Signature SNAP
Last updated
Last updated
Standar Nasional Open API Pembayaran(SNAP) or national standard of open API is a standard of online payment API that is made by Bank Indonesia(BI). Signature SNAP used for integrity checking and non-repudiation, it also used to authenticate and authorize the request of API services.
To generate Signature SNAP you can use this format:
| Parameter | Description |
|---|---|
You can get a signature by following these steps:
By using stringToSign a string will be created, the string used for generating a signature.
Signature will be generated using algorithm SHA256withRSA with string that has been created, and the private key that owns by merchant.
Next, the signature will be encoded by base64_encode.
A signature that has been encoded now can be used as the value for X-SIGNATURE on the request header of SNAP API services.
This is the sample of Create VA request using the signature that has been generated. Details of SNAP create VA can be seen here.
To validate, the signature that has been generated and sent when request made will be verify by merchant.
You can verify the signature by following these steps:
By using stringToSign a string will be created, the string used to verify the signature.
Next, the signature will be decoded by base64_decode.
The decoder result will be verified using algorithm SHA256, with string that has been created, and the public key provided by Faspay.
Last, it will return 1 if the signature matches, and 0 if it doesn’t matches.
This is a sample to verify the signature that used on VA inquiry. SNAP VA inquiry in details can be seen here.
| Parameter | Description |
|---|---|
Signature type used
Asymetric-Signature
Format
SHA256withRSA (Private_Key, stringToSign)
Private_Key
A key used for authenticating the request (Generated by merchant)
stringToSign
To create a string that will be used to generate a signature.
Formula: HTTPMethod+”:“+EndpointUrl+":“+Lowercase(HexEncode(SHA256(minify(RequestBody)))) + ":“ + TimeStamp
HTTPMethod
POST / DELETE / PUT (based on service API)
EndpointURL
Complete the Endpoint URL including all related URL parameters (Relative path, example: Path in the general information of each API service) (sample: /v1.0/transfer-va/create-va)
RequestBody
Data that send to API services
TimeStamp
Timestamp request sent
Format: datetime ISO 8601
(sample: 2022-12-12T16:00:00+07:00)
API Service
Create VA
Method
POST
Endpoint URL
/v1.0/transfer-va/create-va
Request Body
{
"virtualAccountName": "Jokul Doe",
"virtualAccountEmail": "jokul@email.com",
"virtualAccountPhone": "6281828384858",
"trxId": "abcdefgh1234",
"totalAmount":
{
"value": "12345678.00",
"currency": "IDR"
},
"expiredDate": "2020-12-31T23:59:59-07:00",
"additionalInfo":
{
"billDate": "2020-12-31T23:59:59-07:00",
"channelCode": "402",
"billDescription": "Maintenance"
}
}
Request Body (hashed with SHA256 algorithm)
f7e939e8227670a065e4a6f99b42346bfa20724a8e3c775be93b57c95c954dfd
Timestamp
2022-12-12T16:00:00+07:00
String to Sign for Generating Signature
POST:/v1.0/transfer-va/create-va:f7e939e8227670a065e4a6f99b42346bfa20724a8e3c775be93b57c95c954dfd:2022-12-12T16:00:00+07:00
Private Key
IIJKgIBAAKCAgEAvMf/FcbYqDVzWuxNnhf4Agg15+66+rfnVWZJZZvHkz9RPkYR/D3dtbeqfKhK6JnlqUaQDMIV2bUULB33vsjCDjYqv+bH8cISHCAU62VU3m4a0pLdAJH6uzz3Ebj+nCNDFzEkQZ/51DzrqqAuZ2EnkW2aYht5DCRjiYqrtHoabsEZh+uGGwQK7gT/cNT/wVMgYWY2NZSeBeWvn/8FBVQnAxEAzH1c2lq1Wrrxk5m6Fbxj5Gaovlfzr1Ijh77FB+0YIiD5RmuucaOmTHOq/7UofEburu1xqFY3XaTSNmAiG5Udp/ntt7H3ZqyRpMwAZyo9RApwMbVh1Z+SfJbzHCoqi6Ex7+jFnxDHs+/JxTRsCtHNT3pzrYjq4gl0ot8+SJXKqvtnT0A0W8BIMbzlP9nUKEa9SD4zF1hnbP4hhYXUMaWEi/PUCYGJQMZcPsnXnoJVCEarg5Ni1QTHky5nkbWFsLbiZZiR87ImLt3nWOUyJD6VolCvU5m8EANx9JFqFWEF9BNcr/ZJeoEj8TyPK3RTlsAFJ7+asDWSAW9xsb9mcu4hviQfD/eECDibZBnTogWS1uyDZrKM6e/UTbCA8LyvgMej2NRfC+XYT7W2ul24f7NrMyzGDoHZaLmzoxqeq8NSvtssxr1jkiqLl6TqLMs0zse7yH+idgmfhLnQ2rZPmNUCAwEAAQKCAgEAmVSf3SIq60SusxTnXhb9uzjL/9upRuaEIJr51muWyARPipMDHKtrHqNU9/cBELefD8ReT958PN2Uyth0VyNcaoqYYlGh6LzGVM3B8AfXzOoFIy9iDYqD6fx0eJKXSl5hqb6iQiMbmcT5bRa5WgJRTw+Eq1bBFJmhtx9Io0fhnD9+6yTjQaIg9n5cs1pteKp5zGJmeVKCnyuVYBCUFWXqYdU3nt/bwQaX8l+Qw1/DAtCHGgY/3Io3RRkj/qd2BSAPz/iUPxxLDcXr1oDETPjpLze1uaLmA+IzCf5LNxsR2PFeqwaWi/MijORxTzbaxPBL3q3TvqwiEI6RPlykjSW6c1LKG565q58F6H7jr8A0UPINRDTRbtx8Hc5YhPFTgL7HB8sIqYTBXV1n2qCBdhD4oCMz4+dCmrydZQFFJZti6LmKZtY/6TyP8TX0GrCV1osxywD6qJGpjorI7Yse1edBbBtqLwfyyO3xs3j+DCvMxZmsuly0LNECK4CakLiojPm7pRyw2J/B91ZG+vvD+13orryaWwaiT/Row2MSEUAeOoCwxGIB9c2eFW2UCuZ6GoX9iu15r6BV3+U+1rY6NBPKndZETZozyMTAPbp30RDTRR0qdoLYqwsOctgMsmUoFf9jBccLX2nCBBOaRglvPpDCP+/OcdLbzno5dP4pGfc7z+kCggEBAPkktZ8Xcr8qv0jjylMsBxc2pxfKt9fhlboa2huPjk3v/v+D4RhMzDRX+mr6X4ReNEB9Px+BQKsKosfBMwY6HK5lbMqmuLFKaoQ5NtEAkGyoac8JhWijkJazlycC1Amf9GFmGm9W5GZ7wBaxe6YXwCj1sKJWuDZ0bb8qqdNgZw4xTZQVkyWJed2zhnNQB+hB2M1XLF+wnVgw8lfD9pQAqHo1a25tVa5CFH+6H1uVj5fX8Z4NdGmlh07Aofl0O4inAv5Dx6Ijyvd5D6cjo4ZSElGJDSx4a4F59yB/DAl6uDk0gIj4vnwHZ78j7c+D4g8DkBWixxtRVZwMj3JxVvMl/z8CggEBAMH6BG3XGUe6N8bNcJVqmbD1kEfaxrR0ssjhcHTYlm5Au3+dCdiOYEvTA4WbjHUN/Vr2GfnQe8thsAb8CL18Vy2HXd8IcLdYxRbu55emnDHupmYjWyYXUy7vLCGmi/PKU1yaFwl7AA5fbe2rA32tailLFpmf/7HjYFiy0mq7+74atV2wkKFp8uvMcTK6xXfBJ2j+QsdWTLyTfY3AAUdj7nNyGoEbhiLNiFxQEDQiHYwdcaC8T6IvudYDp+uQIDNz5ROwK/tP3w8W/iMS9ixl/DAqrKzOzlDEkKAzTI/L27nv5S9UhZSpAAqrKzIvNLy/Dwj7Ibk0AS/BYaTp9IKpNusCggEBALco2azf3CfWEVJQxIlosL3MHANNsOIwoZZz7yyb2Q5LBbhrB6yJqQZCN4M2FcqGRvuyGBndN+GGrC0WR6CoUDWVsuk4sEcGYlBaj4YPWB3Joh/m7AEFXmKsHM89MQzyXwLLwVthEgCVsZ39VN3CUC7MkNKH1l2SMqx7fOY81QaGEHZxdf/+lWz7cjiL+YQyBGTRVXnzqXkQYtlK45fi8/kEFLrV/kthoRhViIAX77y9sI91bMPOQS8QRwPRA4Nu5LBwu+7jSW+tvGgvtyQkafsvOlQbI03IkHl/bSX65jyH8IbB96fO+eJ3U3lfh21qPR7q0F2w6bMTONH1qOqQYJkCggEATftgSnQ+Eor3n3G6ACeh7/VY8rouRh/gPEf9eMwV9e8KMeyFJ81dQz5q3QzCs9BS+X2Uxcyd6A62wKgUL3FMbt5Ly71N6zfBzE1xR5NQmfZSaR9vpmmcJHM8r66P9wtw5fqApmwPgre0ruageab81er9A/fByNcbRa1mUEiQlUWRgj/YdTvt0AQZwgY6GsHJQTluyUqVgP5ebF0zZmrzUvAdXageDeHJHyuEyCCq9khkBPWPoilDsZk4qcgAWg8OmhKqK9dZWmyo8JrP4tuBPi/5yWM+qFPNvMnCztBq3l5mKdf19+TVQnS74en+bp70wWyMizMwAu3gfncbuGekzwKCAQEAySH0A5QYWNSSW7OlKd2Ab18HTHWFIma0gRPfexd4wqLPX264dVEdxHwwBf41gE7/Dm6K/SUWTMGWvIYHWv8vZY1gH9bzePuQxR6G1C/64bQ9+VIP2PQWdK3eZkA9dYNlAXVpI0yKJ/OwvfFGJ3eV7ZhoCfnb5cTo/+ZZYuMXvl4BOaPGXJuDlZ2e2Xr4eJa7VLaChBou+a6laoETU9+UC2ItIDENJQQTeQaCcEH00okQHu8DcISus0rnNUtJZt9U8rlnrb7NKKlti+UcNayawphXtqX7Taw3Kg3S6H1737ohnPikyMPN0qaA+ptxGdYIs6wPLmDTvW2kT1jJiSvtDQ==
Generated Signature using Private Key with SHA256RSA & Encode with base64 (X-SIGNATURE):
nDbaEgmkto+t9zyADVFwTmnKICKENHg/+dtGAUyoxoZr0pHBZ3KC4JrLCrXtqRqf2FbsTK2kUBlCfRjTkJ0rZ+KCPdJ/J4GszU71vf3G7Iip6nPUhG/Cxsj2dXbEojhHvBSp+gYGugTGiMbEZ4VhVLUFGMKFoi87mGRruuJdX/FXdWMd0b5+yPfthmdOTbULNzhjVNZMDCGmhQ722ua8pS5IVSZE92h0qPA352vLef/4Sbmaljxs/QyIZG7S264xnMhQ+GN4M1Gn/x32ZAqQsRA+6CoK0F1sQlwl4S1eskjoksvxbDnTWViVVWIhPylb+7bMsYT3NYxhVLnbWIQ8Y7HV4VHScyG6IOILKtvoOqY5z1w5rSSTJub3ZolJz/7jpe+/BjozkEYiiG7jn6bD/T5HWMKuub56HGP5/mbKXSVtgfA8QzlCH7574mD+xK/bteT1LPBRsQXUpiuCNCmCx4Et6ln0lJPb52PyOMP0op96OJT6636gqZci/N+j2XpovR4HAIdw5chjBY28MmYg4CBjcoXLcYcA6YSVIRQ3/iIS+uG/dfHsrxIjWxtFuDrOyPrdvhQg0BL+vF5CfKbDKs/o/3fanPGlyEyjV3Ca9/goK4SCZ3KDTmSEhPLZ9F3fMAuL6ufGQL1ZinlWuynqegDacfr1GZRcUVBSLaZI0dg=
X-SIGNATURE_FROM_FASPAY
The signature used on the SNAP API request
FASPAY_PUBLIC_KEY
A key used to verify the signature (generated by Faspay)
stringToSign
To create a string that will be used to verify signature.
Formula:
HTTPMethod+”:“+EndpointUrl+":“+Lowercase(HexEncode(SHA256(minify(RequestBody)))) + ":“ + TimeStamp
HTTPMethod
POST / DELETE / PUT (based on service API)
EndpointURL
Complete the Endpoint URL including all related URL parameters (Relative path, example: Path in the general information of each API service) (sample: /v1.0/transfer-va/create-va)
RequestBody
Data that send to API services
TimeStamp
Timestamp request sent
Format: datetime ISO 8601
(sample: 2022-12-12T16:00:00+07:00)
SNAP Service
VA Inquiry
Method
POST
Endpoint URL
/v1.0/transfer-va/inquiry
Request Body
{
"partnerServiceId": " 88899",
"customerNo": "12345678901234567890",
"virtualAccountNo": " 08889912345678901234567890", "inquiryRequestId": "abcdef-123456-abcdef"
}
Public Key
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArrb7I5HI84lxKybUDxSXNlj/QmUtM82Uey2Lx6LHkFc4gMFJZkK9eLdETAo2k+Pd9aLxuGWL/CabRczAZHLc/n4Xr9jeThGU9PpFAyJuUrNNsCOaZgF0Hf05iaeE+HL+LkRKMxg3iNUVy8707pHV94B+cYJJVh/eSLYTrZfhN6177F3Ap8r6ApAh1d8DE6Vr2ITKuS5iI1WYjN1jBntaD82+MOt6su5vcQT+iJv0sLiN+eUysi0NDEabA5Z5OQJPuqt2Mbus4q/H4c06unPbZ15jjoO6tjxznFypBUavDBXXGtxeqsBcWL9dJuJE0R0gVnB7UbpgJaaELpK5pqklY1QQaSHi/M850MqGVHGgeHP6KbgZG3/pcozCv75yoau7nYU3gtwbLoBkMrNSbMlhresz7PpBG6oXrln7Zrt311SftzU3mfcyCckoQwytEGlCbx/mcYuLNorWrL0M3mSircODVL5YYfZq6gXGK6EkYivpp/UIJn2JO9/KBo+9DgChwxBYlGWjA/avhEG9qbs26MfGBz55UtlLjgvHtY+nhJN8fZL2OW0t6RsqYUMsmxisFDTROm/6m0ps15+T6eozrPASFyMGldzEnZynKEjW8jxkvICNzPLL6YIQPHgIcaCwaZgkq6PL9pQkCXCn1K7uyaE6A1wTz13KDJYHvsSyxdUCAwEAAQ==
Request Body (hashed with SHA256 algorithm)
c17a71cdbe89106d0950aa390cffa746e0f94359010789955779fd5817c8e924
Timestamp
2022-12-12T16:00:00+07:00
String to Sign for Verifiying Signature
POST:/v1.0/transfer-va/inquiry:c17a71cdbe89106d0950aa390cffa746e0f94359010789955779fd5817c8e924:2022-12-12T16:00:00+07:00