Midtrans will provide the following during the credential exchange process:

ClientID
ClientSecret
PartnerID
ChannelID

The Partner must provide the following:

PublicKey (must be in PKCS8 format and PEM encoded)

📘
Onboarding to BI SNAP
If you don't see any BI SNAP menu in your dashboard, we might need to activate it for you first. Reach out to your Midtrans Sales PIC or Support (support@midtrans.com) to activate the feature for you.

Generate Public and Private Key

Generating access keys can be done via Settings > Access Keys page, within the Payment BI SNAP section.

🚧
Always generate the key pair starting from the Sandbox environment first before generating in Production. Otherwise, the supported scopes will be empty. If you mistakenly generated the key pair in Production environment, contact Midtrans Support for further assistance.

Generating Public and Private Key

Generate the Private Key first using the first command (line 2), then generate the Public Key using the second command (line 3).

--generate private-public key pair in PKCS8 format and PEM encoded
openssl genpkey -algorithm rsa -out private-key.pem -outform PEM -pkeyopt rsa_keygen_bits:\<minimum 2048>  
openssl rsa -in private-key.pem -outform PEM -pubout -out public-key.pem

--alternatively if partner system can only consume PKCS1 private key, then partner can convert the public key from PKCS1 to PKCS8
openssl rsa -RSAPublicKey_in -in publicKeyPKCS1.pem -pubout -out publicKeyPKCS8.pem

Registering the Public Key

Below is an example of how a correct Public Key looks like. Once generated, copy the entire file from the header until footer and then paste it the Dashboard > Settings > Access Keys > Payment BI SNAP then click the Start generate credential button. After pasting, click Register.

Secured Exchange Method

In order to make sure the credentials are exchanged securely over public networks, the credentials must be encrypted during transit.

Zip encrypted

Midtrans will provide the credentials in a Password Protected Zip file. The Password Protected Zip File and Password to the Zip File will be sent to separate emails.

Merchant must provide the public key in a Password Protected Zip file. The Password Protected Zip File and Password to the Zip File must be sent to separate emails.