Skip to main content

Generate OAuth 2.0 URL

Specification

The Following tabel is spesification for this API :

API NameGenerate OAuth 2.0 URL
FunctionThis API is used to generate OAuth 2.0 redirect URL to Paydia to initiate account binding process where the user will be able to register/login from Paydia page
Service Code10
MethodGET
URL/snap/v1.0/get-auth-code
Acceptapplication/json
Content Typeapplication/json
Related ServiceAccount Binding & Unbinding

OAuth URL

EnviromentUrl
Sandboxhttps://oauth-pwa-snap.paydia.co.id
Productionhttps://oauth-pwa-snap.paydia.id

Request

The following part will be describe about parameter of request in this API:

Request Parameter

The following table is a list of request parameter in this API:

Query Param

The following table is list of query param:

NoNameTypeLengthRequiredConditionRemarks
1partnerIdStringVariable, 64 maxMandatory-Information of partner identifier
2timestampStringFixed, 25 maxMandatory-Transaction date time, in format YYYY-MM-DDTHH:mm:ss+07:00. Time must be in GMT+7 (Jakarta time)
3externalIdStringVariable, 64 maxMandatory-Information of external identifier
4channelIdStringVariable, 64 maxMandatory-Information of channel identifier
5scopesStringVariable, 256 maxMandatory-The scopes of the authorization
6stateStringVariable, 32 maxMandatory-Random string for CSRF protection purposes
7redirectUrlStringVariable, 256 maxMandatory-When user authorization is success, the user will be redirected to this URL
8seamlessDataStringVariable, 512 maxOptional-Option for binding process.Please refer sample below to know how to include seamlessData
9seamlessData.mobileNumberStringVariable, 18 maxOptional-User's phone number. If this field is filled in, the user must log in with the number that has been included
10seamlessSignStringVariable, 512 maxConditionalIf the seamlessData is filledPlease refer sample below to know how to include seamlessSign. The steps to generate seamlessSign are:
  1. The partner uses the private key to sign seamlessData, while the provider will use the partner's public key for the verification process.
  2. Sign the seamlessData with generated privateKey and algorithm SHA256withRSA.
  3. EncodeBase64 the result of seamlessData which already signed by private key (Second Step).
  4. URLEncode the result of base64 encoded string (Third Step)

Sample

The following script is a sample for seamlessData, seamlessSign, and request sample:

HOW TO INCLUDE SEAMLESSDATA
seamlessData = URLEncode(UTF8Encode({"mobileNumber":"081234567890"}))
HOW TO INCLUDE SEAMLESSSIGN
seamlessSign = URLEncode(Base64.encode(sign(seamlessData, privateKey)))
REQUEST SAMPLE
GET ...?partnerId=35d1a1127182a65e4fe0256242a40a6d&timestamp=2024-07-26T01%3A23%3A30+07%3A00&externalId=1721957260&channelId=12345&scopes=PUBLIC_ID&state=038a29ab-e4ab-4ce8-82ae-55e1efb4b9db&redirectUrl=https%3A%2F%2Furl-merchant.com%2F&seamlessData=%7B%22mobileNumber%22%3A%22087758421409%22%7D&seamlessSign=LxovHQrxlTPw2L2QDv5npudAH5od1aD%2FU4Ja5QdEQ5Pew137lSDd5eLcZYGOQu5Nn3jUXgks1ATV5gkKD6IQA1m5SIKkp8kkqS57whBCk%2F86dSiChBCp%2Fyiu88leHj8pEL7qdFP%2F0SODJddNcLB5Zt2Kh01KOz44RVhwgRfO8bDY8LrTwHhycReTEcM3hKu11c0hTaL6E428BYD%2BDQWMLug%2FdqWgtKlOlOiKB%2Bip2noW01DAz91fPRm2OL%2F3dexnUTD%2FQG6jfBkVS8YzlY43smfpc8hUWJzOjAM2E1xlW1hnH4HLB5aIIpuUJsxE9r8bYHazgxAbcoYVikvVRN3JpQ%3D%3D

Response

The following part will be describe about parameter of response in this API:

Query Param

The following table is list of query param:

NoNameTypeLengthRequiredConditionRemarks
1responseCodeStringFixed, 7 maxMandatory-Refer to response code list
2responseMessageStringVariable, 150 maxMandatory-Refer to response code list
3stateStringVariable, 32 maxMandatory-Random string for CSRF protection purposes
4authCodeStringVariable, 256 maxMandatory-auth_code is needed to get access token B2B2C

Response Sample

The following script is a response sample of this API:

https://url-merchant.com/?responseCode=2001000&responseMessage=Successful&authcode=257b797eae8c5152730aae5527ad77cbcef2cb3b96715eaab2a1fa1429f3de6e&state=b6b209db-53fb-41d0-b0eb-604b920ed0b3

Response Code and Message

The following table is the list response code and message of Generate OAuth URL API:

NoResponse CodeResponse MessageRemarks
12001000SuccessfulSuccess to be processed
24001001Invalid Field FormatInvalid format for certain field
34001002Invalid Mandatory FieldMissing or invalid format on mandatory field
44011000Unauthorized [reason]General unauthorized error
54011001Invalid Token (B2B)Authorization token are invalid, perhaps due to token expiry for B2B
65001002Backend system failure500 internal server error