Get OAuth 2.0 URL
GET/v1.0/get-auth-code
This API is used to generate OAuth 2.0 redirect URL to DANA to initiate account binding process where the user will be able to register/login from DANA page
API Type
SNAP API
Expected Timeout
8 second
SNAP Service Code
10
Accept
application/json
Content Type
application/json
This API is used for the following solution:
Seamlessly integrate DANA payments into merchant's platform, allowing customers to link their DANA accounts for faster, smoother transactions across all merchant's services.
partnerId
string
1 - 64 charactersRequiredUnique identifier for partner was generated by DANA, or known as clientId
timestamp
string
25 charactersRequiredTransaction date time, in format YYYY-MM-DDTHH:mm:ss+07:00. Time must be in GMT+7 (Jakarta time)
externalId
string
1 - 64 charactersRequiredInformation of partner identifier, uniquer per binding request
channelId
string
1 - 64 charactersRequiredInformation of channel identifier
merchantId
string
1 - 64 charactersMerchant identifier that is unique per each merchant
subMerchantId
string
1 - 32 charactersSub merchant identifier, known as externalDivisionId must be registered in the DANA system before use. To register a new externalDivisionId, use the Create Division API
seamlessData
string
1 - 512 charactersAllows merchants to provide user's phone number during binding, eliminating manual entry. See sample below for seamlessData format
How to include seamlessData
seamlessData = URLEncode({"mobileNumber":"62822999999","bizScenario":"PAYMENT","verifiedTime":"2020-12-23T07:44:11+07:00","externalUid":"7381273821udasudy712368213","deviceId":"637216gygd76712313"})
seamlessData.bizScenario
string
1 - 64 charactersUser's bizScenario
seamlessData.mobileNumber
string
1 - 18 charactersUser's phone number. If this field is filled in, the user must log in with the number that has been included
seamlessData.verifiedTime
string
25 charactersValue which states that the mobile number that has been included in seamlessData has verified ownership and does not require OTP verification by the provider, in format YYYY-MM-DDTHH:mm:ss+07:00. Time must be in GMT+7 (Jakarta time)
seamlessData.externalUid
string
1 - 32 charactersUser identifier on partner application
seamlessData.deviceId
string
1 - 32 charactersUser's device identifier
seamlessSign
string
1 - 512 charactersConditionalPlease refer sample below to know how to include seamlessSign. The steps to generate seamlessSign are:
1. The partner uses the private key to sign seamlessData, while the provider will use the partner's public key for the verification process
2. Sign the seamlessData with generated privateKey and algorithm SHA256withRSA
3. EncodeBase64 the result of seamlessData which already signed by private key (Second Step)
4. URLEncode the result of base64 encoded string (Third Step)
1. The partner uses the private key to sign seamlessData, while the provider will use the partner's public key for the verification process
2. Sign the seamlessData with generated privateKey and algorithm SHA256withRSA
3. EncodeBase64 the result of seamlessData which already signed by private key (Second Step)
4. URLEncode the result of base64 encoded string (Third Step)
Conditional Info
Y:= seamlessData is filled
How to include seamlessSign
seamlessSign = URLEncode(Base64.encode(sign(seamlessData,privateKey)))
scopes
array of string
1 - 256 charactersRequiredThe scopes of the authorization, refer to OAuthScopeEnum
DEFAULT_BASIC_PROFILE
string
Query user's maksed identifier
AGREEMENT_PAY
string
Agreement pay authentication can be shared, complete agreement pay with accessToken
QUERY_BALANCE
string
Allow user to see the user’s balance by using
Balance Inquiry APICASHIER
string
Allow user to complete payment in cashier pages
MINI_DANA
string
Allows users to access the Mini DANA home page, which displays user name, masked identifier (mobile number), current balance, and options for top-up and transaction viewing, along with various banners. This requires APIs such as Apply OTT, Account Unbinding, and Transaction History
PUBLIC_ID
string
Get user’s publicUserId in the
Apply Token API response. The publicUserId is an unique id for one user and one merchantredirectUrl
string
1 - 256 charactersRequiredAfter successful authorization, users will be redirected to this URL
state
string
1 - 32 charactersRequiredRandom string for CSRF protection purposes
lang
string
2 charactersService language code. ISO 639-1
allowRegistration
string
1 - 5 charactersIf value equals
true, provider may enable registration process during binding. Default trueGET .../v1.0/get-auth-code?timestamp=2020-12-23T09:10:11+07:00&partnerId=21667842748173213&externalId=637126721366372&channelId=DANAID&state=WOdkkwijSDs&scopes=QUERY_BALANCE,PUBLIC_ID&redirectUrl=https://domain.com/authSuccess.htm&seamlessData=%7B%22externalUid%22%3A%22085042ae-0c3f-465d-9590-595a9ce6d56f%40blibli%22%2C%22mobile%22%3A%22083897951530%22%2C%22reqTime%22%3A%222023-07-05T09%3A30%3A58%2B07%3A00%22%2C%22verifiedTime%22%3A%220%22%2C%22reqMsgId%22%3A%22db1e42a4%22%2C%22skipConsultRegister%22%3Atrue%7D&seamlessSign=vbhdauyeuwqye63721313
responseCode
string
7 charactersRequiredRefer to response code list
responseMessage
string
1 - 150 charactersRequiredRefer to response code list
state
string
1 - 32 charactersRequiredRandom string for CSRF protection purposes
authCode
string
1 - 256 charactersRequiredAn authorization code which the caller can use to obtain an access token
https://www.merchant.com/oauth/callback?responseCode=2001000&responseMessage=Successful&authCode=xxx&state=2345555
| Response | Cause | Solution |
|---|---|---|
2001000Successful | Success to be processed | Mark Get OAuth 2.0 URL process as Succes. Get the auth_code in the URL then do a process of apply customer token |
4001000Bad Request | General request failed error | Mark Get OAuth 2.0 URL process as Failed. Retry request with proper parameter |
4001001Invalid Field Format | Invalid format for certain field | Mark Get OAuth 2.0 URL process as Failed. Retry request with proper parameter |
4001002Invalid Mandatory Field | Missing or invalid format on mandatory field | Mark Get OAuth 2.0 URL process as Failed. Retry request with proper parameter |
4011000Unauthorized. [reason] | General unauthorized error | Mark Get OAuth 2.0 URL process as Failed. Retry request with proper parameter |
4041008Invalid Merchant | Merchant does not exist or status abnormal | Mark Get OAuth 2.0 URL process as Failed. Retry request with proper parameter |
4291000Too Many Requests | Maximum transaction limit exceeded | Mark Get OAuth 2.0 URL process as Failed. Retry request periodically |
5001000General Error | General error non retry-able | Mark Get OAuth 2.0 URL process as Failed. Retry request periodically |
5001001Internal Server Error | Unknown internal server failure, please retry the process again | Mark Get OAuth 2.0 URL process as Failed. Retry request periodically |
Total timeout | Total timeout, the client side does not get any responses from the server side (Can be due to network issue, server slowing down, and so on) | Do a retry maximum 3 attempts, if still fails mark Get OAuth 2.0 URL process as Failed |
Unexpected response (Empty field/field does not exist/undefined response code) | The server does not produce expected responses (Can be due to hardware failure, bugs, and so on) | • If the response code prefix are 202 and 5XX, mark Get OAuth 2.0 URL process as Failed • If empty field/field does not exist, mark Get OAuth 2.0 URL process as Failed |