Signature SNAP
Standar Nasional Open API Pembayaran(SNAP) or national standard of open API is a standard of online payment API that is made by Bank Indonesia(BI). Signature SNAP used for integrity checking and non-repudiation, it also used to authenticate and authorize the request of API services.
Generate Signature SNAP
To generate Signature SNAP you can use this format:
Signature type used | Asymetric-Signature |
Format |
|
Generate Signature Parameters
Parameter | Description |
---|---|
Private_Key | A key used for authenticating the request (Generated by merchant) |
stringToSign | To create a string that will be used to generate a signature. Formula: HTTPMethod+”:“+EndpointUrl+":“+Lowercase(HexEncode(SHA256(minify(RequestBody)))) + ":“ + TimeStamp |
HTTPMethod | POST / DELETE / PUT (based on service API) |
EndpointURL | Complete the Endpoint URL including all related URL parameters (Relative path, example: Path in the general information of each API service) (sample: /v1.0/transfer-va/create-va) |
RequestBody | Data that send to API services |
TimeStamp | Timestamp request sent Format: datetime ISO 8601 (sample: 2022-12-12T16:00:00+07:00) |
You can get a signature by following these steps:
By using
stringToSign
a string will be created, the string used for generating a signature.Signature will be generated using algorithm
SHA256withRSA
with string that has been created, and the private key that owns by merchant.Next, the signature will be encoded by
base64_encode
.A signature that has been encoded now can be used as the value for
X-SIGNATURE
on the request header of SNAP API services.
Signature Request Sample
API Service | Create VA |
Method | POST |
Endpoint URL | /v1.0/transfer-va/create-va |
Request Body | { "virtualAccountName": "Jokul Doe", "virtualAccountEmail": "jokul@email.com", "virtualAccountPhone": "6281828384858", "trxId": "abcdefgh1234", "totalAmount": { "value": "12345678.00", "currency": "IDR" }, "expiredDate": "2020-12-31T23:59:59-07:00", "additionalInfo": { "billDate": "2020-12-31T23:59:59-07:00", "channelCode": "402", "billDescription": "Maintenance" } } |
Request Body (hashed with SHA256 algorithm) | f7e939e8227670a065e4a6f99b42346bfa20724a8e3c775be93b57c95c954dfd |
Timestamp | 2022-12-12T16:00:00+07:00 |
String to Sign for Generating Signature | POST:/v1.0/transfer-va/create-va:f7e939e8227670a065e4a6f99b42346bfa20724a8e3c775be93b57c95c954dfd:2022-12-12T16:00:00+07:00 |
Private Key | IIJKgIBAAKCAgEAvMf/FcbYqDVzWuxNnhf4Agg15+66+rfnVWZJZZvHkz9RPkYR/D3dtbeqfKhK6JnlqUaQDMIV2bUULB33vsjCDjYqv+bH8cISHCAU62VU3m4a0pLdAJH6uzz3Ebj+nCNDFzEkQZ/51DzrqqAuZ2EnkW2aYht5DCRjiYqrtHoabsEZh+uGGwQK7gT/cNT/wVMgYWY2NZSeBeWvn/8FBVQnAxEAzH1c2lq1Wrrxk5m6Fbxj5Gaovlfzr1Ijh77FB+0YIiD5RmuucaOmTHOq/7UofEburu1xqFY3XaTSNmAiG5Udp/ntt7H3ZqyRpMwAZyo9RApwMbVh1Z+SfJbzHCoqi6Ex7+jFnxDHs+/JxTRsCtHNT3pzrYjq4gl0ot8+SJXKqvtnT0A0W8BIMbzlP9nUKEa9SD4zF1hnbP4hhYXUMaWEi/PUCYGJQMZcPsnXnoJVCEarg5Ni1QTHky5nkbWFsLbiZZiR87ImLt3nWOUyJD6VolCvU5m8EANx9JFqFWEF9BNcr/ZJeoEj8TyPK3RTlsAFJ7+asDWSAW9xsb9mcu4hviQfD/eECDibZBnTogWS1uyDZrKM6e/UTbCA8LyvgMej2NRfC+XYT7W2ul24f7NrMyzGDoHZaLmzoxqeq8NSvtssxr1jkiqLl6TqLMs0zse7yH+idgmfhLnQ2rZPmNUCAwEAAQKCAgEAmVSf3SIq60SusxTnXhb9uzjL/9upRuaEIJr51muWyARPipMDHKtrHqNU9/cBELefD8ReT958PN2Uyth0VyNcaoqYYlGh6LzGVM3B8AfXzOoFIy9iDYqD6fx0eJKXSl5hqb6iQiMbmcT5bRa5WgJRTw+Eq1bBFJmhtx9Io0fhnD9+6yTjQaIg9n5cs1pteKp5zGJmeVKCnyuVYBCUFWXqYdU3nt/bwQaX8l+Qw1/DAtCHGgY/3Io3RRkj/qd2BSAPz/iUPxxLDcXr1oDETPjpLze1uaLmA+IzCf5LNxsR2PFeqwaWi/MijORxTzbaxPBL3q3TvqwiEI6RPlykjSW6c1LKG565q58F6H7jr8A0UPINRDTRbtx8Hc5YhPFTgL7HB8sIqYTBXV1n2qCBdhD4oCMz4+dCmrydZQFFJZti6LmKZtY/6TyP8TX0GrCV1osxywD6qJGpjorI7Yse1edBbBtqLwfyyO3xs3j+DCvMxZmsuly0LNECK4CakLiojPm7pRyw2J/B91ZG+vvD+13orryaWwaiT/Row2MSEUAeOoCwxGIB9c2eFW2UCuZ6GoX9iu15r6BV3+U+1rY6NBPKndZETZozyMTAPbp30RDTRR0qdoLYqwsOctgMsmUoFf9jBccLX2nCBBOaRglvPpDCP+/OcdLbzno5dP4pGfc7z+kCggEBAPkktZ8Xcr8qv0jjylMsBxc2pxfKt9fhlboa2huPjk3v/v+D4RhMzDRX+mr6X4ReNEB9Px+BQKsKosfBMwY6HK5lbMqmuLFKaoQ5NtEAkGyoac8JhWijkJazlycC1Amf9GFmGm9W5GZ7wBaxe6YXwCj1sKJWuDZ0bb8qqdNgZw4xTZQVkyWJed2zhnNQB+hB2M1XLF+wnVgw8lfD9pQAqHo1a25tVa5CFH+6H1uVj5fX8Z4NdGmlh07Aofl0O4inAv5Dx6Ijyvd5D6cjo4ZSElGJDSx4a4F59yB/DAl6uDk0gIj4vnwHZ78j7c+D4g8DkBWixxtRVZwMj3JxVvMl/z8CggEBAMH6BG3XGUe6N8bNcJVqmbD1kEfaxrR0ssjhcHTYlm5Au3+dCdiOYEvTA4WbjHUN/Vr2GfnQe8thsAb8CL18Vy2HXd8IcLdYxRbu55emnDHupmYjWyYXUy7vLCGmi/PKU1yaFwl7AA5fbe2rA32tailLFpmf/7HjYFiy0mq7+74atV2wkKFp8uvMcTK6xXfBJ2j+QsdWTLyTfY3AAUdj7nNyGoEbhiLNiFxQEDQiHYwdcaC8T6IvudYDp+uQIDNz5ROwK/tP3w8W/iMS9ixl/DAqrKzOzlDEkKAzTI/L27nv5S9UhZSpAAqrKzIvNLy/Dwj7Ibk0AS/BYaTp9IKpNusCggEBALco2azf3CfWEVJQxIlosL3MHANNsOIwoZZz7yyb2Q5LBbhrB6yJqQZCN4M2FcqGRvuyGBndN+GGrC0WR6CoUDWVsuk4sEcGYlBaj4YPWB3Joh/m7AEFXmKsHM89MQzyXwLLwVthEgCVsZ39VN3CUC7MkNKH1l2SMqx7fOY81QaGEHZxdf/+lWz7cjiL+YQyBGTRVXnzqXkQYtlK45fi8/kEFLrV/kthoRhViIAX77y9sI91bMPOQS8QRwPRA4Nu5LBwu+7jSW+tvGgvtyQkafsvOlQbI03IkHl/bSX65jyH8IbB96fO+eJ3U3lfh21qPR7q0F2w6bMTONH1qOqQYJkCggEATftgSnQ+Eor3n3G6ACeh7/VY8rouRh/gPEf9eMwV9e8KMeyFJ81dQz5q3QzCs9BS+X2Uxcyd6A62wKgUL3FMbt5Ly71N6zfBzE1xR5NQmfZSaR9vpmmcJHM8r66P9wtw5fqApmwPgre0ruageab81er9A/fByNcbRa1mUEiQlUWRgj/YdTvt0AQZwgY6GsHJQTluyUqVgP5ebF0zZmrzUvAdXageDeHJHyuEyCCq9khkBPWPoilDsZk4qcgAWg8OmhKqK9dZWmyo8JrP4tuBPi/5yWM+qFPNvMnCztBq3l5mKdf19+TVQnS74en+bp70wWyMizMwAu3gfncbuGekzwKCAQEAySH0A5QYWNSSW7OlKd2Ab18HTHWFIma0gRPfexd4wqLPX264dVEdxHwwBf41gE7/Dm6K/SUWTMGWvIYHWv8vZY1gH9bzePuQxR6G1C/64bQ9+VIP2PQWdK3eZkA9dYNlAXVpI0yKJ/OwvfFGJ3eV7ZhoCfnb5cTo/+ZZYuMXvl4BOaPGXJuDlZ2e2Xr4eJa7VLaChBou+a6laoETU9+UC2ItIDENJQQTeQaCcEH00okQHu8DcISus0rnNUtJZt9U8rlnrb7NKKlti+UcNayawphXtqX7Taw3Kg3S6H1737ohnPikyMPN0qaA+ptxGdYIs6wPLmDTvW2kT1jJiSvtDQ== |
Generated Signature using Private Key with SHA256RSA & Encode with base64 (X-SIGNATURE): | nDbaEgmkto+t9zyADVFwTmnKICKENHg/+dtGAUyoxoZr0pHBZ3KC4JrLCrXtqRqf2FbsTK2kUBlCfRjTkJ0rZ+KCPdJ/J4GszU71vf3G7Iip6nPUhG/Cxsj2dXbEojhHvBSp+gYGugTGiMbEZ4VhVLUFGMKFoi87mGRruuJdX/FXdWMd0b5+yPfthmdOTbULNzhjVNZMDCGmhQ722ua8pS5IVSZE92h0qPA352vLef/4Sbmaljxs/QyIZG7S264xnMhQ+GN4M1Gn/x32ZAqQsRA+6CoK0F1sQlwl4S1eskjoksvxbDnTWViVVWIhPylb+7bMsYT3NYxhVLnbWIQ8Y7HV4VHScyG6IOILKtvoOqY5z1w5rSSTJub3ZolJz/7jpe+/BjozkEYiiG7jn6bD/T5HWMKuub56HGP5/mbKXSVtgfA8QzlCH7574mD+xK/bteT1LPBRsQXUpiuCNCmCx4Et6ln0lJPb52PyOMP0op96OJT6636gqZci/N+j2XpovR4HAIdw5chjBY28MmYg4CBjcoXLcYcA6YSVIRQ3/iIS+uG/dfHsrxIjWxtFuDrOyPrdvhQg0BL+vF5CfKbDKs/o/3fanPGlyEyjV3Ca9/goK4SCZ3KDTmSEhPLZ9F3fMAuL6ufGQL1ZinlWuynqegDacfr1GZRcUVBSLaZI0dg= |
SNAP API Service - Sample Request
This is the sample of Create VA request using the signature that has been generated. Details of SNAP create VA can be seen here.
Request Header
Request Body
Verifying Signature SNAP
To validate, the signature that has been generated and sent when request made will be verify by merchant.
Verifying Signature SNAP Parameters
Parameter | Description |
---|---|
X-SIGNATURE_FROM_FASPAY | The signature used on the SNAP API request |
FASPAY_PUBLIC_KEY | A key used to verify the signature (generated by Faspay) |
stringToSign | To create a string that will be used to verify signature. Formula: HTTPMethod+”:“+EndpointUrl+":“+Lowercase(HexEncode(SHA256(minify(RequestBody)))) + ":“ + TimeStamp |
HTTPMethod | POST / DELETE / PUT (based on service API) |
EndpointURL | Complete the Endpoint URL including all related URL parameters (Relative path, example: Path in the general information of each API service) (sample: /v1.0/transfer-va/create-va) |
RequestBody | Data that send to API services |
TimeStamp | Timestamp request sent Format: datetime ISO 8601 (sample: 2022-12-12T16:00:00+07:00) |
You can verify the signature by following these steps:
By using
stringToSign
a string will be created, the string used to verify the signature.Next, the signature will be decoded by
base64_decode
.The decoder result will be verified using algorithm
SHA256
, with string that has been created, and the public key provided by Faspay.Last, it will return 1 if the signature matches, and 0 if it doesn’t matches.
Verifying Signature Sample
This is a sample to verify the signature that used on VA inquiry. SNAP VA inquiry in details can be seen here.
SNAP Service | VA Inquiry |
Method | POST |
Endpoint URL | /v1.0/transfer-va/inquiry |
Request Body | { "partnerServiceId": " 88899", "customerNo": "12345678901234567890", "virtualAccountNo": " 08889912345678901234567890", "inquiryRequestId": "abcdef-123456-abcdef" } |
Public Key | MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArrb7I5HI84lxKybUDxSXNlj/QmUtM82Uey2Lx6LHkFc4gMFJZkK9eLdETAo2k+Pd9aLxuGWL/CabRczAZHLc/n4Xr9jeThGU9PpFAyJuUrNNsCOaZgF0Hf05iaeE+HL+LkRKMxg3iNUVy8707pHV94B+cYJJVh/eSLYTrZfhN6177F3Ap8r6ApAh1d8DE6Vr2ITKuS5iI1WYjN1jBntaD82+MOt6su5vcQT+iJv0sLiN+eUysi0NDEabA5Z5OQJPuqt2Mbus4q/H4c06unPbZ15jjoO6tjxznFypBUavDBXXGtxeqsBcWL9dJuJE0R0gVnB7UbpgJaaELpK5pqklY1QQaSHi/M850MqGVHGgeHP6KbgZG3/pcozCv75yoau7nYU3gtwbLoBkMrNSbMlhresz7PpBG6oXrln7Zrt311SftzU3mfcyCckoQwytEGlCbx/mcYuLNorWrL0M3mSircODVL5YYfZq6gXGK6EkYivpp/UIJn2JO9/KBo+9DgChwxBYlGWjA/avhEG9qbs26MfGBz55UtlLjgvHtY+nhJN8fZL2OW0t6RsqYUMsmxisFDTROm/6m0ps15+T6eozrPASFyMGldzEnZynKEjW8jxkvICNzPLL6YIQPHgIcaCwaZgkq6PL9pQkCXCn1K7uyaE6A1wTz13KDJYHvsSyxdUCAwEAAQ== |
Request Body (hashed with SHA256 algorithm) | c17a71cdbe89106d0950aa390cffa746e0f94359010789955779fd5817c8e924 |
Timestamp | 2022-12-12T16:00:00+07:00 |
String to Sign for Verifiying Signature | POST:/v1.0/transfer-va/inquiry:c17a71cdbe89106d0950aa390cffa746e0f94359010789955779fd5817c8e924:2022-12-12T16:00:00+07:00 |
Last updated