Get OAuth 2.0 URL
Specification
The Following tabel is spesification for this API :
| API Name | Get OAuth 2.0 URL |
|---|---|
| Function | This API is used to generate OAuth 2.0 redirect URL to Paydia to initiate account binding process where the user will be able to register/login from Paydia page |
| Service Code | 10 |
| Method | GET |
| URL | /snap/v1.0/get-auth-code |
| Accept | application/json |
| Content Type | application/json |
| Related Service | Account Binding & Unbinding |
OAuth URL
| Enviroment | Url |
|---|---|
| Sandbox | https://oauth-pwa-snap.paydia.co.id |
| Production | https://oauth-pwa-snap.paydia.id |
Request
The following part will be describe about parameter of request in this API:
Request Parameter
The following table is a list of request parameter in this API:
Query Param
The following table is list of query param:
| No | Name | Type | Length | Required | Condition | Remarks |
|---|---|---|---|---|---|---|
| 1 | partnerId | String | Variable, 64 max | Mandatory | - | Information of partner identifier |
| 2 | timestamp | String | Fixed, 25 max | Mandatory | - | Transaction date time, in format YYYY-MM-DDTHH:mm:ss+07:00. Time must be in GMT+7 (Jakarta time) |
| 3 | externalId | String | Variable, 64 max | Mandatory | - | Information of external identifier |
| 4 | channelId | String | Variable, 64 max | Mandatory | - | Information of channel identifier |
| 5 | scopes | String | Variable, 256 max | Mandatory | - | The scopes of the authorization |
| 6 | state | String | Variable, 32 max | Mandatory | - | Random string for CSRF protection purposes |
| 7 | redirectUrl | String | Variable, 256 max | Mandatory | - | When user authorization is success, the user will be redirected to this URL |
| 8 | seamlessData | String | Variable, 512 max | Optional | - | Option for binding process.Please refer sample below to know how to include seamlessData |
| 9 | seamlessData.mobileNumber | String | Variable, 18 max | Optional | - | User's phone number. If this field is filled in, the user must log in with the number that has been included |
| 10 | seamlessSign | String | Variable, 512 max | Conditional | If the seamlessData is filled | Please refer sample below to know how to include seamlessSign. The steps to generate seamlessSign are:
|
Sample
The following script is a sample for seamlessData, seamlessSign, and request sample:
HOW TO INCLUDE SEAMLESSDATA
seamlessData = URLEncode(UTF8Encode({"mobileNumber":"081234567890"}))
HOW TO INCLUDE SEAMLESSSIGN
seamlessSign = URLEncode(Base64.encode(sign(seamlessData, privateKey)))
REQUEST SAMPLE
GET ...?partnerId=35d1a1127182a65e4fe0256242a40a6d×tamp=2024-07-26T01%3A23%3A30+07%3A00&externalId=1721957260&channelId=12345&scopes=PUBLIC_ID&state=038a29ab-e4ab-4ce8-82ae-55e1efb4b9db&redirectUrl=https%3A%2F%2Furl-merchant.com%2F&seamlessData=%7B%22mobileNumber%22%3A%22087758421409%22%7D&seamlessSign=LxovHQrxlTPw2L2QDv5npudAH5od1aD%2FU4Ja5QdEQ5Pew137lSDd5eLcZYGOQu5Nn3jUXgks1ATV5gkKD6IQA1m5SIKkp8kkqS57whBCk%2F86dSiChBCp%2Fyiu88leHj8pEL7qdFP%2F0SODJddNcLB5Zt2Kh01KOz44RVhwgRfO8bDY8LrTwHhycReTEcM3hKu11c0hTaL6E428BYD%2BDQWMLug%2FdqWgtKlOlOiKB%2Bip2noW01DAz91fPRm2OL%2F3dexnUTD%2FQG6jfBkVS8YzlY43smfpc8hUWJzOjAM2E1xlW1hnH4HLB5aIIpuUJsxE9r8bYHazgxAbcoYVikvVRN3JpQ%3D%3D
Response
The following part will be describe about parameter of response in this API:
Query Param
The following table is list of query param:
| No | Name | Type | Length | Required | Condition | Remarks |
|---|---|---|---|---|---|---|
| 1 | responseCode | String | Fixed, 7 max | Mandatory | - | Refer to response code list |
| 2 | responseMessage | String | Variable, 150 max | Mandatory | - | Refer to response code list |
| 3 | state | String | Variable, 32 max | Mandatory | - | Random string for CSRF protection purposes |
| 4 | authCode | String | Variable, 256 max | Mandatory | - | auth_code is needed to get access token B2B2C |
Response Sample
The following script is a response sample of this API:
https://url-merchant.com/?responseCode=2001000&responseMessage=Successful&authcode=257b797eae8c5152730aae5527ad77cbcef2cb3b96715eaab2a1fa1429f3de6e&state=b6b209db-53fb-41d0-b0eb-604b920ed0b3
Response Code and Message
The following table is the list response code and message of Get OAuth URL API:
| No | Response Code | Response Message | Remarks |
|---|---|---|---|
| 1 | 2001000 | Successful | Success to be processed |
| 2 | 4001001 | Invalid Field Format | Invalid format for certain field |
| 3 | 4001002 | Invalid Mandatory Field | Missing or invalid format on mandatory field |
| 4 | 4011000 | Unauthorized [reason] | General unauthorized error |
| 5 | 4011001 | Invalid Token (B2B) | Authorization token are invalid, perhaps due to token expiry for B2B |
| 6 | 5001002 | Backend system failure | 500 internal server error |