Path /{version}/get-auth-code HTTP Method GET Version v1.0 SNAP service code 10
Field Name Field Type Mandatory Field Description Content-type String M Media type of the resource, i.e. application/json X-TIMESTAMP String M Client’s current local time in ISO-8601 format X-SIGNATURE String M Created using symmetric signature HMAC_SHA512 algorithm Authorization String M Represents access_token of a request; string starts with keyword “Bearer ” followed by access_token. Can get this token from Access Token B2B API response. X-PARTNER-ID String M Unique identifier for merchant. Merchant can send any value. X-EXTERNAL-ID String M Numeric string. Reference number that should be unique in the same day or 1 day idempotency key. CHANNEL-ID String M Channel ID Device identification on which the API services are currently being accessed by the end user. Given by BI.
Content-type:application/json
X-TIMESTAMP:2020-01-01T00:00:00+07:00
X-SIGNATURE: da1fa417c72d6b91c257e01e54fac824
Authorization: Bearer gp9HjjEj813Y9JGoqwOeOPWbnt4CupvIJbU1Mmu4a11MNDZ7Sg5u9a
X-PARTNER-ID: BMRI
X-EXTERNAL-ID:12345678901234567890
CHANNEL-ID:12345
Field Name Field Type Mandatory Field Description redirectURL String (256) M Merchant callback URL after success get auth code. Need to be whitelisted from GoPay side (part of GoPay Tokenization onboarding process) scopes List of String (256) M Access scope from authorization. Possible value = DEFAULT
state String (32) M Random string for CSRF merchantId String (64) M Merchant ID lang String(2) M Language code for service
Possible values: en
, id
seamlessData String (512) M Data to speed up the validation and verification process seamlessData.mobileNumber String M Mobile number to be linked seamlessData.paymentType String M Payment type to be linked. Possible value: gopay
seamlessSign String (512) M Signature from seamlessData
/get-auth-code?state=<RANDOM_UNIQUE>&merchantId=<merchant-id>&lang=id&scopes=DEFAULT&redirectUrl=<MERCHANT_OAUTH_CALLBACK_URL>&seamlessData=<SEAMLESS_DATA>&seamlessSign=<SIGNATURE>
Seamless Data Format seamlessData = URLEncode("mobileNumber=62822999999&paymentType=gopay")
Seamless Sign Format seamlessSign = URLEncode(Base64(SHA256withRSA(clientSecret, seamlessData))
Note: Merchant need to use their private key to encrypt seamless sign
Field Name Field Type Mandatory Field Description Content-type String M Media type of the resource, i.e. application/json X-TIMESTAMP String M Client’s current local time in ISO-8601 format
Content-type: application/json
X-TIMESTAMP: 2020-01-01T00:00:00+07:00
Field Name Field Type Mandatory Field Description Location String M GoPay PIN/OTP page URL
HTTP/1.1 302 Found
Location: https://www.integration-gws-app.gopayapi.com/app/authorize?referenceId=19352694-0ef6-4439-8ad1-b1dfb8bbb85f
Field Name Field Type Mandatory Field Description responseCode String(7) M Error code to specify the error returned. responseMessage String (150) M Debug message to provide more information. authCode Only returned for successful response String (256) C Auth code used to exchange with access token state Only returned for successful response String (32) C Random string for CSRF
(Merchant can validate to check if this is the same as state
sent on request) referenceNo Only returned for error response String C Debug id to provide more information.
Successful Response Error Response
redirectURL?responseCode=2001000&responseMessage=Request%has%been%processed%successfully&authCode=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9&state=WodkkwijSD
redirectURL?responseCode=5007300&responseMessage=Timeout&referenceNo=19352694-0ef6-4439-8ad1-b1dfb8bbb85f
Response Code HTTP Status Code Response Message 3021000 302 4001001 400 Already authorized 4001002 400 Invalid Mandatory Field mobileNumber 4011000 401 Unauthorized. Auth token required 4011001 401 Invalid Token (B2B) 5001001 500 Internal Server Error 5041000 504 Timeout