Get Auth Code API

Path/{version}/get-auth-code
HTTP MethodGET
Versionv1.0
SNAP service code10

Request Header

Field NameField TypeMandatoryField Description
Content-typeStringMMedia type of the resource, i.e. application/json.
X-TIMESTAMPStringMClient’s current local time in ISO-8601 format.
X-SIGNATUREStringMCreated using symmetric signature HMAC_SHA512 algorithm.
AuthorizationStringMRepresents access_token of a request; string starts with keyword “Bearer ” followed by access_token. Can get this token from Access Token B2B API response.
X-PARTNER-IDStringMUnique identifier for merchant. Provided by Midtrans.
X-EXTERNAL-IDStringMNumeric string. Reference number that should be unique in the same day or 1 day idempotency key.
CHANNEL-IDStringMMandatory field from Bank Indonesia that can take any value with correct format 5 digits numeric string
Content-type:application/json
X-TIMESTAMP:2024-03-19T14:30:00+07:00
X-SIGNATURE: da1fa417c72d6b91c257e01e54fac824
Authorization: Bearer gp9HjjEj813Y9JGoqwOeOPWbnt4CupvIJbU1Mmu4a11MNDZ7Sg5u9a
X-PARTNER-ID: G123456
X-EXTERNAL-ID:12345678901234567890
CHANNEL-ID:12345

Query Parameter

Field NameField TypeMandatoryField Description
redirectURLString (256) MMerchant callback URL after success get auth code. Need to be whitelisted from GoPay side (part of GoPay Tokenization onboarding process).
scopesList of String (256)MAccess scope from authorization. Possible value = DEFAULT.
stateString (32)MRandom string for CSRF.
merchantIdString (64)MMerchant payment handle, merchant identifier in UUID format. Provided by Midtrans.
Note: this value is not Midtrans Merchant ID, but a different value, here's the sample format: 303b4f89-xxxx-xxxx-xxxx-62a8ffaefaf3
langString(2)MLanguage code for service
Possible values: en, id.
seamlessDataString (512)MData to speed up the validation and verification process.
seamlessData.mobileNumberStringMMobile number to be linked (format should be country code (without "+") + phone number. Example: 62812345678).
seamlessData.paymentTypeStringMPayment type to be linked. Possible value: gopay.
seamlessSignString (512)MSignature from seamlessData.
/get-auth-code?state=<RANDOM_UNIQUE>&merchantId=<merchant-id>&lang=id&scopes=DEFAULT&redirectUrl=<MERCHANT_OAUTH_CALLBACK_URL>&seamlessData=<SEAMLESS_DATA>&seamlessSign=<SIGNATURE>
Seamless Data Format
seamlessData = URLEncode("mobileNumber=62822999999&paymentType=gopay")
Seamless Sign Format
seamlessSign = URLEncode(Base64(SHA256withRSA(privateKey, seamlessData))

Note: Merchant need to use their private key to encrypt seamless sign


Response Header

Field NameField TypeMandatoryField Description
Content-typeStringMMedia type of the resource, i.e. application/json
X-TIMESTAMPStringMClient’s current local time in ISO-8601 format
Content-type: application/json
X-TIMESTAMP: 2024-03-19T14:30:00+07:00

Redirection Response Header

Field NameField TypeMandatoryField Description
LocationStringMGoPay PIN/OTP page URL
HTTP/1.1 302 Found
Location: https://www.integration-gws-app.gopayapi.com/app/authorize?referenceId=19352694-0ef6-4439-8ad1-b1dfb8bbb85f

Response

Field NameField TypeMandatoryField Description
responseCode
Only returned for error response
String(7)CError code to specify the error returned.
responseMessage
Only returned for error response
String (150)CDebug message to provide more information.
authCode
Only returned for successful response
String (256)CAuth code used to exchange with access token.
state
Only returned for successful response
String (32)CRandom string for CSRF
(Merchant can validate to check if this is the same as state sent on request).
referenceNo
Only returned for error response
StringCDebug id to provide more information.
redirectURL?authCode=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9&state=WodkkwijSD&success=true
redirectURL?responseCode=5007300&responseMessage=Timeout&referenceNo=19352694-0ef6-4439-8ad1-b1dfb8bbb85f

List of Response Code

Response CodeHTTP Status CodeResponse Message
3021000302
4001001400Already authorized
4001002400Invalid Mandatory Field mobileNumber
4011000401Unauthorized. Auth token required
4011001401Invalid Token (B2B)
4041012404Invalid Bill/Virtual Account Not Found
This error is due to phone number is not registered on GoPay
5001001500Internal Server Error
5041000504Timeout