Access Token API B2B

This API is used to get access token from merchant to QoinHub as the acquirer. The access token should be included in Authorization header of every transaction sent to API Management. The authentication is valid for 15 minutes, otherwise you will be required to request new Access Token.


Path	/ordersnap/api/v1.0/access-token/b2b
HTTP Method	POST
Version	v1.0
Service Code	73

Request Header

Field Name	Field Type	Mandatory	Field Description
Content-type	String	M	Media type of the resource, i.e. application/json
X-TIMESTAMP	String	M	Client’s current local time in ISO-8601 format
X-SIGNATURE	String	M	Created using asymmetric signature SHA256withRSA algorithm. Read here
X-CLIENT-KEY	String	M	API Key / Client ID merchant (Web Merchant > Pengaturan > System Setting > tab Security Key)


Content-type	application/json
X-TIMESTAMP	2025-07-06T14:12:50+07:00
X-SIGNATURE	neGbHoFVY1d7EtG8Z6VBWwykvyqIkg
X-CLIENT-KEY	7fb118fb-2738-4886-9817-8a2c4de43001

Request Body

Field Name	Field Type	Mandatory	Field Description
grantType	String	M	`client_credentials:` The client can request an access token using only its client credentials
additionalInfo	Object	O	Additional Information

{
    "grantType": "client_credentials",
    "additionalInfo": {}
}

Response Body

Field Name	Field Type	Mandatory	Field Description
accessToken	String	C	A string representing an authorization issued to the client that used to access protected resources. Will only be returned if API call is successful.
additionalInfo	String	C	Addtional Info.
expiresIn	String	C	Time duration when the accessToken will expire. (default = 900 second). Will only be returned if API call is successful.
responseCode	String	M	Error code to specify the error returned.
responseMessage	String	M	Debug message to provide more information.
tokenType	String	C	The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request. Will only be returned if API call is successful.

{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhN2UzMmI3MC1hMWY2LTQyYmUtODM1NS1mZWU2MTAyODk3MjQiLCJjbGllbnRJZCI6IjIwMjAwMDIxNSIsIm5iZiI6MTcxOTQ3NjI3MywiZXhwIjoxNzE5NDc3MTczLCJpYXQiOjE3MTk0NzYyNzN9.uqvcrZaFnY2dmV16K9785xII_fby_uugeimUWJBvSYE",
  "additionalInfo": {},
  "expiresIn": "900",
  "responseCode": "2007300",
  "responseMessage": "Successful",
  "tokenType": "Bearer"
}

List of Response Code

Response Code	HTTP Status Code	Response Message
2007300	200	Success
4007302	400	Invalid Signature
5007300	500	Internal Server Error