To start using the BI-SNAP version of Core API, merchants will first need to do credentials exchange with Midtrans. To do this, merchants need to prepare and submit the following items as part of the onboarding process.
| No. | Items to prepare | Definition |
|---|---|---|
| 1 | Merchant's public and private key | Merchant needs to create their public and private key (generated using PKCS8 standard) for signature generation that will be used when calling Access Token API. Notes: 1. Public key is merchant’s key that will be shared with Midtrans for signature decryption purpose 2. Private key is merchant’s confidential key that will be saved on merchant’s side |
| 2 | Merchant's redirect URL Required only for GoPay Tokenization flow | Merchant needs to share the redirection URL that will be used as redirection URL after user has authorized linking/payment on Gojek/GoPay app |
| 3 | Merchant’s outgoing IP | Merchant’s IP that will be whitelisted on Midtrans side. Only shared IP will be allowed to call Midtrans’ API |
| 4 | Merchant's notification URL Required if merchant consumed notification from Midtrans | Midtrans will send payment notification to the merchant's notification URL shared by merchants |
| 5 | Merchant ID (MID) | Merchant needs to complete registration on midtrans.com to acquire Merchant ID. Merchant can use an existing MID if wishes to. |
Midtrans will then share the following items for merchant to store and use when calling Midtrans' API.
| No. | Items provided by Midtrans | Definition |
|---|---|---|
| 1 | Midtrans’ public key Required if merchant consumed notification from Midtrans | Midtrans will share its public key to merchant. By using Midtrans public key, merchant will be able to decrypt signature that is sent from Midtrans when calling merchant’s notification endpoint |
| 2 | Client ID | Merchant’s client ID that will be given by Midtrans, will be used as X-CLIENT-KEY on request’s header in B2B Access Token API |
| 3 | Client Secret | Merchant’s secret key that will be given by Midtrans, will be used for symmetric signature generation for Transactional API’s header |
| 4 | Partner ID | Merchant’s partner ID that will be given by Midtrans, will be used as X-PARTNER-ID on Transactional API’s header |
| 5 | Midtrans outgoing IP Required if merchant consumed notification from Midtrans | Midtrans’ IP that merchant needs to whitelist to receive notification from Midtrans Staging: 3.1.141.98/32 52.76.190.190/32 13.251.192.204/32 Production: 13.228.166.126/32 52.220.80.5/32 3.1.123.95/32 |