GoPay Tokenization

📘

GoPay Tokenizations mode is available for both Snap and Core API integration. To read about GoPay Tokenization in Snap checkout, go here.

Midtrans will launch an updated version of our sandbox environment for GoPay Tokenization payment method starting from October 22nd, 2024. Fore more info on the updated sandbox, go here.

GoPay Tokenization allows you to link your customer GoPay account. The flow is similar to card tokenization where you can use the linked customer account for transaction authorization. This flow is recommended for recurring payments.

There are two flow types for GoPay Tokenization:

1. Web flow: Linking and payment verification will be done via GoPay web flow. For this flow, use below rdirection URL:
   1. verification-link-url will redirect the user to a GoPay web to do OTP or PIN verification.
2. App redirection flow: Linking and payment verification will be done via Gojek and GoPay App. For this flow, use the following two redirection URLs:
   1. verification-link-url is for transactions that happen in desktop browser. When the user is redirected to this URL, the user will see a QR and the customer will receive a push notification from their Gojek app to do verification. Once the customer verifies the transaction on the app, it will be automatically redirected to the merchant page.
   2. verification-link-app is for transactions that happen in mobile app or browser. User will be redirected to Gojek or GoPay app to do the verification.

Sequence Diagram

Linking flow via GoPay web

Linking flow via Gojek / GoPay App

Payment flow via GoPay web

Payment flow via Gojek / GoPay App

Payment No Pin

The steps to integrate with GoPay Tokenization are given below.

1. Link customer account only if the customer's phone number is not yet linked to GoPay.
2. Fetch customer account. If the linking of customer account is successful, then the payment options available to the customer are GOPAY_SAVINGS, GOPAY_WALLET, and PAY_LATER with balance information. Customer can select any of these options. Merchants are encouraged to call this API before payment to make sure the merchant uses the updated token when creating payment
3. Merchant can call the Charge API using payment option token that get from the response above to create payment. Ensure to have proper handling of various status codes that you've received from Midtrans - for example, if the status_code in the response is 200, then the transaction is completed. If the status_code is 201, then you need to open the verification URL in the actions to the customer. Once the verification is done, it will redirect back to the callback URL that you put in the charge call. For GoPay Tokenization, only the whitelisted domain will be accepted, hence please inform our Business team for domain that you want to used for callback URL.
4. Customer should be able to unlink GoPay account if they dont want to use GoPay anymore, ensure there's entrypoint in merchant app or web for customer to unlink their GoPay. To initiate unlinking flow, merchant can integrate with Unbind Pay Account API.
5. Ensure to listen to the Unbind Pay Account notification for customers that unlink GoPay account from Gojek and GoPay app so the same account status between Merchant and GoPay. Customer account will be automatically unlinked if customer change phone number in Gojek/GoPay app. Please refer to this article: Pay Account Unbind Notification

GoPay Tokenization Charge API Request

{
  "payment_type": "gopay",
  "gopay": {
    "account_id": "00000269-7836-49e5-bc65-e592afafec14",
    "payment_option_token": "eyJ0eXBlIjogIkdPUEFZX1dBTExFVCIsICJpZCI6ICIifQ==",
    "callback_url": "https://midtrans.com/",
    "recurring": false,
    "promotion_ids": [
"CASHBACK|acbec7d4-b30b-44ac-9c42-f5d767419a72|8bb3c041-c71e-40f3-892b-688fda2ec979||2021-02-22|2021-02-23"
    ]
  },
  "transaction_details": {
    "gross_amount": 100000,
    "order_id": "order-1234"
  }
}

The attributes to be sent to charge GoPay Tokenization are given below.

GoPay Tokenization Charge Response and Notifications

{
  "status_code": "200",
  "status_message": "Success, GoPay transaction is successful",
  "transaction_id": "00000269-7836-49e5-bc65-e592afafec14",
  "order_id": "order-1234",
  "gross_amount": "100000.00",
  "currency": "IDR",
  "payment_type": "gopay",
  "transaction_time": "2016-06-28 09:42:20",
  "transaction_status": "settlement",
  "fraud_status": "accept",
}

{
  "status_code": "201",
  "status_message": "GoPay transaction is created. Action(s) required",
  "transaction_id": "00000269-7836-49e5-bc65-e592afafec14",
  "order_id": "order-1234",
  "gross_amount": "100000.00",
  "currency": "IDR",
  "payment_type": "gopay",
  "transaction_time": "2016-06-28 09:42:20",
  "transaction_status": "pending",
  "fraud_status": "accept",
  "actions": [
    {
      "name": "verification-link-url",
      "method": "GET",
      "url": "http://api.midtrans.com/v2/gopay/redirect/gppr_6123269-1425-21e3-bc44-e592afafec14/charge"
    },
    {
      "name": "verification-link-app",
      "method": "GET",
      "url": "http://api.midtrans.com/v2/gopay/redirect/gppd_6123269-1425-21e3-bc44-e592afafec14/charge"
    }
  ]
}

{
  "status_code": "202",
  "status_message": "GoPay transaction is denied",
  "transaction_id": "a8a91ece-24f9-427d-a588-b9a2428acda0",
  "order_id": "order-1234",
  "gross_amount": "100000.00",
  "currency": "IDR",
  "payment_type": "gopay",
  "transaction_time": "2016-06-28 09:42:20",
  "transaction_status": "deny",
  "fraud_status": "accept",
}

GoPay Tokenization Features: Pre-Authorization

Merchant that enables GoPay Tokenization could opt to do pre-auth transactions. Pre-auth allows merchant to reserve the customer balance before the goods or services are delivered.

Pre-auth flow allows you to make a reservation to user's wallet balance. This will help for cases where you need to reserve user's balance instead of debit it directly, to initiate debit you can call Capture API afterwards. To use this feature, you can set pre-auth as true on GoPay Object. By default, reserved balance will be released after 15 minutes if there is no "capture" action for that transaction. Capturing a reservation is a process to settle the customer balance into merchant account. You can customize reservation time limits by sending custom expiry time parameters on charge request

As of now, pre-auth flow feature only supports non PIN flow. To test in Sandbox, please make sure that the amount doesn’t exceed IDR 100,000.

GoPay Tokenization Features: Pre-Authorization Flow

The steps to integrate Gopay Tokenization Pre-Auth feature are given below.

1. The linking process is exactly same as GoPay Tokenization linking process above.
2. If the linking is already successful then the customer can proceed with the charge. The only difference is that merchant needs to pass pre_auth: "true" parameter. See example on the side.
3. Ensure to have proper handling of various status codes that you've received from Midtrans - for example, if the status_code in the response is 200, then the transaction is authorized. If the status_code is 201, then you need to open the verification URL in the actions to the customer. Once the verification is done, it will be redirected back to the callback URL that is set on your dashboard.
4. You need to call Capture API. Please note that we do not accept partial amount capture for GoPay.
5. As an option, you can also cancel the authorization by calling the Cancel API.

Send a Charge API request with the details of the transaction and pre_auth:true. Successful request returns a status_code:200.

Pre-Auth Charge API Request

{
  "payment_type": "gopay",
  "gopay": {
    "account_id": "00000269-7836-49e5-bc65-e592afafec14",
    "payment_option_token": "eyJ0eXBlIjogIkdPUEFZX1dBTExFVCIsICJpZCI6ICIifQ==",
    "pre_auth": true, // the default value is false
  },
  "transaction_details": {
    "gross_amount": 100000,
    "order_id": "order-1234"
  }
}

Pre-Auth Charge Response and Notifications

{
  "status_code": "200",
  "status_message": "Success, GoPay transaction is successful",
  "transaction_id": "00000269-7836-49e5-bc65-e592afafec14",
  "order_id": "order-1234",
  "gross_amount": "100000.00",
  "currency": "IDR",
  "payment_type": "gopay",
  "transaction_time": "2016-06-28 09:42:20",
  "transaction_status": "authorize",
  "fraud_status": "accept",
  "channel_response_code": "0",
  "channel_response_message": "Process service request successfully."
}

{
  "status_code": "201",
  "status_message": "GoPay transaction is created. Action(s) required",
  "transaction_id": "00000269-7836-49e5-bc65-e592afafec14",
  "order_id": "order-1234",
  "gross_amount": "100000.00",
  "currency": "IDR",
  "payment_type": "gopay",
  "transaction_time": "2016-06-28 09:42:20",
  "transaction_status": "pending",
  "fraud_status": "accept",
  "actions": [
    {
      "name": "verification-link-url",
      "method": "GET",
      "url": "http://api.midtrans.com/v2/gopay/redirect/gppr_6123269-1425-21e3-bc44-e592afafec14/charge"
    },
    {
      "name": "verification-link-app",
      "method": "GET",
      "url": "http://api.midtrans.com/v2/gopay/redirect/gppd_6123269-1425-21e3-bc44-e592afafec14/charge"
    }
  ]
}

{
  "status_code": "202",
  "status_message": "GoPay transaction is denied",
  "transaction_id": "a8a91ece-24f9-427d-a588-b9a2428acda0",
  "order_id": "order-1234",
  "gross_amount": "100000.00",
  "currency": "IDR",
  "payment_type": "gopay",
  "transaction_time": "2016-06-28 09:42:20",
  "transaction_status": "deny",
  "fraud_status": "accept",
}