Before hit this API, QoinHub will call [Access Token API B2B] Merchant first. Merchant have to use QoinHub a partner id that will be used in request header as X-PARTNER-ID.
Path [merchant_endpoint]/api/v1.0/access-token/b2b HTTP Method POST Version v1.0 Service Code 73
Field Name Field Type Mandatory Field Description Content-type String M Media type of the resource, i.e. application/json X-TIMESTAMP String M Client’s current local time in ISO-8601 format X-SIGNATURE String M Created using asymmetric signature SHA256withRSA algorithm. Read here X-CLIENT-KEY String M Client’s client_id (given at the completion registration process)
Content-type application/json X-TIMESTAMP 2025-07-06T14:12:50+07:00 X-SIGNATURE neGbHoFVY1d7EtG8Z6VBWwykvyqIkg X-CLIENT-KEY QoinSnap
Field Name Field Type Mandatory Field Description grantType String M client_credentials: The client can request an access token using only its client credentialsadditionalInfo Object O Additional Information
{
"grantType": "client_credentials",
"additionalInfo": {}
}
Field Name Field Type Mandatory Field Description accessToken String C A string representing an authorization issued to the client that used to access protected resources.Will only be returned if API call is successful. additionalInfo String C Addtional Info. expiresIn String C Time duration when the accessToken will expire. (default = 900 second).Will only be returned if API call is successful. responseCode String M Error code to specify the error returned. responseMessage String M Debug message to provide more information. tokenType String C The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request.Will only be returned if API call is successful.
Successful Response
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhN2UzMmI3MC1hMWY2LTQyYmUtODM1NS1mZWU2MTAyODk3MjQiLCJjbGllbnRJZCI6IjIwMjAwMDIxNSIsIm5iZiI6MTcxOTQ3NjI3MywiZXhwIjoxNzE5NDc3MTczLCJpYXQiOjE3MTk0NzYyNzN9.uqvcrZaFnY2dmV16K9785xII_fby_uugeimUWJBvSYE",
"additionalInfo": {},
"expiresIn": "900",
"responseCode": "2007300",
"responseMessage": "successfull",
"tokenType": "Bearer"
}
Response Code HTTP Status Code Response Message 2007300 200 Successful 4007300 400 Bad Request 4007301 400 Invalid Field Format {field name} 4007302 400 Invalid Mandatory Field {field name} 4017300 401 Unauthorized. [Reason] 4017301 401 Invalid Token (B2B) 4047301 404 Transaction Not Found 4047312 404 Invalid Bill/Virtual Account [Reason] 4047313 404 Invalid Amount 4097300 409 Conflict 5007300 500 General Error
Path [merchant_endpoint]/api/v1.0/transfer-va/payment HTTP Method POST Version v1.0 Service Code 25
Field Name Field Type Mandatory Field Description Content-Type String M Media type of the resource, i.e. application/json Authorization String M Represents access_token of a request; string starts with keyword “Bearer ” followed by access_token. Can get this from Access Token B2B API response. Read here X-TIMESTAMP String M Client’s current local time in ISO-8601 format X-SIGNATURE String M Created using symmetric signature HMAC_SHA512 algorithm. Use Access Token B2B from above. X-PARTNER-ID String M Unique identifier for caller X-EXTERNAL-ID String M Merchant’s unique ID per transaction request CHANNEL-ID String M PJP’s channel id.
Content-Type application/json Authorization Bearer gp9HjjEj813Y9JGoqwOeOPWbnt4CupvIJbU1Mmu4a11MNDZ7Sg5u9a X-TIMESTAMP 2023-07-06T14:12:50+07:00 X-SIGNATURE qoda1fa417c72d6b91c257e01e54fac824 X-PARTNER-ID QoinSnap X-EXTERNAL-ID 41807553358950093184162180797837 CHANNEL-ID 95221
Field Name Field Type Mandatory Field Description additionalInfo Object O Additional Information additionalInfo.paymentFlagStatus String(2) M Status for Payment Flag customerNo String(20) O Customer Number paidAmount Object M Amount paid for this transaction paidAmount.currency String M Transaction currency paidAmount.value String M Transaction value partnerServiceId String(8) M Partner Service ID paymentRequestId String C Payment Request ID referenceNo String M Payment auth code generated by Qoinhub trxDateTime Datetime M Transaction datetime trxId String M Transaction ID virtualAccountEmail String(255) M The customer email virtualAccountName String(255) M The customer name virtualAccountNo String(28) M Virtual account number virtualAccountPhone String(30) M The customer phonen umber
{
"additionalInfo": {
"paymentFlagStatus": "00"
},
"customerNo": "",
"paidAmount": {
"currency": "IDR",
"value": "12346678.00"
},
"partnerServiceId": " 088899",
"paymentRequestId": "",
"referenceNo": "abcdefgh0017",
"trxDateTime": "2024-08-23T07:44:11+07:00",
"trxId": "abcdefgh0017",
"virtualAccountEmail": "[email protected] ",
"virtualAccountName": "Jokul Doe ",
"virtualAccountNo": "7509240700664378",
"virtualAccountPhone": "6281828384858"
}
Field Name Field Type Mandatory Field Description responseCode String(7) M Status code of transaction charge result responseMessage String(150) M Description of transaction charge result. virtualAccountData Object M Object Virtual Account Data virtualAccountData.partnerServiceId String(8) M Partner Service Id from Create VA virtualAccountData.customerNo String(29) M Customer Number from Create VA virtualAccountData.virtualAccountNo String(28) M Virtual account number for the transaction virtualAccountData.trxDateTime Date(25) M Transaction Date Time virtualAccountData.trxId String(64) M Transaction ID
{
"responseMessage": "Successful",
"responseCode": "2002500"
}
Response Code HTTP Status Description 2002500 200 Successful 4002501 400 Invalid Field Format {field name} 4002502 400 Invalid Mandatory Field {field name} 4012500 401 Unauthorized. [Reason] 4012501 401 Invalid Token (B2B) 4042501 404 Transaction Not Found 4042512 404 Invalid Bill/Virtual Account [Reason] 4042513 404 Invalid Amount 4092500 409 Conflict 5002500 500 General Error
