Access Token B2B2C
Specification
The Following tabel is spesification for this API :
| API Name | Access Token B2B2C |
|---|---|
| Function | This API is used to finalized account binding process by exchanging the authCode into accessToken that can be used as user authorization |
| Service Code | 74 |
| Method | POST |
| URL | /snap/v1.0/access-token/b2b2c |
| Accept | application/json |
| Content Type | application/json |
| Related Service | Account Binding & Unbinding |
Request
The following part will be describe about parameter of request in this API:
Request Parameter
The following table is a list of request parameter in this API:
Header
The following table is Header of Request Parameters :
| No | Name | Type | Length | Required | Condition | Remarks |
|---|---|---|---|---|---|---|
| 1 | Content-Type | String | Variable, 127 max | Mandatory | - | Content type, value always application/json |
| 2 | X-TIMESTAMP | String | Fixed, 25 max | Mandatory | - | Transaction date time, in format YYYY-MM-DDTHH:mm:ss+07:00. Time must be in GMT+7 (Jakarta time) |
| 3 | X-CLIENT-KEY | String | Variable, 36 max | Mandatory | - | Client ID given by the API provider |
| 4 | X-SIGNATURE | String | Variable | Mandatory | - | Signature need to be generated with Asymmetric Signature method |
Body
The following table is a body of request parameter:
| No | Name | Type | Length | Required | Condition | Remarks |
|---|---|---|---|---|---|---|
| 1 | grantType | String | Fixed, 18 max | Mandatory | - | Apply token request key type, can be AUTHORIZATION_CODE or REFRESH_TOKEN |
| 2 | authCode | String | 256 | Conditional | - | The authorization code received after the User provides the consent. Mandatory if grantType = AUTHORIZATION_CODE |
| 3 | refreshToken | String | 256 | Conditional | - | This token is used for refresh session if existing token has been expired. Mandatory if grantType = REFRESH_TOKEN |
Request Sample
The following script is a request sample of this API:
POST /snap/v1.0/access-token/b2b2c
X-TIMESTAMP: 2024-08-01T08:03:34+07:00
X-CLIENT-KEY: 35d1a1127182a65e4fe0256242a40a6d
X-SIGNATURE: caUdPl+w99Ky9UbODG0rT0dmXmoqN1Um54FzPa/Tf0c9Uefo6vP1hYDbBz2zim6zz2+fnGOuT837YWLBWVZf1OvkD5wmfX5YInr56O+KwbF8v1xKthehs94Fx5mxhnDhH1cNaWXpdFqT4IuhtGdCigY3Cya1Z23jBJK2pV7z0HZqB8HWS9zWjdvIZq3BmGFOAGZLsFiq8voFNuprVLYMafWNWjra3mxMasZzfBqPS6fyAJmQuaSMOarRSRZYy46FtFAIn0Kivq7TI9EAK0ZXb9ShTClhBgwzvNw+vKU5SnO8XfupwgtxNTAU74CeT1TDK61KLv2ukOPuKTarMOdeAA==
Content-Type: application/json
{
"grantType":"AUTHORIZATION_CODE",
"authCode": "74d4b6b2c08bf42595fc8ff81c35704bd444867bd064ae417911b03f9efb4bde"
}
Response
The following part will be describe about parameter of response in this API:
Response Parameter
The following table is a list of response parameter in this API:
Body
The following table is a body of response parameter:
| No | Name | Type | Length | Required | Condition | Remarks |
|---|---|---|---|---|---|---|
| 1 | responseCode | String | Fixed, 7 max | Mandatory | - | Refer to response code list |
| 2 | responseMessage | String | Variable, 150 max | Mandatory | - | Refer to response code list |
| 3 | accessToken | String | Variable, 2048 max | Mandatory | - | A string representing an authorization issued to the client that used to access protected resources. |
| 4 | tokenType | String | Fixed, 6 max | Mandatory | - | The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes) . Token Type Value:
Reference: OAuth2.0 RFC 6749 & 6750 |
| 5 | accessTokenExpiryTime | String | Fixed, 25 max | Mandatory | - | Time when the accessToken will be expired |
| 6 | refreshToken | String | Variable, 512 max | Mandatory | - | A random string that can be used by specific client to get a refreshed accessToken to prolong the access to the User's resources |
| 7 | refreshTokenExpiryTime | String | Fixed, 25 max | Mandatory | - | Time when the refreshToken will be expired. Refresh Token should be less than access token validity and will be manage by the PJP’s application to generate a new access_token |
Response Sample
The following script is a response sample of this API:
{
"responseCode": "2007400",
"responseMessage": "Successful",
"accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJQYXlkaWEiLCJpYXQiOjE3MjI0OTg1OTcsImV4cCI6MTczODI2NjU5NywianRpIjoiNzRkNGI2YjJjMDhiZjQyNTk1ZmM4ZmY4MWMzNTcwNGJkNDQ0ODY3YmQwNjRhZTQxNzkxMWIwM2Y5ZWZiNGJkZSIsImNsaWVudF9pZCI6ImRVVT0iLCJzY29wZSI6IlBVQkxJQ19JRCIsInN0YXRlIjoiNTY0YjJjZTQtYjg1Zi00OWJlLTk1M2EtNzRhMmFiNjE4ZGE5In0.31SVm5lcOxDzdnyIpi3bbDAiL8kk_PAZOF2LusdEDRQ",
"tokenType": "Bearer",
"accessTokenExpiryTime": "2025-01-31T02:49:57+07:00",
"refreshToken": "74d4b6b2c08bf42595fc8ff81c35704bd444867bd064ae417911b03f9efb4bde",
"refreshTokenExpiryTime": "2025-01-31T02:49:57+07:00"
}
Response Code and Message
The following table is the list response code and message of Access Token B2B2C API:
| No | Response Code | Response Message | Remarks |
|---|---|---|---|
| 1 | 2007400 | Successful | Success to be processed |
| 2 | 4007401 | Invalid Field Format | Invalid format for certain field |
| 3 | 4007402 | Invalid Mandatory Field | Missing or invalid format on mandatory field |
| 4 | 4017400 | Unauthorized. [reason] | General unauthorized error |
| 5 | 5007402 | Backend system failure | 500 internal server error |