Before hit this API, QoinHub will call [Access Token API B2B] Merchant first. Merchant have to use QoinHub a partner id that will be used in request header as X-PARTNER-ID.
Access Token API B2B
| Path | [merchant_endpoint]/api/v1.0/access-token/b2b |
| HTTP Method | POST |
| Version | v1.0 |
| Service Code | 73 |
Request Header
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| Content-type | String | M | Media type of the resource, i.e. application/json |
| X-TIMESTAMP | String | M | Client’s current local time in ISO-8601 format |
| X-SIGNATURE | String | M | Created using asymmetric signature SHA256withRSA algorithm. Read here |
| X-CLIENT-KEY | String | M | Client’s client_id (given from email) |
| Content-type | application/json |
| X-TIMESTAMP | 2025-07-06T14:12:50+07:00 |
| X-SIGNATURE | neGbHoFVY1d7EtG8Z6VBWwykvyqIkg |
| X-CLIENT-KEY | QoinSnap |
Request Body
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| grantType | String | M | client_credentials: The client can request an access token using only its client credentials |
| additionalInfo | Object | O | Additional Information |
{
"grantType": "client_credentials",
"additionalInfo": {}
}Response Body
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| accessToken | String | C | A string representing an authorization issued to the client that used to access protected resources. Will only be returned if API call is successful. |
| additionalInfo | String | C | Addtional Info. |
| expiresIn | String | C | Time duration when the accessToken will expire. (default = 900 second). Will only be returned if API call is successful. |
| responseCode | String | M | Error code to specify the error returned. |
| responseMessage | String | M | Debug message to provide more information. |
| tokenType | String | C | The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request. Will only be returned if API call is successful. |
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhN2UzMmI3MC1hMWY2LTQyYmUtODM1NS1mZWU2MTAyODk3MjQiLCJjbGllbnRJZCI6IjIwMjAwMDIxNSIsIm5iZiI6MTcxOTQ3NjI3MywiZXhwIjoxNzE5NDc3MTczLCJpYXQiOjE3MTk0NzYyNzN9.uqvcrZaFnY2dmV16K9785xII_fby_uugeimUWJBvSYE",
"additionalInfo": {},
"expiresIn": "900",
"responseCode": "2007300",
"responseMessage": "successfull",
"tokenType": "Bearer"
}List of Response Code
| Response Code | HTTP Status Code | Response Message |
|---|---|---|
| 2007300 | 200 | Success |
| 4007302 | 400 | Invalid Signature |
| 5007300 | 500 | Internal Server Error |
Payment Notification Debit
| Path | [merchant_endpoint]/api/v1.0/debit/notify |
| HTTP Method | POST |
| Version | v1.0 |
| Service Code | 56 |
Request Header
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| Content-Type | String | M | Media type of the resource, i.e. application/json |
| Authorization | String | M | Represents access_token of a request; string starts with keyword “Bearer ” followed by access_token. Can get this from Access Token B2B API response. Read here |
| X-TIMESTAMP | String | M | Client’s current local time in ISO-8601 format |
| X-SIGNATURE | String | M | Created using symmetric signature HMAC_SHA512 algorithm. Use Access Token B2B from above. |
| X-PARTNER-ID | String | M | Unique identifier for caller |
| X-EXTERNAL-ID | String | M | Merchant’s unique ID per transaction request |
| CHANNEL-ID | String | M | PJP’s channel id. |
| Content-Type | application/json |
| Authorization | Bearer gp9HjjEj813Y9JGoqwOeOPWbnt4CupvIJbU1Mmu4a11MNDZ7Sg5u9a |
| X-TIMESTAMP | 2023-07-06T14:12:50+07:00 |
| X-SIGNATURE | qoda1fa417c72d6b91c257e01e54fac824 |
| X-PARTNER-ID | QoinSnap |
| X-EXTERNAL-ID | 41807553358950093184162180797837 |
| CHANNEL-ID | 95221 |
Request Body
Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
additionalInfo | Object | O | Object Additional Information |
createdTime | String | M | Transaction created timestamp |
latestTransactionStatus | String | M | Latest transaction status 00 (Success) 01 (Initiated) 02 (Paying) 03 (Pending) 04 (Refunded) 05 (Canceled) 06 (Failed) 07 (Not found) 08 (Expiry) 09 (Rejected) |
originalPartnerReferenceNo | String | M | Original transaction identifier on service consumer system |
originalReferenceNo | String | M | Original transaction identifier on service provider system. |
transactionStatusDesc | String | M | Description Transaction Status |
{
"additionalInfo": {},
"createdTime": "2024-08-23T07:44:11+07:00",
"latestTransactionStatus": "00",
"originalPartnerReferenceNo": "abcdefgh0017",
"originalReferenceNo": "T24080000027",
"transactionStatusDesc": "Success"
}Response Body
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| responseCode | String(7) | M | Status code of transaction charge result |
| responseMessage | String(150) | M | Description of transaction charge result. |
{
"responseCode":"2005600",
"responseMessage":"Successful"
}List Response Code
| Response Code | HTTP Status | Description |
|---|---|---|
| 2005600 | 200 | Successful |
| 4005601 | 400 | Invalid format |