Before hit this API, QoinHub will call [Access Token API B2B] Merchant first. Merchant have to use QoinHub a partner id that will be used in request header as X-PARTNER-ID.

Access Token API B2B

Path[merchant_endpoint]/api/v1.0/access-token/b2b
HTTP MethodPOST
Versionv1.0
Service Code73

Request Header

Field NameField TypeMandatoryField Description
Content-typeStringMMedia type of the resource, i.e. application/json
X-TIMESTAMPStringMClient’s current local time in ISO-8601 format
X-SIGNATUREStringMCreated using asymmetric signature SHA256withRSA algorithm. Read here
X-CLIENT-KEYStringMClient’s client_id (given at the completion registration process)
Content-typeapplication/json
X-TIMESTAMP2025-07-06T14:12:50+07:00
X-SIGNATUREneGbHoFVY1d7EtG8Z6VBWwykvyqIkg
X-CLIENT-KEYQoinSnap

Request Body

Field NameField TypeMandatoryField Description
grantTypeStringMclient_credentials: The client can request an access token using only its client credentials
additionalInfoObjectOAdditional Information
{
    "grantType": "client_credentials",
    "additionalInfo": {}
}

Response Body

Field NameField TypeMandatoryField Description
accessTokenStringCA string representing an authorization issued to the client that used to access protected resources.

Will only be returned if API call is successful.
additionalInfoStringCAddtional Info.
expiresInStringCTime duration when the accessToken will expire. (default = 900 second).

Will only be returned if API call is successful.
responseCodeStringMError code to specify the error returned.
responseMessageStringMDebug message to provide more information.
tokenTypeStringCThe access token type provides the client with the information required to successfully utilize the access token to make a protected resource request.

Will only be returned if API call is successful.
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhN2UzMmI3MC1hMWY2LTQyYmUtODM1NS1mZWU2MTAyODk3MjQiLCJjbGllbnRJZCI6IjIwMjAwMDIxNSIsIm5iZiI6MTcxOTQ3NjI3MywiZXhwIjoxNzE5NDc3MTczLCJpYXQiOjE3MTk0NzYyNzN9.uqvcrZaFnY2dmV16K9785xII_fby_uugeimUWJBvSYE",
  "additionalInfo": {},
  "expiresIn": "900",
  "responseCode": "2007300",
  "responseMessage": "Request has been processed successfullyRequest has been processed successfully",
  "tokenType": "Bearer"
}

List of Response Code

Response CodeHTTP Status CodeResponse Message
2007300200Success
4007302400Invalid Signature
5007300500Internal Server Error

Payment Notification VA


Path[merchant_endpoint]/api/v1.0/transfer-va/payment
HTTP MethodPOST
Versionv1.0
Service Code25

Request Header

Field NameField TypeMandatoryField Description
Content-TypeStringMMedia type of the resource, i.e. application/json
AuthorizationStringMRepresents access_token of a request; string starts with keyword “Bearer ” followed by access_token. Can get this from Access Token B2B API response. Read here
X-TIMESTAMPStringMClient’s current local time in ISO-8601 format
X-SIGNATUREStringMCreated using symmetric signature HMAC_SHA512 algorithm. Use Access Token B2B from above.
X-PARTNER-IDStringMUnique identifier for caller
X-EXTERNAL-IDStringMMerchant’s unique ID per transaction request
CHANNEL-IDStringMPJP’s channel id.
Content-Typeapplication/json
AuthorizationBearer gp9HjjEj813Y9JGoqwOeOPWbnt4CupvIJbU1Mmu4a11MNDZ7Sg5u9a
X-TIMESTAMP2023-07-06T14:12:50+07:00
X-SIGNATUREqoda1fa417c72d6b91c257e01e54fac824
X-PARTNER-IDQoinSnap
X-EXTERNAL-ID41807553358950093184162180797837
CHANNEL-ID95221

Request Body

Field NameField TypeMandatoryField Description
additionalInfoObjectOAdditional Information
additionalInfo.paymentFlagStatusString(2)MStatus for Payment Flag
customerNoString(20)OCustomer Number
paidAmountObjectMAmount paid for this transaction
paidAmount.currencyStringMTransaction currency
paidAmount.valueStringMTransaction value
partnerServiceIdString(8)MPartner Service ID
paymentRequestIdStringCPayment Request ID
referenceNoStringMPayment auth code generated by Qoinhub
trxDateTimeDatetimeMTransaction datetime
trxIdStringMTransaction ID
virtualAccountEmailString(255)MThe customer email
virtualAccountNameString(255)MThe customer name
virtualAccountNoString(28)MVirtual account number
virtualAccountPhoneString(30)MThe customer phonen umber
  {
    "additionalInfo": {
      "paymentFlagStatus": "00"
    },
    "customerNo": "",
    "paidAmount": {
      "currency": "IDR",
      "value": "12346678.00"
    },
    "partnerServiceId": "  088899",
    "paymentRequestId": "",
    "referenceNo": "abcdefgh0017",
    "trxDateTime": "2024-08-23T07:44:11+07:00",
    "trxId": "abcdefgh0017",
    "virtualAccountEmail": "[email protected]",
    "virtualAccountName": "Jokul Doe ",
    "virtualAccountNo": "7509240700664378",
    "virtualAccountPhone": "6281828384858"
  }


Response Body

Field NameField TypeMandatoryField Description
responseCodeString(7)MStatus code of transaction charge result
responseMessageString(150)MDescription of transaction charge result.
virtualAccountDataObjectMObject Virtual Account Data
virtualAccountData.partnerServiceIdString(8)MPartner Service Id from Create VA
virtualAccountData.customerNoString(29)MCustomer Number from Create VA
virtualAccountData.virtualAccountNoString(28)MVirtual account number for the transaction
virtualAccountData.trxDateTimeDate(25)MTransaction Date Time
virtualAccountData.trxIdString(64)MTransaction ID
{
    "responseMessage": "Successful",
    "responseCode": "2002500"
}

List Response Code

Response CodeHTTP StatusDescription
2002500200Successful
4002501400Invalid format