 charactersRequired

Transaction date time, in format YYYY-MM-DDTHH:mm:ss+07:00. Time must be in GMT+7 (Jakarta time)

---

responseCode

string

7 charactersRequired

Refer to response code list

responseMessage

string

1 - 150 charactersRequired

Refer to response code list

tokenType

string

1 - 7 charactersConditional

Type of token

Conditional Info

Y:= Successfully processed

accessToken

string

1 - 512 charactersConditional

Customer Token used as a parameter in the Authorization-Customer header for subsequent API calls

Conditional Info

Y:= Successfully processed

accessTokenExpiryTime

string

25 charactersConditional

Expiry time for access token was given to user, in format YYYY-MM-DDTHH:mm:ss+07:00. Time must be in GMT+7 (Jakarta time)

Conditional Info

Y:= Successfully processed

refreshToken

string

1 - 512 charactersConditional

This token is used for refresh session if existing token has been expired

Conditional Info

Y:= Successfully processed

refreshTokenExpiryTime

string

25 charactersConditional

Expiry time for refresh token was given to user, in format YYYY-MM-DDTHH:mm:ss+07:00. Time must be in GMT+7 (Jakarta time)

Conditional Info

Y:= Successfully processed

additionalInfo

json object

Additional information

additionalInfo.userInfo

json object

Additional information of user. Contains publicUserId

publicUserId

string

1 - 64 characters

Static unique identifier for one user and one merchant

Content-Type: application/json
X-TIMESTAMP: 2020-12-18T15:06:00+07:00
{
  "responseCode": "2007400",
  "responseMessage": "Successful",
  "accessToken": "SQoHkw1tSfWsULjf3qrWpPqimAQi6IxcgmvO4200",
  "tokenType": "Bearer",
  "accessTokenExpiryTime": "2031-11-02T11:31:19+07:00",
  "refreshToken": "NEcnzX7Aq2vv5Ot08ZDSmCzfO4aEWhnWTpbf4200",
  "refreshTokenExpiryTime": "2031-11-02T11:31:19+07:00",
  "additionalInfo": {
      "userInfo": {
          "publicUserId": "21779009320193133"
      }
  }
}

---

Response	Cause	Solution
2007400Successful	Success to be processed	Mark Apply Token process as Success
4007400Bad Request	General request failed error	Mark Apply Token process as Failed. Retry request with proper parameter
4007401Invalid Field Format	Invalid format for certain field	Mark Apply Token process as Failed. Retry request with proper parameter
4007402Invalid Mandatory Field	Missing or invalid format on mandatory field	Mark Apply Token process as Failed. Retry request with proper parameter
4017400Unauthorized. [reason]	General unauthorized error	Mark Apply Token process as Failed. Retry request with proper parameter
4297400Too Many Requests	Maximum transaction limit exceeded	Mark Apply Token process as Failed. Retry request periodically
5007400General Error	General error non retry-able	Mark Apply Token process as Failed. Retry request periodically
5007401Internal Server Error	Unknown internal server failure, please retry the process again	Mark Apply Token process as Failed. Retry request periodically
Total timeout	Total timeout, the client side does not get any responses from the server side (Can be due to network issue, server slowing down, and so on)	Do a retry maximum 3 attempts, if still fails mark Apply Token process as Failed
Unexpected response (Empty field/field does not exist/undefined response code)	The server does not produce expected responses (Can be due to hardware failure, bugs, and so on)	• If the response code prefix are 202 and 5XX, mark Apply Token process as Failed • If empty field/field does not exist, mark Apply Token process as Failed