Merchant Server API Specification

Merchant Server API Specification


There is a merchant server component in the transaction flow. The goal is to provide an extra layer of security since your Midtrans Server Key should be passed in the header of each request. The Server key is important, so you need to ensure that it is not embedded in your application since there’s a possibility of reverse engineering through decompilation. All requests coming from the SDK will not have the authorization header since the merchant server will provide this.

The server key that is base64 encoded should be in the Authorization request header. The rest of the headers and request body should just be forwarded. Once the response from the Partner API is received, the received request body, status code and request headers should be returned to the SDK.

The following sections define the specification of each required endpoints.


Account Linking


Endpoint address is /v2/pay/account
Request method is POST
Expected mandatory additional headers being sent to partner API are listed in the table below:


Field NameTypeValueExplanation
Content-TypeStringapplication/jsonStandard requirement to define the incoming request content type.
AcceptStringapplication/jsonStandard requirement to expect response content type.
AuthorizationStringBase64 Encoded result of Server keyA string resulted from Base64 encoding of the Midtrans Merchant Server Key.

Partner API forwarding endpoint is /v2/pay/account
Request Method is POST.
Request Header should follow the above requirements.
Request body should forward all request body sent from the SDK.


For every response from Partner API, please return to SDK and use the same request headers and request body. HTTP status code should follow the payload content in the status_code field.


Account Status Enquiry


Endpoint address is /v2/pay/account/<account id>
Request method is GET
The expected mandatory additional headers being sent to the partner API are listed in the table below:


Field NameTypeValueExplanation
AcceptStringapplication/jsonStandard requirement to expect response content type
AuthorizationStringBase64 Encoded result of Server keyA string resulted from Base64 encoding of the Midtrans Merchant Server Key

Partner API forwarding endpoint is /v2/pay/account/<account id>
Request Method is GET.
Request Header should follow the above requirements.
Request body should forward all request body sent from the SDK.


For every response from Partner API, please return to SDK and use the same request headers and request body. HTTP status code should follow the payload content in the status_code field.


Create Transaction


Endpoint address is /v2/charge
Request method is POST
Expected mandatory additional headers being sent to partner API are listed in the table below:


Field NameTypeValueExplanation
Content-TypeStringapplication/jsonStandard requirement to define the incoming request content type.
AcceptStringapplication/jsonStandard requirement to expect response content type.
AuthorizationStringBase64 Encoded result of Server keyA string resulted from Base64 encoding of the Midtrans Merchant Server Key.

Partner API forwarding endpoint is /v2/charge.
Request Method is POST.
Request Header should follow the above requirements.
Request body should forward all request body sent from the SDK


For every response from Partner API, please return to SDK and use the same request headers and request body. HTTP status code should follow the payload content in the status_code field.


Disable Account


Endpoint address is /v2/pay/account/<account id>/unbind
Request method is POST
Expected mandatory additional headers being sent to partner API are listed in the table below:


Field NameTypeValueExplanation
Content-TypeStringapplication/jsonStandard requirement to define the incoming request content type
AcceptStringapplication/jsonStandard requirement to expect response content type
AuthorizationStringBase64 Encoded result of Server keyA string resulted from Base64 encoding of the Midtrans Merchant Server Key

Partner API forwarding endpoint is /v2/pay/account/<account id>/unbind
Request Method is POST
Request Header should follow the above requirements
Request body should forward all request body sent from the SDK


For every response from Partner API, please return to SDK and use the same request headers and request body. HTTP status code should follow the payload content in the status_code field.