Access Token API

Access Token API is an API call that can be used to acquire B2B access token from Midtrans. This access token will be used for client-level verification and subsequent Transactional API such as initiating payment, refund, and cancel.

Path	/{version}/access-token/b2b
HTTP Method	POST
Version	v1.0
SNAP service code	73

Request Header

Field Name	Field Type	Mandatory	Field Description
Content-type	String	M	Media type of the resource, i.e. application/json
X-TIMESTAMP	String	M	Client’s current local time in ISO-8601 format
X-SIGNATURE	String	M	Created using asymmetric signature SHA256withRSA algorithm
X-CLIENT-KEY	String	M	Client’s client_id (given at the completion registration process)

Content-type: application/json
X-TIMESTAMP: 2020-01-01T00:00:00+07:00
X-SIGNATURE: da1fa417c72d6b91c257e01e54fac824
X-CLIENT-KEY: 962489e9-de5d-4eb7-92a4-b07d44d64bf4

Request Body

Field Name	Field Type	Mandatory	Field Description
grantType	String	M	`client_credentials`: The client can request an access token using only its client credentials (or other supported means of authentication) when the client is requesting access to the protected resources under its control (OAuth 2.0: RFC 6749 & 6750)

{
   "grantType":"client_credentials"
}

Response Header

Field Name	Field Type	Mandatory	Field Description
Content-type	String	M	Media type of the resource, i.e. application/json
X-TIMESTAMP	String	M	Client’s current local time in ISO-8601 format

Content-type: application/json
X-TIMESTAMP: 2020-01-01T00:00:00+07:00

Response Body

Field Name	Field Type	Mandatory	Field Description
responseCode	String(7)	M	Error code to specify the error returned.
responseMessage	String (150)	M	Debug message to provide more information.
accessToken	String (2048)	C	A string representing an authorization issued to the client that used to access protected resources. Will only be returned if API call is successful.
tokenType	String	C	The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request. Will only be returned if API call is successful.
expriresIn	String	C	Time duration when the accessToken will expire. (default = 900 second). Will only be returned if API call is successful.
referenceNo	String	C	Debug ID to provide more information. Will only be returned if API call is failure.

{
   "responseCode":"2007400",
   "responseMessage":"Successful",
  "accessToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIyMTFlZThiMi1hN2FlLTRhZGUtYmJlYS1mNzI3MDk3ZmQ0NmEiLCJjbGllbnRJZCI6IjZhZTk1N2M0LTI4NjMtNDcxMy1hY2NlLWJhMTJkZTYzNmNmYyIsIm5iZiI6MTYxMTQ2ODk3OCwiZXhwIjoxNjExNDY5ODc4LCJpYXQiOjE2MTE0Njg5Nzh9.KM7yz9GvuUaDR1bXwei4iO0h4e3g4o1Hct5Ie9VoBdo",
   "tokenType":"Bearer",
   "expiresIn":"900"
}

{
   "responseCode":"5007300",
   "responseMessage":"Internal Server Error",
   "referenceNo":"19352694-0ef6-4439-8ad1-b1dfb8bbb85f"
}

List of Response Code

Response Code	HTTP Status Code	Response Message
2007300	200	Success
4017300	401	Unauthorized Signature
5007300	500	Internal Server Error