Before hit this API, QoinHub will call [Access Token API B2B] Merchant first. Merchant have to use QoinHub a partner id that will be used in request header as X-PARTNER-ID.
Access Token API B2B
| Path | [merchant_endpoint]/api/v1.0/access-token/b2b |
| HTTP Method | POST |
| Version | v1.0 |
| Service Code | 73 |
Request Header
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| Content-type | String | M | Media type of the resource, i.e. application/json |
| X-TIMESTAMP | String | M | Client’s current local time in ISO-8601 format |
| X-SIGNATURE | String | M | Created using asymmetric signature SHA256withRSA algorithm. Read here |
| X-CLIENT-KEY | String | M | Client’s client_id (given at the completion registration process) |
| Content-type | application/json |
| X-TIMESTAMP | 2025-07-06T14:12:50+07:00 |
| X-SIGNATURE | neGbHoFVY1d7EtG8Z6VBWwykvyqIkg |
| X-CLIENT-KEY | QoinSnap |
Request Body
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| grantType | String | M | client_credentials: The client can request an access token using only its client credentials |
| additionalInfo | Object | O | Additional Information |
{
"grantType": "client_credentials",
"additionalInfo": {}
}Response Body
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| accessToken | String | C | A string representing an authorization issued to the client that used to access protected resources. Will only be returned if API call is successful. |
| additionalInfo | String | C | Addtional Info. |
| expiresIn | String | C | Time duration when the accessToken will expire. (default = 900 second). Will only be returned if API call is successful. |
| responseCode | String | M | Error code to specify the error returned. |
| responseMessage | String | M | Debug message to provide more information. |
| tokenType | String | C | The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request. Will only be returned if API call is successful. |
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhN2UzMmI3MC1hMWY2LTQyYmUtODM1NS1mZWU2MTAyODk3MjQiLCJjbGllbnRJZCI6IjIwMjAwMDIxNSIsIm5iZiI6MTcxOTQ3NjI3MywiZXhwIjoxNzE5NDc3MTczLCJpYXQiOjE3MTk0NzYyNzN9.uqvcrZaFnY2dmV16K9785xII_fby_uugeimUWJBvSYE",
"additionalInfo": {},
"expiresIn": "900",
"responseCode": "2007300",
"responseMessage": "successfull",
"tokenType": "Bearer"
}List of Response Code
| Response Code | HTTP Status Code | Response Message |
|---|---|---|
| 2007300 | 200 | Successful |
| 4007300 | 400 | Bad Request |
| 4007301 | 400 | Invalid Field Format {field name} |
| 4007302 | 400 | Invalid Mandatory Field {field name} |
| 4017300 | 401 | Unauthorized. [Reason] |
| 4017301 | 401 | Invalid Token (B2B) |
| 4047301 | 404 | Transaction Not Found |
| 4047312 | 404 | Invalid Bill/Virtual Account [Reason] |
| 4047313 | 404 | Invalid Amount |
| 4097300 | 409 | Conflict |
| 5007300 | 500 | General Error |
Payment Notification VA
| Path | [merchant_endpoint]/api/v1.0/transfer-va/payment |
| HTTP Method | POST |
| Version | v1.0 |
| Service Code | 25 |
Request Header
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| Content-Type | String | M | Media type of the resource, i.e. application/json |
| Authorization | String | M | Represents access_token of a request; string starts with keyword “Bearer ” followed by access_token. Can get this from Access Token B2B API response. Read here |
| X-TIMESTAMP | String | M | Client’s current local time in ISO-8601 format |
| X-SIGNATURE | String | M | Created using symmetric signature HMAC_SHA512 algorithm. Use Access Token B2B from above. |
| X-PARTNER-ID | String | M | API Key / Client ID merchant (Web Merchant > Pengaturan > System Setting > tab Security Key) |
| X-EXTERNAL-ID | String | M | Merchant’s unique ID per transaction request |
| CHANNEL-ID | String | M | PJP’s channel id. |
| Content-Type | application/json |
| Authorization | Bearer gp9HjjEj813Y9JGoqwOeOPWbnt4CupvIJbU1Mmu4a11MNDZ7Sg5u9a |
| X-TIMESTAMP | 2023-07-06T14:12:50+07:00 |
| X-SIGNATURE | qoda1fa417c72d6b91c257e01e54fac824 |
| X-PARTNER-ID | QoinSnap |
| X-EXTERNAL-ID | 41807553358950093184162180797837 |
| CHANNEL-ID | 95221 |
Request Body
Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
additionalInfo | Object | O | Additional Information |
additionalInfo.paymentFlagStatus | String(2) | M | Status for Payment Flag 00 (Success) 01 (Initiated) 02 (Paying) 03 (Pending) 04 (Refunded) 05 (Canceled) 06 (Failed) 07 (Not found) 08 (Expiry) 09 (Rejected) |
customerNo | String(20) | O | Customer Number |
paidAmount | Object | M | Amount paid for this transaction |
paidAmount.currency | String | M | Transaction currency |
paidAmount.value | String | M | Transaction value |
partnerServiceId | String(8) | M | Partner Service ID |
paymentRequestId | String | C | Payment Request ID |
referenceNo | String | M | Payment auth code generated by Qoinhub |
trxDateTime | Datetime | M | Transaction datetime |
trxId | String | M | Transaction ID |
virtualAccountEmail | String(255) | M | The customer email |
virtualAccountName | String(255) | M | The customer name |
virtualAccountNo | String(28) | M | Virtual account number |
virtualAccountPhone | String(30) | M | The customer phonen umber |
{
"additionalInfo": {
"paymentFlagStatus": "00"
},
"customerNo": "",
"paidAmount": {
"currency": "IDR",
"value": "12346678.00"
},
"partnerServiceId": " 088899",
"paymentRequestId": "",
"referenceNo": "abcdefgh0017",
"trxDateTime": "2024-08-23T07:44:11+07:00",
"trxId": "abcdefgh0017",
"virtualAccountEmail": "[email protected]",
"virtualAccountName": "Jokul Doe ",
"virtualAccountNo": "7509240700664378",
"virtualAccountPhone": "6281828384858"
}
Response Body
| Field Name | Field Type | Mandatory | Field Description |
|---|---|---|---|
| responseCode | String(7) | M | Status code of transaction charge result |
| responseMessage | String(150) | M | Description of transaction charge result. |
| virtualAccountData | Object | M | Object Virtual Account Data |
| virtualAccountData.partnerServiceId | String(8) | M | Partner Service Id from Create VA |
| virtualAccountData.customerNo | String(29) | M | Customer Number from Create VA |
| virtualAccountData.virtualAccountNo | String(28) | M | Virtual account number for the transaction |
| virtualAccountData.trxDateTime | Date(25) | M | Transaction Date Time |
| virtualAccountData.trxId | String(64) | M | Transaction ID |
{
"responseMessage": "Successful",
"responseCode": "2002500"
}List Response Code
| Response Code | HTTP Status | Description |
|---|---|---|
| 2002500 | 200 | Successful |
| 4002501 | 400 | Invalid Field Format {field name} |
| 4002502 | 400 | Invalid Mandatory Field {field name} |
| 4012500 | 401 | Unauthorized. [Reason] |
| 4012501 | 401 | Invalid Token (B2B) |
| 4042501 | 404 | Transaction Not Found |
| 4042512 | 404 | Invalid Bill/Virtual Account [Reason] |
| 4042513 | 404 | Invalid Amount |
| 4092500 | 409 | Conflict |
| 5002500 | 500 | General Error |