Set Color Mode

Integration Steps


Method

Signature is used to ensure data integrity and authenticity of the request or response for each API. The signature needs to be provided using a private key. Our system supports the use of PKCS#1 for the private key, thus merchant should generate the signature with rsa_private_key.pem. The generated signature will be verified using a public key with rsa_public_key.pem.

Generate Private/Public Key Pair

Run this command on your terminal

Generate Private Key

bash/zsh
openssl genrsa -out rsa_private_key.pem 2048

Generate Public Key

bash/zsh
openssl rsa -in rsa_private_key.pem -out rsa_public_key.pem -pubout

You will need to send the generated public key to Durianpay team in zip format.

Request Overview

There are two type of requests:

  • Obtaining Access Token (B2B)
  • Transaction Request

Both of them has different request header and signature generation

Request Header

Request Header for obtaining B2B Access Token

FieldAttributeTypeDescription
Content-TypeMandatoryStringString represents indicate the media type of the resource (e.g. application/json, application/pdf)
X-TIMESTAMPMandatoryStringClient's current local time in ISO8601 format
X-SIGNATUREMandatoryStringRepresents signature of a request. Identify Signature Type used
X-CLIENT-KEYMandatoryStringUnique ID for a partner given by Durianpay upon completing registration. The Unique ID can be seen in Settings-API Keys

Request Header for Transaction API

FieldAttributeTypeDescription
Content-TypeMandatoryStringString represents indicate the media type of the resource (e.g. application/json, application/pdf)
AuthorizationMandatoryStringRepresents access_token of a request; string starts with keyword “Bearer ” followed by access_token
X-TIMESTAMPMandatoryStringClient's current local time in ISO8601 format
X-SIGNATUREMandatoryStringRepresents signature of a request. Identify Signature Type used
X-PARTNER-IDMandatoryStringUnique ID for a partner given by Durianpay upon completing registration. Its value is same as the X-CLIENT-KEY
X-EXTERNAL-IDMandatoryStringNumeric String. Reference number that should be unique.
CHANNEL-IDMandatoryStringPJP’s channel id Device identification on which the API services is currently being accessed by the end user (customer)

Sandbox Environment

To test in sandbox environment, merchant can refer to here

Steps Overview

Step 1: Generate Signature

Generate Signature for Obtaining B2B Access Token

<X-CLIENT-KEY> | <X-TIMESTAMP> (on ISO8601 format) which then signed using SHA256withRSA with Private/Public Key pair merchant has generated.

Example: merchant_client_key|2024-05-13T14:53:06.991+07:00

Final Result: X-Signature: aw3o6HM68vJDLO4nxAPgK0it5nd6zik3bUgMzqLiTrIB7w1QbnCLDo2cbCTxJ4/Vj45z1 vD8sKvr58wRkecUacvQ4NJxfqVdJMXLW6DwQKhD2KuypyYTUXUetT70tUWiF3LHz357ZQq8H18rzRwbrZuUvFh671/IMVjaYsbPk9s=

Generate Signature for Transaction

<HTTP METHOD> + ":" + <RELATIVE PATH URL> + ":" + <B2B ACCESS TOKEN> + ":" + LowerCase(HexEncode(SHA-256(Minify(<HTTP BODY>)))) + ":" + <X-TIMESTAMP> which then encrypted using HMAC-SHA512 which then encrypted using HMAC-SHA512 with merchant's Secret Key that Durianpay give.

Example: POST:/v1.0/balance-inquiry:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJEdXJpYW4gTW9uZX: f806c49e8cd175aa9dd5dd8e0a49648c885954d83fe7fe648f3448871c737fd4:2024-05-13T15:07:07+07:00

Final Result: X-Signature: tnNHFw5ZCWjnHFd9UGAB5iDLuwo+89efml8F1CP8vaqut/PfNWac/XLiCkLt3zGHTppZKPxz/PPptqM2alsOFA==

Step 2: Obtain Access Token from the server

Use following endpoint to create obtain B2B Access Token

/v1.0/access-token/b2b

You can use your preferred programming language to implement obtain access token API

Example
curl --location 'https://api.durianpay.id/v1.0/access-token/b2b' \
--header 'X-TIMESTAMP: 2024-05-13T15:32:36.422+07:00' \
--header 'X-SIGNATURE: KLJ9KthaIiZSzPqHUMuJRsKOZtYCqqWd5DhfWqYC7OjZ2Qlu0PvQ2wRQF5vfDWsz/qFYEexOXb47+oQBjMhAz4XRNhXBBfwoWxrGTG8iU8EYSDVfChW0NqAWjWIQolhB4UcHn5SybPFRON3rvAOIQTzuEshUA1PNAln8jOKaRmY=' \
--header 'X-CLIENT-KEY: client_id' \
--header 'Content-Type: application/json' \
--data '{
    "grantType": "AUTHORIZATION_CODE"
}'
Response
// Sample response
{
    "responseCode": "2007300",
    "responseMessage": "Successful",
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJEdXJpYW4gTW9uZXkiLCJleHAiOjE3MTU1OTAwNTYsImlhdCI6MTcxNTU4OTE1NiwibWVyY2",
    "tokenType": "BearerToken",
    "expiresIn": "2024-05-13 08:47:36.452492159 +0000 UTC"
}

Learn more about Obtain B2B Access Token

Step 3: Use generated Access Token for transaction API

Merchant can used obtained access token to make API request, for example bank account inquiry API:

/v1.0/account-inquiry-external

You can use your preferred programming language to implement these API

Example
curl --location 'https://api.durianpay.id/v1.0/account-inquiry-external' \
--header 'X-TIMESTAMP: 2024-05-14T18:54:57+07:00' \
--header 'X-SIGNATURE: pCA+q832pxHnTPm1Kdbfu1am37J9XFeGH13JGYqHv7Ww4Tb3Hrc5xRew+4y2tN4wiAPnHmvXcJ1Tyf94jK5gHQ==' \
--header 'X-PARTNER-ID: partner_id' \
--header 'X-EXTERNAL-ID: random_external_id' \
--header 'CHANNEL-ID: channel_id' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJEdXJpYW4gTW9uZXkiLCJleHAiOjE3MTU1OTM3NTYsImlhdCI' \
--data '{
    "beneficiaryAccountNo": "087783146495",
    "beneficiaryBankCode": "002",
    "partnerReferenceNo": "202010290000000000000",
    "additionalInfo": {
        "deviceId": "12345679237",
        "channel": "mobilephone"
    }
}'
Response
// Sample response
{
    "additionalInfo": {
        "channel": "mobilephone",
        "deviceId": "12345679237"
    },
    "beneficiaryAccountName": "Dummy Name",
    "beneficiaryAccountNo": "087783146495",
    "beneficiaryBankCode": "002",
    "beneficiaryBankName": "Bank Rakyat Indonesia",
    "currency": "IDR",
    "partnerReferenceNo": "202010290000000000000",
    "responseCode": "2001600",
    "responseMessage": "Successful"
}

To see all available API, please refer here