Access Token API is an API call that can be used to acquire B2B access token from Midtrans. This access token will be used for client-level verification and subsequent Transactional API such as initiating payment, refund, and cancel.
| Path | /{version}/access-token/b2b |
|---|---|
| HTTP Method | POST |
| Version | v1.0 |
| SNAP service code | 73 |
Request Header
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| Content-type | String | M | Media type of the resource, i.e. application/json |
| X-TIMESTAMP | String | M | Client’s current local time in ISO-8601 format |
| X-SIGNATURE | String | M | Created using asymmetric signature SHA256withRSA algorithm |
| X-CLIENT-KEY | String | M | Client’s client_id (given at the completion registration process) |
Content-type: application/json
X-TIMESTAMP: 2020-01-01T00:00:00+07:00
X-SIGNATURE: da1fa417c72d6b91c257e01e54fac824
X-CLIENT-KEY: 962489e9-de5d-4eb7-92a4-b07d44d64bf4Request Body
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| grantType | String | M | client_credentials: The client can request an access token using only its client credentials (or other supported means of authentication) when the client is requesting access to the protected resources under its control (OAuth 2.0: RFC 6749 & 6750) |
{
"grantType":"client_credentials"
}Response Header
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| Content-type | String | M | Media type of the resource, i.e. application/json |
| X-TIMESTAMP | String | M | Client’s current local time in ISO-8601 format |
Content-type: application/json
X-TIMESTAMP: 2020-01-01T00:00:00+07:00Response Body
Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
responseCode | String(7) | M | Error code to specify the error returned. |
responseMessage | String (150) | M | Debug message to provide more information. |
accessToken | String (2048) | C | A string representing an authorization issued to the client that used to access protected resources. |
tokenType | String | C | The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request. |
expriresIn | String | C | Time duration when the accessToken will expire. (default = 900 second). |
referenceNo | String | C | Debug ID to provide more information. |
{
"responseCode":"2007300",
"responseMessage":"Successful",
"accessToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIyMTFlZThiMi1hN2FlLTRhZGUtYmJlYS1mNzI3MDk3ZmQ0NmEiLCJjbGllbnRJZCI6IjZhZTk1N2M0LTI4NjMtNDcxMy1hY2NlLWJhMTJkZTYzNmNmYyIsIm5iZiI6MTYxMTQ2ODk3OCwiZXhwIjoxNjExNDY5ODc4LCJpYXQiOjE2MTE0Njg5Nzh9.KM7yz9GvuUaDR1bXwei4iO0h4e3g4o1Hct5Ie9VoBdo",
"tokenType":"Bearer",
"expiresIn":"900"
}{
"responseCode":"5007300",
"responseMessage":"Internal Server Error",
"referenceNo":"19352694-0ef6-4439-8ad1-b1dfb8bbb85f"
}List of Response Code
| Response Code | HTTP Status Code | Response Message |
|---|---|---|
| 2007300 | 200 | Success |
| 4017300 | 401 | Unauthorized Signature |
| 5007300 | 500 | Internal Server Error |