Security
SNAP (Standar Nasional Open API or National Standard of Payment API) is National Standard of Payment API established by Central Bank of Indonesia to build a healthy, competitive and innovative payment industry market; encourage integration, interconnection and interoperability also security and advanced payment infrastructure; and improve a healthy, efficient and reasonable market practice in payment activity over Indonesia.
We use encrypted signature to make sure integrity of each request being made.
Request Header for obtaining B2B Access Token
Field | Attribute | Type | Description |
---|---|---|---|
Content-Type | Mandatory | String | String represents indicate the media type of the resource (e.g. application/json, application/pdf) |
X-TIMESTAMP | Mandatory | String | Timestamp in ISO8601 format, Example: 2024-05-14T18:54:57+07:00 |
X-SIGNATURE | Mandatory | String | Signature generated with by encrypting client key and timestamp |
X-CLIENT-KEY | Mandatory | String | Unique ID for a partner given by Durianpay upon completing registration. The Unique ID can be seen in Settings-API Keys |
Request Header for Transaction API
Field | Attribute | Type | Description |
---|---|---|---|
Content-Type | Mandatory | String | String represents indicate the media type of the resource (e.g. application/json, application/pdf) |
Authorization | Mandatory | String | Represents Access Token (B2B) of a request; string starts with keyword “Bearer ” followed by Access Token (B2B) |
X-TIMESTAMP | Mandatory | String | Timestamp in ISO8601 format, Example: 2024-05-14T18:54:57+07:00 |
X-SIGNATURE | Mandatory | String | Signature generated by encrypting HTTP method, relative path, access token, minified request body, and timestamp |
X-PARTNER-ID | Mandatory | String | Unique ID for a partner given by Durianpay upon completing registration. Its value is same as the X-CLIENT-KEY |
X-EXTERNAL-ID | Mandatory | String | Numeric String. Reference number given by merchant that should be unique. |
CHANNEL-ID | Mandatory | String | Device identification on which the API services is currently being accessed by the end user (customer) |