Get Auth Code API

Path/{version}/get-auth-code
HTTP MethodGET
Versionv1.0
SNAP service code10

Request Header

Field NameField TypeMandatoryField Description
Content-typeStringMMedia type of the resource, i.e. application/json
X-TIMESTAMPStringMClient’s current local time in ISO-8601 format
X-SIGNATUREStringMCreated using symmetric signature HMAC_SHA512 algorithm
AuthorizationStringMRepresents access_token of a request; string starts with keyword “Bearer ” followed by access_token. Can get this token from Access Token B2B API response.
X-PARTNER-IDStringMUnique identifier for merchant. Merchant can send any value.
X-EXTERNAL-IDStringMNumeric string. Reference number that should be unique in the same day or 1 day idempotency key.
CHANNEL-IDStringMChannel ID Device identification on which the API services are currently being accessed by the end user. Given by BI.
Content-type:application/json
X-TIMESTAMP:2020-01-01T00:00:00+07:00
X-SIGNATURE: da1fa417c72d6b91c257e01e54fac824
Authorization: Bearer gp9HjjEj813Y9JGoqwOeOPWbnt4CupvIJbU1Mmu4a11MNDZ7Sg5u9a
X-PARTNER-ID: BMRI
X-EXTERNAL-ID:12345678901234567890
CHANNEL-ID:12345

Request Body

Field NameField TypeMandatoryField Description
redirectURLString (256) MMerchant callback URL after success get auth code. Need to be whitelisted from GoPay side (part of GoPay Tokenization onboarding process)
scopesList of String (256)MAccess scope from authorization. Possible value = DEFAULT
stateString (32)MRandom string for CSRF
merchantIdString (64)MMerchant ID
langString(2)MLanguage code for service
Possible values: en, id
seamlessDataString (512)MData to speed up the validation and verification process
seamlessData.mobileNumberStringMMobile number to be linked
seamlessData.paymentTypeStringMPayment type to be linked. Possible value: gopay
seamlessSignString (512)MSignature from seamlessData
/get-auth-code?state=<RANDOM_UNIQUE>&merchantId=<merchant-id>&lang=id&scopes=DEFAULT&redirectUrl=<MERCHANT_OAUTH_CALLBACK_URL>&seamlessData=<SEAMLESS_DATA>&seamlessSign=<SIGNATURE>
Seamless Data Format
seamlessData = URLEncode("mobileNumber=62822999999&paymentType=gopay")
Seamless Sign Format
seamlessSign = URLEncode(Base64(SHA256withRSA(clientSecret, seamlessData))

Note: Merchant need to use their private key to encrypt seamless sign


Response Header

Field NameField TypeMandatoryField Description
Content-typeStringMMedia type of the resource, i.e. application/json
X-TIMESTAMPStringMClient’s current local time in ISO-8601 format
Content-type: application/json
X-TIMESTAMP: 2020-01-01T00:00:00+07:00

Redirection Response Header

Field NameField TypeMandatoryField Description
LocationStringMGoPay PIN/OTP page URL
HTTP/1.1 302 Found
Location: https://www.integration-gws-app.gopayapi.com/app/authorize?referenceId=19352694-0ef6-4439-8ad1-b1dfb8bbb85f

Response

Field NameField TypeMandatoryField Description
responseCodeString(7)MError code to specify the error returned.
responseMessageString (150)MDebug message to provide more information.
authCode
Only returned for successful response
String (256)CAuth code used to exchange with access token
state
Only returned for successful response
String (32)CRandom string for CSRF
(Merchant can validate to check if this is the same as state sent on request)
referenceNo
Only returned for error response
StringCDebug id to provide more information.
redirectURL?responseCode=2001000&responseMessage=Request%has%been%processed%successfully&authCode=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9&state=WodkkwijSD
redirectURL?responseCode=5007300&responseMessage=Timeout&referenceNo=19352694-0ef6-4439-8ad1-b1dfb8bbb85f

List of Response Code

Response CodeHTTP Status CodeResponse Message
3021000302
4001001400Already authorized
4001002400Invalid Mandatory Field mobileNumber
4011000401Unauthorized. Auth token required
4011001401Invalid Token (B2B)
5001001500Internal Server Error
5041000504Timeout