Before hit this API, QoinHub will call [Access Token API B2B] Merchant first. Merchant have to use QoinHub a partner id that will be used in request header as X-PARTNER-ID.

Access Token API B2B


Path	[merchant_endpoint]/api/v1.0/access-token/b2b
HTTP Method	POST
Version	v1.0
Service Code	73

Request Header

Field Name	Field Type	Mandatory	Field Description
Content-type	String	M	Media type of the resource, i.e. application/json
X-TIMESTAMP	String	M	Client’s current local time in ISO-8601 format
X-SIGNATURE	String	M	Created using asymmetric signature SHA256withRSA algorithm. Read here
X-CLIENT-KEY	String	M	Client’s client_id (given at the completion registration process)


Content-type	application/json
X-TIMESTAMP	2025-07-06T14:12:50+07:00
X-SIGNATURE	neGbHoFVY1d7EtG8Z6VBWwykvyqIkg
X-CLIENT-KEY	QoinSnap

Request Body

Field Name	Field Type	Mandatory	Field Description
grantType	String	M	`client_credentials:` The client can request an access token using only its client credentials
additionalInfo	Object	O	Additional Information

{
    "grantType": "client_credentials",
    "additionalInfo": {}
}

Response Body

Field Name	Field Type	Mandatory	Field Description
accessToken	String	C	A string representing an authorization issued to the client that used to access protected resources. Will only be returned if API call is successful.
additionalInfo	String	C	Addtional Info.
expiresIn	String	C	Time duration when the accessToken will expire. (default = 900 second). Will only be returned if API call is successful.
responseCode	String	M	Error code to specify the error returned.
responseMessage	String	M	Debug message to provide more information.
tokenType	String	C	The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request. Will only be returned if API call is successful.

{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhN2UzMmI3MC1hMWY2LTQyYmUtODM1NS1mZWU2MTAyODk3MjQiLCJjbGllbnRJZCI6IjIwMjAwMDIxNSIsIm5iZiI6MTcxOTQ3NjI3MywiZXhwIjoxNzE5NDc3MTczLCJpYXQiOjE3MTk0NzYyNzN9.uqvcrZaFnY2dmV16K9785xII_fby_uugeimUWJBvSYE",
  "additionalInfo": {},
  "expiresIn": "900",
  "responseCode": "2007300",
  "responseMessage": "Request has been processed successfullyRequest has been processed successfully",
  "tokenType": "Bearer"
}

List of Response Code

Response Code	HTTP Status Code	Response Message
2007300	200	Success
4007302	400	Invalid Signature
5007300	500	Internal Server Error

Payment Notification VA


Path	[merchant_endpoint]/api/v1.0/transfer-va/payment
HTTP Method	POST
Version	v1.0
Service Code	25

Request Header

Field Name	Field Type	Mandatory	Field Description
Content-Type	String	M	Media type of the resource, i.e. application/json
Authorization	String	M	Represents access_token of a request; string starts with keyword “Bearer ” followed by access_token. Can get this from Access Token B2B API response. Read here
X-TIMESTAMP	String	M	Client’s current local time in ISO-8601 format
X-SIGNATURE	String	M	Created using symmetric signature HMAC_SHA512 algorithm. Use Access Token B2B from above.
X-PARTNER-ID	String	M	Unique identifier for caller
X-EXTERNAL-ID	String	M	Merchant’s unique ID per transaction request
CHANNEL-ID	String	M	PJP’s channel id.


Content-Type	application/json
Authorization	Bearer gp9HjjEj813Y9JGoqwOeOPWbnt4CupvIJbU1Mmu4a11MNDZ7Sg5u9a
X-TIMESTAMP	2023-07-06T14:12:50+07:00
X-SIGNATURE	qoda1fa417c72d6b91c257e01e54fac824
X-PARTNER-ID	QoinSnap
X-EXTERNAL-ID	41807553358950093184162180797837
CHANNEL-ID	95221

Request Body

Field Name	Field Type	Mandatory	Field Description
additionalInfo	Object	O	Additional Information
additionalInfo.paymentFlagStatus	String(2)	M	Status for Payment Flag
customerNo	String(20)	O	Customer Number
paidAmount	Object	M	Amount paid for this transaction
paidAmount.currency	String	M	Transaction currency
paidAmount.value	String	M	Transaction value
partnerServiceId	String(8)	M	Partner Service ID
paymentRequestId	String	C	Payment Request ID
referenceNo	String	M	Payment auth code generated by Qoinhub
trxDateTime	Datetime	M	Transaction datetime
trxId	String	M	Transaction ID
virtualAccountEmail	String(255)	M	The customer email
virtualAccountName	String(255)	M	The customer name
virtualAccountNo	String(28)	M	Virtual account number
virtualAccountPhone	String(30)	M	The customer phonen umber

  {
    "additionalInfo": {
      "paymentFlagStatus": "00"
    },
    "customerNo": "",
    "paidAmount": {
      "currency": "IDR",
      "value": "12346678.00"
    },
    "partnerServiceId": "  088899",
    "paymentRequestId": "",
    "referenceNo": "abcdefgh0017",
    "trxDateTime": "2024-08-15 05:53:11",
    "trxId": "abcdefgh0017",
    "virtualAccountEmail": "[email protected]",
    "virtualAccountName": "Jokul Doe ",
    "virtualAccountNo": "7509240700664378",
    "virtualAccountPhone": "6281828384858"
  }

Response Body

Field Name	Field Type	Mandatory	Field Description
responseCode	String(7)	M	Status code of transaction charge result
responseMessage	String(150)	M	Description of transaction charge result.
virtualAccountData	Object	M	Object Virtual Account Data
virtualAccountData.partnerServiceId	String(8)	M	Partner Service Id from Create VA
virtualAccountData.customerNo	String(29)	M	Customer Number from Create VA
virtualAccountData.virtualAccountNo	String(28)	M	Virtual account number for the transaction
virtualAccountData.trxDateTime	Date(25)	M	Transaction Date Time
virtualAccountData.trxId	String(64)	M	Transaction ID

{
    "responseMessage": "Successful",
    "responseCode": "2002500",
    "virtualAccountData": {
        "partnerServiceId": "  088899",
        "customerNo": "12345678901234567890",
        "virtualAccountNo": "  08889912345678901234567890",
        "trxDateTime":"20201231T235959Z",
        "trxId": "testing-001"
}

List Response Code

Response Code	HTTP Status	Description
2002500	200	Successful
4002501	400	Invalid format