Skip to main content

Get OAuth URL

Specification

The Following tabel is spesification for this API :

API NameGet OAuth URL
FunctionThis API is used to get oauth for get authCode in exchange accessToken B2B2C
Service Code10
MethodGET
URL/snap/v1.0/get-auth-code
Acceptapplication/json
Content Typeapplication/json
Related ServiceAccount Binding & Unbinding

Request

The following part will be describe about parameter of request in this API:

Request Parameter

The following table is a list of request parameter in this API:

The following table is Header of Request Parameters :

NoNameTypeLengthRequiredConditionRemarks
1Content-TypeStringVariable, 127 maxMandatory-Content type, value always application/json
2AuthorizationStringVariableMandatory-Contains B2B Bearer JWT Token, you've got it from Access Token B2B
3X-TIMESTAMPStringFixed, 25 maxMandatory-Transaction date time, in format YYYY-MM-DDTHH:mm:ss+07:00. Time must be in GMT+7 (Jakarta time)
4X-PARTNER-IDStringVariable, 36 maxMandatory-ID for partner was generated by Paydia. Unique ID for a partner
5X-EXTERNAL-IDStringVariable, 36 maxMandatory-Unique messaging reference ID generated by merchant. Numeric String. Reference number that should be unique in the same day
6CHANNEL-IDStringVariable, 5 maxMandatory-Device identification on which the API services is currently being accessed by the end user (customer)
7X-SIGNATUREStringVariableMandatory-Signature need to be generated with Symmetric Signature method

Query Param

The following table is list of query param:

NoNameTypeLengthRequiredConditionRemarks
1scopesStringVariable, 256 maxMandatory-The scopes of the authorization
2stateStringVariable, 32 maxMandatory-Random string for CSRF protection purposes
3redirectUrlStringVariable, 256 maxMandatory-When user authorization is success, the user will be redirected to this URL
4seamlessDataStringVariable, 512 maxOptional-Option for binding process.Please refer sample below to know how to include seamlessData
5seamlessData.mobileNumberStringVariable, 18 maxOptional-User's phone number. If this field is filled in, the user must log in with the number that has been included
6seamlessSignStringVariable, 512 maxConditionalIf the seamlessData is filledPlease refer sample below to know how to include seamlessSign. The steps to generate seamlessSign are:
  1. The partner uses the private key to sign seamlessData, while the provider will use the partner's public key for the verification process.
  2. Sign the seamlessData with generated privateKey and algorithm SHA256withRSA.
  3. EncodeBase64 the result of seamlessData which already signed by private key (Second Step).
  4. URLEncode the result of base64 encoded string (Third Step)

Request Sample

The following script is a request sample of this API:

GET /snap/v1.0/get-auth-code?scopes=PUBLIC_ID&state=6213b3cc-6022-40c7-9d5b-340845439713&redirectUrl=https://google.com/&seamlessData=%7B%22mobileNumber%22%3A%22081234567890%22%7D&seamlessSign=EDZfr9zSj%2B%2FYNqRVGfYr7tkD7NusxsVzMfAwrwYM23eUxj3FfFQlgUZRL0ahKO%2BcT%2F4gob6baBhMufbM0dk8l2GJ59mle3cI7iWOncsajOUQAPxqEdjeiZgSb9DFeYI6fcV4H8tFM0jz5xS3ftj6BdccoGajfRw7e2aHzlBaFRAv0hW0IM0LCF9SOk6sJOsQF57Vpc0BrYdIfk06RWtaLA0J12xcQ11OKRlhPEnKu3EYq%2FQME2DESSDBEMFwegDmYKgfGwXnrosCQL5vRAQrlA79wJgRS5niHVxjjBGkM0b%2FAk3CD973gK9q2sXlMOofcOnzECnCofwCh%2F6K%2B5PHCw%3D%3D
X-TIMESTAMP: 2024-12-19T06:30:49+07:00
X-PARTNER-ID: 35d1a1127182a65e4fe0256242a40a6d
X-EXTERNAL-ID: 1734590486
CHANNEL-ID: API
Content-Type: application/json
X-SIGNATURE: sA7R9x8v/5srhusovKyxi/l7M4SXomQiZGAoodV+oiz5iqItDxbpnLD5WHWruz7+ZYvw4cE7SAMR39wCD3/85g==
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJQYXlkaWEiLCJpYXQiOjE3MzQ1ODMxNjEsImV4cCI6MTczNDY2OTU2MSwiZGF0YSI6eyJlbnYiOiJkZXZlbG9wbWVudCJ9fQ.GE4J5OxwcwyuZB3D4tluUupFYHj5M9weHiD6vpNwxnk

Response

The following part will be describe about parameter of response in this API:

Query Param

The following table is list of query param:

NoNameTypeLengthRequiredConditionRemarks
1responseCodeStringFixed, 7 maxMandatory-Refer to response code list
2responseMessageStringVariable, 150 maxMandatory-Refer to response code list
3stateStringVariable, 32 maxMandatory-Random string for CSRF protection purposes
4authCodeStringVariable, 256 maxMandatory-auth_code is needed to get access token B2B2C

Response Sample

The following script is a response sample of this API:

{
"responseCode": "2001000",
"responseMessage": "Successful",
"authCode": "499798302ee8111c0536a99d629ca75f60dc51b8601164313d9ed25576343308",
"state": "6213b3cc-6022-40c7-9d5b-340845439713"
}

Response Code and Message

The following table is the list response code and message of Get OAuth URL API:

NoResponse CodeResponse MessageRemarks
12001000SuccessfulSuccess to be processed
24001001Invalid Field FormatInvalid format for certain field
34001002Invalid Mandatory FieldMissing or invalid format on mandatory field
44011000Unauthorized [reason]General unauthorized error
54011001Invalid Token (B2B)Authorization token are invalid, perhaps due to token expiry for B2B
65001002Backend system failure500 internal server error