Get Temporary Access Token
Temporary Token is a token that can be used to invoke Verify with GoPay without user auth.
Description
- This API allows Midtrans partners to exchange a user's GoPay payment linking token for a temporary token.
- The temporary token then can be used to initiate "Verify with Gopay" flow on behalf of the user, without asking the user to re-do the authentication process (Input Phone Number, OTP challenge, and Pin challenge).
- This is a backend-to-backend API. The caller must have a valid x-merchant-id, and must supply the user's GoPay payment linking token obtained from GoPay.
Request
Attribute | Value |
|---|---|
Method |
|
Hostname | Staging: https://identity.staging.midtrans.com |
Path |
|
Request Headers
| Key | Type | Required? | Description |
|---|---|---|---|
x-merchant-id | string | YES | Merchant identifier issued by Gopay. |
authorization | string | YES | The user's Gopay payment linking token. Do not prefix with Bearer. |
request-id | string | YES | A unique ID for this request, used for distributed tracing. Recommended: UUID v4. |
Example
curl --location 'https://identity.midtrans.com/forward/gopay-id/identity/v1/gopay-id/token' \
--header 'x-merchant-id: 5a6a693d-a13a-41c5-8f78-a0b02144220d' \
--header 'correlation-id: f47ac10b-58cc-4372-a567-0e02b2c3d479' \
--header 'authorization: MjAyMDA5MDFmOGQ0NWVhMi1iYzBjLTQ3ZTUtYjU1NC0wMDVjMzYyYzE3N2U6NGVlNzAyZmMtYWY2Ny00NjJjLWJmYTktZWQwMTBmZWQ4OTli'Response
HTTP Status Codes
| HTTP Status | Scenario |
|---|---|
200 OK | Token exchange successful. |
400 Bad Request | Missing or invalid request headers, or merchant not configured. |
500 Internal Server Error | Upstream service failure during token generation or account resolution. |
503 Service Unavailable | A dependency is temporarily unreachable. |
Success Response
Response Body:
{
"success": true,
"data": {
"token": "<base64_encoded_jwt_token>"
}
}| Field | Type | Description |
|---|---|---|
success | boolean | true on success. |
data.token | string | Base64-encoded token. Pass this to the Gopay Enterprise SDK. |
Error Responses
All error responses share the following structure:
{
"success": false,
"errors": [
{
"code": "<error_code>",
"entity": "<field_or_entity>",
"cause": "<description>"
}
]
}| Field | Type | Description |
|---|---|---|
success | boolean | false on error. |
errors[].code | string | Machine-readable error code. |
errors[].entity | string | The field or resource related to the error. |
errors[].cause | string | Human-readable description of what went wrong. |
Bad Request
| Scenario | Code | Entity | Cause |
|---|---|---|---|
x-merchant-id header is missing | 1539 | IdentityExternalAdapter | Missing required header |
authorization header is missing | 1539 | authorization | Authorization header is required for this endpoint |
correlation-id header is missing | 1539 | correlation-id | Missing required header |
| Merchant is not registered or configured | 1539 | x-merchant-id | Merchant is not configured in the system |
| authorization token has an invalid format | 1539 | authorization | Failed to decode authorization token |
Example:
{
"success": false,
"errors": [
{
"code": "404",
"entity": "gopayAccountId",
"cause": "GoPay user not found"
}
]
}Internal Server Error
| Scenario | Code | Entity | Cause |
|---|---|---|---|
| Failed to generate temporary token | 900 | identityToken | Failed to generate temporary token |
| Failed to introspect merchant authorization | 900 | authorization | Internal service error during authorization introspection |
| Failed to resolve GoPay account ID | 900 | gopayAccountId | Internal service error during account resolutio |
Example:
{
"success": false,
"errors": [
{
"code": "900",
"entity": "identityToken",
"cause": "Failed to generate identity token"
}
]
}Service Unavailable
A downstream dependency is temporarily unreachable. Retry with exponential backoff.
Example:
{
"success": false,
"errors": [
{
"code": "900",
"entity": "upstreamService",
"cause": "Service temporarily unavailable"
}
]
}Updated about 13 hours ago