Before hit this API, QoinHub will call [Access Token API B2B] Merchant first. Merchant have to use QoinHub a partner id that will be used in request header as X-PARTNER-ID.
Access Token API B2B
Path
[merchant_endpoint]/api/v1.0/access-token/b2b
HTTP Method
POST
Version
v1.0
Service Code
73
Request Header
Field Name
Field Type
Mandatory
Field Description
Content-type
String
M
Media type of the resource, i.e. application/json
X-TIMESTAMP
String
M
Client’s current local time in ISO-8601 format
X-SIGNATURE
String
M
Created using asymmetric signature SHA256withRSA algorithm. Read here
X-CLIENT-KEY
String
M
Client’s client_id (given at the completion registration process)
Content-type
application/json
X-TIMESTAMP
2025-07-06T14:12:50+07:00
X-SIGNATURE
neGbHoFVY1d7EtG8Z6VBWwykvyqIkg
X-CLIENT-KEY
QoinSnap
Request Body
Field Name
Field Type
Mandatory
Field Description
grantType
String
M
client_credentials: The client can request an access token using only its client credentials
A string representing an authorization issued to the client that used to access protected resources.
Will only be returned if API call is successful.
additionalInfo
String
C
Addtional Info.
expiresIn
String
C
Time duration when the accessToken will expire. (default = 900 second).
Will only be returned if API call is successful.
responseCode
String
M
Error code to specify the error returned.
responseMessage
String
M
Debug message to provide more information.
tokenType
String
C
The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request.
Will only be returned if API call is successful.
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhN2UzMmI3MC1hMWY2LTQyYmUtODM1NS1mZWU2MTAyODk3MjQiLCJjbGllbnRJZCI6IjIwMjAwMDIxNSIsIm5iZiI6MTcxOTQ3NjI3MywiZXhwIjoxNzE5NDc3MTczLCJpYXQiOjE3MTk0NzYyNzN9.uqvcrZaFnY2dmV16K9785xII_fby_uugeimUWJBvSYE",
"additionalInfo": {},
"expiresIn": "900",
"responseCode": "2007300",
"responseMessage": "Request has been processed successfullyRequest has been processed successfully",
"tokenType": "Bearer"
}
List of Response Code
Response Code
HTTP Status Code
Response Message
2007300
200
Success
4007302
400
Invalid Signature
5007300
500
Internal Server Error
Payment Notification QRIS
Path
[merchant_endpoint]/api/v1.0/qr/qr-mpm-notify
HTTP Method
POST
Version
v1.0
Service Code
52
Request Header
Field Name
Field Type
Mandatory
Field Description
Content-Type
String
M
Media type of the resource, i.e. application/json
Authorization
String
M
Represents access_token of a request; string starts with keyword “Bearer ” followed by access_token. Can get this from Access Token B2B API response. Read here
X-TIMESTAMP
String
M
Client’s current local time in ISO-8601 format
X-SIGNATURE
String
M
Created using symmetric signature HMAC_SHA512 algorithm. Use Access Token B2B from above.