Signature SNAP
Standar Nasional Open API Pembayaran(SNAP) or national standard of open API is a standard of online payment API that is made by Bank Indonesia(BI). Signature SNAP used for integrity checking and non-repudiation, it also used to authenticate and authorize the request of API services.
Generate Signature SNAP
To generate Signature SNAP you can use this format:
Signature type used
Asymetric-Signature
Format
SHA256withRSA (Private_Key, stringToSign)
Generate Signature Parameters
Private_Key
A key used for authenticating the request (Generated by merchant)
stringToSign
To create a string that will be used to generate a signature.
Formula: HTTPMethod+”:“+EndpointUrl+":“+Lowercase(HexEncode(SHA256(minify(RequestBody)))) + ":“ + TimeStamp
HTTPMethod
POST / DELETE / PUT (based on service API)
EndpointURL
Complete the Endpoint URL including all related URL parameters (Relative path, example: Path in the general information of each API service) (sample: /v1.0/transfer-va/create-va)
RequestBody
Data that send to API services
TimeStamp
Timestamp request sent
Format: datetime ISO 8601
(sample: 2022-12-12T16:00:00+07:00)
You can get a signature by following these steps:
By using
stringToSigna string will be created, the string used for generating a signature.Signature will be generated using algorithm
SHA256withRSAwith string that has been created, and the private key that owns by merchant.Next, the signature will be encoded by
base64_encode.A signature that has been encoded now can be used as the value for
X-SIGNATUREon the request header of SNAP API services.
Signature Request Sample
API Service
Create VA
Method
POST
Endpoint URL
/v1.0/transfer-va/create-va
Request Body
{
"virtualAccountName": "Jokul Doe",
"virtualAccountEmail": "jokul@email.com",
"virtualAccountPhone": "6281828384858",
"trxId": "abcdefgh1234",
"totalAmount":
{
"value": "12345678.00",
"currency": "IDR"
},
"expiredDate": "2020-12-31T23:59:59-07:00",
"additionalInfo":
{
"billDate": "2020-12-31T23:59:59-07:00",
"channelCode": "402",
"billDescription": "Maintenance"
}
}
Request Body (hashed with SHA256 algorithm)
f7e939e8227670a065e4a6f99b42346bfa20724a8e3c775be93b57c95c954dfd
Timestamp
2022-12-12T16:00:00+07:00
String to Sign for Generating Signature
POST:/v1.0/transfer-va/create-va:f7e939e8227670a065e4a6f99b42346bfa20724a8e3c775be93b57c95c954dfd:2022-12-12T16:00:00+07:00
Private Key
IIJKgIBAAKCAgEAvMf/FcbYqDVzWuxNnhf4Agg15+66+rfnVWZJZZvHkz9RPkYR/D3dtbeqfKhK6JnlqUaQDMIV2bUULB33vsjCDjYqv+bH8cISHCAU62VU3m4a0pLdAJH6uzz3Ebj+nCNDFzEkQZ/51DzrqqAuZ2EnkW2aYht5DCRjiYqrtHoabsEZh+uGGwQK7gT/cNT/wVMgYWY2NZSeBeWvn/8FBVQnAxEAzH1c2lq1Wrrxk5m6Fbxj5Gaovlfzr1Ijh77FB+0YIiD5RmuucaOmTHOq/7UofEburu1xqFY3XaTSNmAiG5Udp/ntt7H3ZqyRpMwAZyo9RApwMbVh1Z+SfJbzHCoqi6Ex7+jFnxDHs+/JxTRsCtHNT3pzrYjq4gl0ot8+SJXKqvtnT0A0W8BIMbzlP9nUKEa9SD4zF1hnbP4hhYXUMaWEi/PUCYGJQMZcPsnXnoJVCEarg5Ni1QTHky5nkbWFsLbiZZiR87ImLt3nWOUyJD6VolCvU5m8EANx9JFqFWEF9BNcr/ZJeoEj8TyPK3RTlsAFJ7+asDWSAW9xsb9mcu4hviQfD/eECDibZBnTogWS1uyDZrKM6e/UTbCA8LyvgMej2NRfC+XYT7W2ul24f7NrMyzGDoHZaLmzoxqeq8NSvtssxr1jkiqLl6TqLMs0zse7yH+idgmfhLnQ2rZPmNUCAwEAAQKCAgEAmVSf3SIq60SusxTnXhb9uzjL/9upRuaEIJr51muWyARPipMDHKtrHqNU9/cBELefD8ReT958PN2Uyth0VyNcaoqYYlGh6LzGVM3B8AfXzOoFIy9iDYqD6fx0eJKXSl5hqb6iQiMbmcT5bRa5WgJRTw+Eq1bBFJmhtx9Io0fhnD9+6yTjQaIg9n5cs1pteKp5zGJmeVKCnyuVYBCUFWXqYdU3nt/bwQaX8l+Qw1/DAtCHGgY/3Io3RRkj/qd2BSAPz/iUPxxLDcXr1oDETPjpLze1uaLmA+IzCf5LNxsR2PFeqwaWi/MijORxTzbaxPBL3q3TvqwiEI6RPlykjSW6c1LKG565q58F6H7jr8A0UPINRDTRbtx8Hc5YhPFTgL7HB8sIqYTBXV1n2qCBdhD4oCMz4+dCmrydZQFFJZti6LmKZtY/6TyP8TX0GrCV1osxywD6qJGpjorI7Yse1edBbBtqLwfyyO3xs3j+DCvMxZmsuly0LNECK4CakLiojPm7pRyw2J/B91ZG+vvD+13orryaWwaiT/Row2MSEUAeOoCwxGIB9c2eFW2UCuZ6GoX9iu15r6BV3+U+1rY6NBPKndZETZozyMTAPbp30RDTRR0qdoLYqwsOctgMsmUoFf9jBccLX2nCBBOaRglvPpDCP+/OcdLbzno5dP4pGfc7z+kCggEBAPkktZ8Xcr8qv0jjylMsBxc2pxfKt9fhlboa2huPjk3v/v+D4RhMzDRX+mr6X4ReNEB9Px+BQKsKosfBMwY6HK5lbMqmuLFKaoQ5NtEAkGyoac8JhWijkJazlycC1Amf9GFmGm9W5GZ7wBaxe6YXwCj1sKJWuDZ0bb8qqdNgZw4xTZQVkyWJed2zhnNQB+hB2M1XLF+wnVgw8lfD9pQAqHo1a25tVa5CFH+6H1uVj5fX8Z4NdGmlh07Aofl0O4inAv5Dx6Ijyvd5D6cjo4ZSElGJDSx4a4F59yB/DAl6uDk0gIj4vnwHZ78j7c+D4g8DkBWixxtRVZwMj3JxVvMl/z8CggEBAMH6BG3XGUe6N8bNcJVqmbD1kEfaxrR0ssjhcHTYlm5Au3+dCdiOYEvTA4WbjHUN/Vr2GfnQe8thsAb8CL18Vy2HXd8IcLdYxRbu55emnDHupmYjWyYXUy7vLCGmi/PKU1yaFwl7AA5fbe2rA32tailLFpmf/7HjYFiy0mq7+74atV2wkKFp8uvMcTK6xXfBJ2j+QsdWTLyTfY3AAUdj7nNyGoEbhiLNiFxQEDQiHYwdcaC8T6IvudYDp+uQIDNz5ROwK/tP3w8W/iMS9ixl/DAqrKzOzlDEkKAzTI/L27nv5S9UhZSpAAqrKzIvNLy/Dwj7Ibk0AS/BYaTp9IKpNusCggEBALco2azf3CfWEVJQxIlosL3MHANNsOIwoZZz7yyb2Q5LBbhrB6yJqQZCN4M2FcqGRvuyGBndN+GGrC0WR6CoUDWVsuk4sEcGYlBaj4YPWB3Joh/m7AEFXmKsHM89MQzyXwLLwVthEgCVsZ39VN3CUC7MkNKH1l2SMqx7fOY81QaGEHZxdf/+lWz7cjiL+YQyBGTRVXnzqXkQYtlK45fi8/kEFLrV/kthoRhViIAX77y9sI91bMPOQS8QRwPRA4Nu5LBwu+7jSW+tvGgvtyQkafsvOlQbI03IkHl/bSX65jyH8IbB96fO+eJ3U3lfh21qPR7q0F2w6bMTONH1qOqQYJkCggEATftgSnQ+Eor3n3G6ACeh7/VY8rouRh/gPEf9eMwV9e8KMeyFJ81dQz5q3QzCs9BS+X2Uxcyd6A62wKgUL3FMbt5Ly71N6zfBzE1xR5NQmfZSaR9vpmmcJHM8r66P9wtw5fqApmwPgre0ruageab81er9A/fByNcbRa1mUEiQlUWRgj/YdTvt0AQZwgY6GsHJQTluyUqVgP5ebF0zZmrzUvAdXageDeHJHyuEyCCq9khkBPWPoilDsZk4qcgAWg8OmhKqK9dZWmyo8JrP4tuBPi/5yWM+qFPNvMnCztBq3l5mKdf19+TVQnS74en+bp70wWyMizMwAu3gfncbuGekzwKCAQEAySH0A5QYWNSSW7OlKd2Ab18HTHWFIma0gRPfexd4wqLPX264dVEdxHwwBf41gE7/Dm6K/SUWTMGWvIYHWv8vZY1gH9bzePuQxR6G1C/64bQ9+VIP2PQWdK3eZkA9dYNlAXVpI0yKJ/OwvfFGJ3eV7ZhoCfnb5cTo/+ZZYuMXvl4BOaPGXJuDlZ2e2Xr4eJa7VLaChBou+a6laoETU9+UC2ItIDENJQQTeQaCcEH00okQHu8DcISus0rnNUtJZt9U8rlnrb7NKKlti+UcNayawphXtqX7Taw3Kg3S6H1737ohnPikyMPN0qaA+ptxGdYIs6wPLmDTvW2kT1jJiSvtDQ==
Generated Signature using Private Key with SHA256RSA & Encode with base64 (X-SIGNATURE):
nDbaEgmkto+t9zyADVFwTmnKICKENHg/+dtGAUyoxoZr0pHBZ3KC4JrLCrXtqRqf2FbsTK2kUBlCfRjTkJ0rZ+KCPdJ/J4GszU71vf3G7Iip6nPUhG/Cxsj2dXbEojhHvBSp+gYGugTGiMbEZ4VhVLUFGMKFoi87mGRruuJdX/FXdWMd0b5+yPfthmdOTbULNzhjVNZMDCGmhQ722ua8pS5IVSZE92h0qPA352vLef/4Sbmaljxs/QyIZG7S264xnMhQ+GN4M1Gn/x32ZAqQsRA+6CoK0F1sQlwl4S1eskjoksvxbDnTWViVVWIhPylb+7bMsYT3NYxhVLnbWIQ8Y7HV4VHScyG6IOILKtvoOqY5z1w5rSSTJub3ZolJz/7jpe+/BjozkEYiiG7jn6bD/T5HWMKuub56HGP5/mbKXSVtgfA8QzlCH7574mD+xK/bteT1LPBRsQXUpiuCNCmCx4Et6ln0lJPb52PyOMP0op96OJT6636gqZci/N+j2XpovR4HAIdw5chjBY28MmYg4CBjcoXLcYcA6YSVIRQ3/iIS+uG/dfHsrxIjWxtFuDrOyPrdvhQg0BL+vF5CfKbDKs/o/3fanPGlyEyjV3Ca9/goK4SCZ3KDTmSEhPLZ9F3fMAuL6ufGQL1ZinlWuynqegDacfr1GZRcUVBSLaZI0dg=
SNAP API Service - Sample Request
Request Header
Request Body
Verifying Signature SNAP
To validate, the signature that has been generated and sent when request made will be verify by merchant.
Verifying Signature SNAP Parameters
X-SIGNATURE_FROM_FASPAY
The signature used on the SNAP API request
FASPAY_PUBLIC_KEY
A key used to verify the signature (generated by Faspay)
stringToSign
To create a string that will be used to verify signature.
Formula:
HTTPMethod+”:“+EndpointUrl+":“+Lowercase(HexEncode(SHA256(minify(RequestBody)))) + ":“ + TimeStamp
HTTPMethod
POST / DELETE / PUT (based on service API)
EndpointURL
Complete the Endpoint URL including all related URL parameters (Relative path, example: Path in the general information of each API service) (sample: /v1.0/transfer-va/create-va)
RequestBody
Data that send to API services
TimeStamp
Timestamp request sent
Format: datetime ISO 8601
(sample: 2022-12-12T16:00:00+07:00)
You can verify the signature by following these steps:
By using
stringToSigna string will be created, the string used to verify the signature.Next, the signature will be decoded by
base64_decode.The decoder result will be verified using algorithm
SHA256, with string that has been created, and the public key provided by Faspay.Last, it will return 1 if the signature matches, and 0 if it doesn’t matches.
Verifying Signature Sample
SNAP Service
VA Inquiry
Method
POST
Endpoint URL
/v1.0/transfer-va/inquiry
Request Body
{
"partnerServiceId": " 88899",
"customerNo": "12345678901234567890",
"virtualAccountNo": " 08889912345678901234567890", "inquiryRequestId": "abcdef-123456-abcdef"
}
Public Key
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArrb7I5HI84lxKybUDxSXNlj/QmUtM82Uey2Lx6LHkFc4gMFJZkK9eLdETAo2k+Pd9aLxuGWL/CabRczAZHLc/n4Xr9jeThGU9PpFAyJuUrNNsCOaZgF0Hf05iaeE+HL+LkRKMxg3iNUVy8707pHV94B+cYJJVh/eSLYTrZfhN6177F3Ap8r6ApAh1d8DE6Vr2ITKuS5iI1WYjN1jBntaD82+MOt6su5vcQT+iJv0sLiN+eUysi0NDEabA5Z5OQJPuqt2Mbus4q/H4c06unPbZ15jjoO6tjxznFypBUavDBXXGtxeqsBcWL9dJuJE0R0gVnB7UbpgJaaELpK5pqklY1QQaSHi/M850MqGVHGgeHP6KbgZG3/pcozCv75yoau7nYU3gtwbLoBkMrNSbMlhresz7PpBG6oXrln7Zrt311SftzU3mfcyCckoQwytEGlCbx/mcYuLNorWrL0M3mSircODVL5YYfZq6gXGK6EkYivpp/UIJn2JO9/KBo+9DgChwxBYlGWjA/avhEG9qbs26MfGBz55UtlLjgvHtY+nhJN8fZL2OW0t6RsqYUMsmxisFDTROm/6m0ps15+T6eozrPASFyMGldzEnZynKEjW8jxkvICNzPLL6YIQPHgIcaCwaZgkq6PL9pQkCXCn1K7uyaE6A1wTz13KDJYHvsSyxdUCAwEAAQ==
Request Body (hashed with SHA256 algorithm)
c17a71cdbe89106d0950aa390cffa746e0f94359010789955779fd5817c8e924
Timestamp
2022-12-12T16:00:00+07:00
String to Sign for Verifiying Signature
POST:/v1.0/transfer-va/inquiry:c17a71cdbe89106d0950aa390cffa746e0f94359010789955779fd5817c8e924:2022-12-12T16:00:00+07:00
Last updated