Before hit this API, QoinHub will call [Access Token API B2B] Merchant first. Merchant have to use QoinHub a partner id that will be used in request header as X-PARTNER-ID.
Access Token API B2B
| Path | [merchant_endpoint]/api/v1.0/access-token/b2b |
| HTTP Method | POST |
| Version | v1.0 |
| Service Code | 73 |
Request Header
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| Content-type | String | M | Media type of the resource, i.e. application/json |
| X-TIMESTAMP | String | M | Client’s current local time in ISO-8601 format |
| X-SIGNATURE | String | M | Created using asymmetric signature SHA256withRSA algorithm. Read here |
| X-CLIENT-KEY | String | M | Client’s client_id (given at the completion registration process) |
| Content-type | application/json |
| X-TIMESTAMP | 2025-07-06T14:12:50+07:00 |
| X-SIGNATURE | neGbHoFVY1d7EtG8Z6VBWwykvyqIkg |
| X-CLIENT-KEY | QoinSnap |
Request Body
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| grantType | String | M | client_credentials: The client can request an access token using only its client credentials |
| additionalInfo | Object | O | Additional Information |
{
"grantType": "client_credentials",
"additionalInfo": {}
}Response Body
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| accessToken | String | C | A string representing an authorization issued to the client that used to access protected resources. Will only be returned if API call is successful. |
| additionalInfo | String | C | Addtional Info. |
| expiresIn | String | C | Time duration when the accessToken will expire. (default = 900 second). Will only be returned if API call is successful. |
| responseCode | String | M | Error code to specify the error returned. |
| responseMessage | String | M | Debug message to provide more information. |
| tokenType | String | C | The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request. Will only be returned if API call is successful. |
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhN2UzMmI3MC1hMWY2LTQyYmUtODM1NS1mZWU2MTAyODk3MjQiLCJjbGllbnRJZCI6IjIwMjAwMDIxNSIsIm5iZiI6MTcxOTQ3NjI3MywiZXhwIjoxNzE5NDc3MTczLCJpYXQiOjE3MTk0NzYyNzN9.uqvcrZaFnY2dmV16K9785xII_fby_uugeimUWJBvSYE",
"additionalInfo": {},
"expiresIn": "900",
"responseCode": "2007300",
"responseMessage": "successfull",
"tokenType": "Bearer"
}List of Response Code
| Response Code | HTTP Status Code | Response Message |
|---|---|---|
| 2007300 | 200 | Successful |
| 4007300 | 400 | Bad Request |
| 4007301 | 400 | Invalid Field Format {field name} |
| 4007302 | 400 | Invalid Mandatory Field {field name} |
| 4017300 | 401 | Unauthorized. [reason] |
| 4017301 | 401 | Invalid Token (B2B) |
| 4097300 | 409 | Conflict |
| 5005100 | 500 | General Error |
Payment Notification QRIS
| Path | [merchant_endpoint]/api/v1.0/qr/qr-mpm-notify |
| HTTP Method | POST |
| Version | v1.0 |
| Service Code | 52 |
Request Header
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| Content-Type | String | M | Media type of the resource, i.e. application/json |
| Authorization | String | M | Represents access_token of a request; string starts with keyword “Bearer ” followed by access_token. Can get this from Access Token B2B API response. Read here |
| X-TIMESTAMP | String | M | Client’s current local time in ISO-8601 format |
| X-SIGNATURE | String | M | Created using symmetric signature HMAC_SHA512 algorithm. Use Access Token B2B from above. |
| X-PARTNER-ID | String | M | Unique identifier for caller |
| X-EXTERNAL-ID | String | M | Merchant’s unique ID per transaction request |
| CHANNEL-ID | String | M | PJP’s channel id. |
| Content-Type | application/json |
| Authorization | Bearer gp9HjjEj813Y9JGoqwOeOPWbnt4CupvIJbU1Mmu4a11MNDZ7Sg5u9a |
| X-TIMESTAMP | 2023-07-06T14:12:50+07:00 |
| X-SIGNATURE | qoda1fa417c72d6b91c257e01e54fac824 |
| X-PARTNER-ID | QoinSnap |
| X-EXTERNAL-ID | 41807553358950093184162180797837 |
| CHANNEL-ID | 95221 |
Request Body
Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
additionalInfo | Object | O | Additional Information |
rrn | String | O | Additional Information rrn |
amount | Object | M | Amount Object |
currency | String | M | Transaction currency |
value | String | M | Transaction amount |
externalStoreId | String | O | Unique identifier from External Store |
latestTransactionStatus | String | M | Latest Transaction Status 00 (Success) 01 (Initiated) 02 (Paying) 03 (Pending) 04 (Refunded) 05 (Canceled) 06 (Failed) 07 (Not found) 08 (Expiry) 09 (Rejected) |
originalPartnerReferenceNo | String | M | Original transaction identifier on service consumer system |
originalReferenceNo | String | M | Original transaction identifier on service provider system. |
transactionStatusDesc | String | M | Description Transaction Status |
{
"additionalInfo": {
"rrn": "305080000010"
},
"amount": {
"currency": "IDR",
"value": "20.00"
},
"externalStoreId": "",
"latestTransactionStatus": "00",
"originalPartnerReferenceNo": "18000245195080000010",
"originalReferenceNo": "T25050000799117",
"transactionStatusDesc": "Success"
}Response Body
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| responseCode | String(7) | M | Status code of transaction charge result |
| responseMessage | String(150) | M | Description of transaction charge result. |
{
"responseCode":"2005200",
"responseMessage":"Successful"
}List Response Code
| Response Code | HTTP Status | Description |
|---|---|---|
| 2005200 | 200 | Successful |
| 4005201 | 400 | Invalid Field Format {field name} |
| 4005202 | 400 | Invalid Mandatory Field {field name} |
| 4015200 | 401 | Unauthorized. [reason] |
| 4015201 | 401 | Invalid Token (B2B) |
| 4095200 | 409 | Conflict |
| 5005200 | 500 | General Error |