Skip to main content

Apply Token

POST/v1.0/access-token/b2b2c.htm

This API is used to finalized account binding process by exchanging the authCode into accessToken that can be used as user authorization. For the easiest integration, use DANA's Libraries to implement DANA Widget Binding.

API Type
SNAP API
Expected Timeout
8 second
SNAP Service Code
74
Accept
application/json
Content Type
application/json
Content-Type
string
1 - 127 charactersRequired
Content type, value always application/json
X-TIMESTAMP
string
25 charactersRequired
Transaction date time, in format YYYY-MM-DDTHH:mm:ss+07:00. Time must be in GMT+7 (Jakarta time)
X-CLIENT-KEY
string
Required
Unique identifier for partner was generated by DANA, or known as clientId
X-SIGNATURE
string
Required
Signature can be generated by asymmetricSignature method only
X-PARTNER-ID
string
1 - 36 charactersRequired
Unique identifier for partner was generated by DANA, or known as clientId
grantType
string
1 - 64 charactersRequired
Apply token request type. The values are AUTHORIZATION_CODE or REFRESH_TOKEN
authCode
string
1 - 256 charactersConditional
An authorization code which the caller get from Deeplink Binding
Conditional Info
Y:= grantType is AUTHORIZATION_CODE
refreshToken
string
1 - 512 charactersConditional
This token is used for refresh session if existing token has been expired
Conditional Info
Y:= grantType is REFRESH_TOKEN
additionalInfo
json object
Additional information
POST .../v1.0/access-token/b2b2c.htm HTTP/1.2
Content-type: application/json
X-TIMESTAMP: 2020-12-18T15:06:00+07:00
X-CLIENT-KEY: ${clientId}
X-SIGNATURE: asymmetric signature SHA256withRSA(Private_Key, stringToSign)
X-PARTNER-ID: 82150823919040624621823174737537
Where:
stringToSign = client_ID + “|” + X-TIMESTAMP
{
    "grantType": "AUTHORIZATION_CODE",
    "authCode": "ABC3821738137123",
    "refreshToken": "",
    "additionalInfo": {}
}
Content-Type
string
1 - 127 charactersRequired
Content type, value always application/json
X-TIMESTAMP
string
25 charactersRequired
Transaction date time, in format YYYY-MM-DDTHH:mm:ss+07:00. Time must be in GMT+7 (Jakarta time)
responseCode
string
7 charactersRequired
Refer to response code list
responseMessage
string
1 - 150 charactersRequired
Refer to response code list
tokenType
string
1 - 7 charactersConditional
Type of token
Conditional Info
Y:= Successfully processed
accessToken
string
1 - 512 charactersConditional
Customer Token used as a parameter in the Authorization-Customer header for subsequent API calls
Conditional Info
Y:= Successfully processed
accessTokenExpiryTime
string
25 charactersConditional
Expiry time for access token was given to user, in format YYYY-MM-DDTHH:mm:ss+07:00. Time must be in GMT+7 (Jakarta time)
Conditional Info
Y:= Successfully processed
refreshToken
string
1 - 512 charactersConditional
This token is used for refresh session if existing token has been expired
Conditional Info
Y:= Successfully processed
refreshTokenExpiryTime
string
25 charactersConditional
Expiry time for refresh token was given to user, in format YYYY-MM-DDTHH:mm:ss+07:00. Time must be in GMT+7 (Jakarta time)
Conditional Info
Y:= Successfully processed
additionalInfo
json object
Additional information
additionalInfo.userInfo
json object
Additional information of user. Contains publicUserId
publicUserId
string
1 - 64 characters
Static unique identifier for one user and one merchant
Content-Type: application/json
X-TIMESTAMP: 2020-12-18T15:06:00+07:00
{
  "responseCode": "2007400",
  "responseMessage": "Successful",
  "accessToken": "SQoHkw1tSfWsULjf3qrWpPqimAQi6IxcgmvO4200",
  "tokenType": "Bearer",
  "accessTokenExpiryTime": "2031-11-02T11:31:19+07:00",
  "refreshToken": "NEcnzX7Aq2vv5Ot08ZDSmCzfO4aEWhnWTpbf4200",
  "refreshTokenExpiryTime": "2031-11-02T11:31:19+07:00",
  "additionalInfo": {
      "userInfo": {
          "publicUserId": "21779009320193133"
      }
  }
}
ResponseCauseSolution
2007400Successful
Success to be processed
Mark Apply Token process as Success
4007400Bad Request
General request failed error
Mark Apply Token process as Failed. Retry request with proper parameter
4007401Invalid Field Format
Invalid format for certain field
Mark Apply Token process as Failed. Retry request with proper parameter
4007402Invalid Mandatory Field
Missing or invalid format on mandatory field
Mark Apply Token process as Failed. Retry request with proper parameter
4017400Unauthorized. [reason]
General unauthorized error
Mark Apply Token process as Failed. Retry request with proper parameter
4297400Too Many Requests
Maximum transaction limit exceeded
Mark Apply Token process as Failed. Retry request periodically
5007400General Error
General error non retry-able
Mark Apply Token process as Failed. Retry request periodically
5007401Internal Server Error
Unknown internal server failure, please retry the process again
Mark Apply Token process as Failed. Retry request periodically
Total timeout
Total timeout, the client side does not get any responses from the server side (Can be due to network issue, server slowing down, and so on)
Do a retry maximum 3 attempts, if still fails mark Apply Token process as Failed
Unexpected response (Empty field/field does not exist/undefined response code)
The server does not produce expected responses (Can be due to hardware failure, bugs, and so on)
• If the response code prefix are 202 and 5XX, mark Apply Token process as Failed
• If empty field/field does not exist, mark Apply Token process as Failed
ask AIAI Assistant
Need help with our documentation?
Start from our frequently asked questions or feel free to ask anything else.

AI generated responses may contain mistakes.