# Signature SNAP

Standar Nasional Open API Pembayaran(SNAP) or national standard of open API is a standard of online payment API that is made by Bank Indonesia(BI). Signature SNAP used for integrity checking and non-repudiation, it also used to authenticate and authorize the request of API services.

## Generate Signature SNAP

To generate Signature SNAP you can use this format:

<table data-header-hidden><thead><tr><th width="214"></th><th></th></tr></thead><tbody><tr><td><strong>Signature type used</strong></td><td>Asymetric-Signature</td></tr><tr><td><strong>Format</strong></td><td><code>SHA256withRSA (Private_Key, stringToSign)</code></td></tr></tbody></table>

#### Generate Signature Parameters

<table><thead><tr><th width="192">Parameter</th><th>Description</th></tr></thead><tbody><tr><td>Private_Key</td><td>A key used for authenticating the request (Generated by merchant)</td></tr><tr><td>stringToSign</td><td><p>To create a string that will be used to generate a signature.<br></p><p><strong>Formula:</strong> HTTPMethod+”:“+EndpointUrl+":“+Lowercase(HexEncode(SHA256(minify(RequestBody)))) + ":“ + TimeStamp</p></td></tr><tr><td>HTTPMethod</td><td>POST / DELETE / PUT (based on service API)</td></tr><tr><td>EndpointURL</td><td>Complete the Endpoint URL including all related URL parameters (Relative path, example: Path in the general information of each API service)<br><strong>Sample:</strong><br><strong>SNAP Virtual Account:</strong> /v1.0/transfer-va/create-va<br><strong>SNAP Direct Debit:</strong> /v1.0/debit/payment-host-to-host<br><strong>SNAP QRIS:</strong> /v1.0/qr/qr-mpm-generate<br><strong>SNAP Disbursement:</strong> /account/v1.0/account-inquiry-external</td></tr><tr><td>RequestBody</td><td>Data that send to API services</td></tr><tr><td>TimeStamp</td><td><p>Timestamp request sent</p><p><strong>Format:</strong> datetime ISO 8601</p><p><strong>(sample: 2022-12-12T16:00:00+07:00)</strong></p></td></tr></tbody></table>

You can get a signature by following these steps:

1. By using `stringToSign` a string will be created, the string used for generating a signature.
2. Signature will be generated using algorithm `SHA256withRSA` with string that has been created, and the private key that owns by merchant.
3. Next, the signature will be encoded by `base64_encode`.
4. A signature that has been encoded now can be used as the value for `X-SIGNATURE` on the request header of SNAP API services.

<details>

<summary>Sample Code Generate Signature</summary>

```json
public function generateSignature($data){
        $stringToSign = $data['method'].":".$data['endpoint'].":".hash('sha256', $data['body']).":".$data['timestamp'];
 
        $prv_data = file_get_contents("private.key");
        $private_key = openssl_get_privatekey($prv_data);
 
        $signature = "";
 
        openssl_sign($stringToSign, $signature, $private_key, OPENSSL_ALGO_SHA256);
 
        return base64_encode($signature);
    }
```

</details>

### Signature Request Sample

<table data-header-hidden><thead><tr><th width="179"></th><th></th></tr></thead><tbody><tr><td>API Service</td><td>Create VA</td></tr><tr><td>Method</td><td>POST</td></tr><tr><td>Endpoint URL</td><td>/v1.0/transfer-va/create-va</td></tr><tr><td>Request Body</td><td><p>{</p><p>    "virtualAccountName": "Jokul Doe",</p><p>    "virtualAccountEmail": "jokul@email.com",</p><p>    "virtualAccountPhone": "6281828384858",</p><p>    "trxId": "abcdefgh1234",</p><p>    "totalAmount":</p><p>    {</p><p>        "value": "12345678.00",</p><p>        "currency": "IDR"</p><p>    },</p><p>    "expiredDate": "2020-12-31T23:59:59-07:00",</p><p>    "additionalInfo":</p><p>    {</p><p>        "billDate": "2020-12-31T23:59:59-07:00",</p><p>        "channelCode": "402",</p><p>        "billDescription": "Maintenance"</p><p>    }</p><p>}</p></td></tr><tr><td>Request Body (hashed with SHA256 algorithm)</td><td>f7e939e8227670a065e4a6f99b42346bfa20724a8e3c775be93b57c95c954dfd</td></tr><tr><td>Timestamp</td><td>2022-12-12T16:00:00+07:00</td></tr><tr><td>String to Sign for Generating Signature</td><td>POST:/v1.0/transfer-va/create-va:f7e939e8227670a065e4a6f99b42346bfa20724a8e3c775be93b57c95c954dfd:2022-12-12T16:00:00+07:00</td></tr><tr><td>Private Key</td><td>IIJKgIBAAKCAgEAvMf/FcbYqDVzWuxNnhf4Agg15+66+rfnVWZJZZvHkz9RPkYR/D3dtbeqfKhK6JnlqUaQDMIV2bUULB33vsjCDjYqv+bH8cISHCAU62VU3m4a0pLdAJH6uzz3Ebj+nCNDFzEkQZ/51DzrqqAuZ2EnkW2aYht5DCRjiYqrtHoabsEZh+uGGwQK7gT/cNT/wVMgYWY2NZSeBeWvn/8FBVQnAxEAzH1c2lq1Wrrxk5m6Fbxj5Gaovlfzr1Ijh77FB+0YIiD5RmuucaOmTHOq/7UofEburu1xqFY3XaTSNmAiG5Udp/ntt7H3ZqyRpMwAZyo9RApwMbVh1Z+SfJbzHCoqi6Ex7+jFnxDHs+/JxTRsCtHNT3pzrYjq4gl0ot8+SJXKqvtnT0A0W8BIMbzlP9nUKEa9SD4zF1hnbP4hhYXUMaWEi/PUCYGJQMZcPsnXnoJVCEarg5Ni1QTHky5nkbWFsLbiZZiR87ImLt3nWOUyJD6VolCvU5m8EANx9JFqFWEF9BNcr/ZJeoEj8TyPK3RTlsAFJ7+asDWSAW9xsb9mcu4hviQfD/eECDibZBnTogWS1uyDZrKM6e/UTbCA8LyvgMej2NRfC+XYT7W2ul24f7NrMyzGDoHZaLmzoxqeq8NSvtssxr1jkiqLl6TqLMs0zse7yH+idgmfhLnQ2rZPmNUCAwEAAQKCAgEAmVSf3SIq60SusxTnXhb9uzjL/9upRuaEIJr51muWyARPipMDHKtrHqNU9/cBELefD8ReT958PN2Uyth0VyNcaoqYYlGh6LzGVM3B8AfXzOoFIy9iDYqD6fx0eJKXSl5hqb6iQiMbmcT5bRa5WgJRTw+Eq1bBFJmhtx9Io0fhnD9+6yTjQaIg9n5cs1pteKp5zGJmeVKCnyuVYBCUFWXqYdU3nt/bwQaX8l+Qw1/DAtCHGgY/3Io3RRkj/qd2BSAPz/iUPxxLDcXr1oDETPjpLze1uaLmA+IzCf5LNxsR2PFeqwaWi/MijORxTzbaxPBL3q3TvqwiEI6RPlykjSW6c1LKG565q58F6H7jr8A0UPINRDTRbtx8Hc5YhPFTgL7HB8sIqYTBXV1n2qCBdhD4oCMz4+dCmrydZQFFJZti6LmKZtY/6TyP8TX0GrCV1osxywD6qJGpjorI7Yse1edBbBtqLwfyyO3xs3j+DCvMxZmsuly0LNECK4CakLiojPm7pRyw2J/B91ZG+vvD+13orryaWwaiT/Row2MSEUAeOoCwxGIB9c2eFW2UCuZ6GoX9iu15r6BV3+U+1rY6NBPKndZETZozyMTAPbp30RDTRR0qdoLYqwsOctgMsmUoFf9jBccLX2nCBBOaRglvPpDCP+/OcdLbzno5dP4pGfc7z+kCggEBAPkktZ8Xcr8qv0jjylMsBxc2pxfKt9fhlboa2huPjk3v/v+D4RhMzDRX+mr6X4ReNEB9Px+BQKsKosfBMwY6HK5lbMqmuLFKaoQ5NtEAkGyoac8JhWijkJazlycC1Amf9GFmGm9W5GZ7wBaxe6YXwCj1sKJWuDZ0bb8qqdNgZw4xTZQVkyWJed2zhnNQB+hB2M1XLF+wnVgw8lfD9pQAqHo1a25tVa5CFH+6H1uVj5fX8Z4NdGmlh07Aofl0O4inAv5Dx6Ijyvd5D6cjo4ZSElGJDSx4a4F59yB/DAl6uDk0gIj4vnwHZ78j7c+D4g8DkBWixxtRVZwMj3JxVvMl/z8CggEBAMH6BG3XGUe6N8bNcJVqmbD1kEfaxrR0ssjhcHTYlm5Au3+dCdiOYEvTA4WbjHUN/Vr2GfnQe8thsAb8CL18Vy2HXd8IcLdYxRbu55emnDHupmYjWyYXUy7vLCGmi/PKU1yaFwl7AA5fbe2rA32tailLFpmf/7HjYFiy0mq7+74atV2wkKFp8uvMcTK6xXfBJ2j+QsdWTLyTfY3AAUdj7nNyGoEbhiLNiFxQEDQiHYwdcaC8T6IvudYDp+uQIDNz5ROwK/tP3w8W/iMS9ixl/DAqrKzOzlDEkKAzTI/L27nv5S9UhZSpAAqrKzIvNLy/Dwj7Ibk0AS/BYaTp9IKpNusCggEBALco2azf3CfWEVJQxIlosL3MHANNsOIwoZZz7yyb2Q5LBbhrB6yJqQZCN4M2FcqGRvuyGBndN+GGrC0WR6CoUDWVsuk4sEcGYlBaj4YPWB3Joh/m7AEFXmKsHM89MQzyXwLLwVthEgCVsZ39VN3CUC7MkNKH1l2SMqx7fOY81QaGEHZxdf/+lWz7cjiL+YQyBGTRVXnzqXkQYtlK45fi8/kEFLrV/kthoRhViIAX77y9sI91bMPOQS8QRwPRA4Nu5LBwu+7jSW+tvGgvtyQkafsvOlQbI03IkHl/bSX65jyH8IbB96fO+eJ3U3lfh21qPR7q0F2w6bMTONH1qOqQYJkCggEATftgSnQ+Eor3n3G6ACeh7/VY8rouRh/gPEf9eMwV9e8KMeyFJ81dQz5q3QzCs9BS+X2Uxcyd6A62wKgUL3FMbt5Ly71N6zfBzE1xR5NQmfZSaR9vpmmcJHM8r66P9wtw5fqApmwPgre0ruageab81er9A/fByNcbRa1mUEiQlUWRgj/YdTvt0AQZwgY6GsHJQTluyUqVgP5ebF0zZmrzUvAdXageDeHJHyuEyCCq9khkBPWPoilDsZk4qcgAWg8OmhKqK9dZWmyo8JrP4tuBPi/5yWM+qFPNvMnCztBq3l5mKdf19+TVQnS74en+bp70wWyMizMwAu3gfncbuGekzwKCAQEAySH0A5QYWNSSW7OlKd2Ab18HTHWFIma0gRPfexd4wqLPX264dVEdxHwwBf41gE7/Dm6K/SUWTMGWvIYHWv8vZY1gH9bzePuQxR6G1C/64bQ9+VIP2PQWdK3eZkA9dYNlAXVpI0yKJ/OwvfFGJ3eV7ZhoCfnb5cTo/+ZZYuMXvl4BOaPGXJuDlZ2e2Xr4eJa7VLaChBou+a6laoETU9+UC2ItIDENJQQTeQaCcEH00okQHu8DcISus0rnNUtJZt9U8rlnrb7NKKlti+UcNayawphXtqX7Taw3Kg3S6H1737ohnPikyMPN0qaA+ptxGdYIs6wPLmDTvW2kT1jJiSvtDQ==</td></tr><tr><td>Generated Signature using Private Key with SHA256RSA &#x26; Encode with base64 (X-SIGNATURE):</td><td>nDbaEgmkto+t9zyADVFwTmnKICKENHg/+dtGAUyoxoZr0pHBZ3KC4JrLCrXtqRqf2FbsTK2kUBlCfRjTkJ0rZ+KCPdJ/J4GszU71vf3G7Iip6nPUhG/Cxsj2dXbEojhHvBSp+gYGugTGiMbEZ4VhVLUFGMKFoi87mGRruuJdX/FXdWMd0b5+yPfthmdOTbULNzhjVNZMDCGmhQ722ua8pS5IVSZE92h0qPA352vLef/4Sbmaljxs/QyIZG7S264xnMhQ+GN4M1Gn/x32ZAqQsRA+6CoK0F1sQlwl4S1eskjoksvxbDnTWViVVWIhPylb+7bMsYT3NYxhVLnbWIQ8Y7HV4VHScyG6IOILKtvoOqY5z1w5rSSTJub3ZolJz/7jpe+/BjozkEYiiG7jn6bD/T5HWMKuub56HGP5/mbKXSVtgfA8QzlCH7574mD+xK/bteT1LPBRsQXUpiuCNCmCx4Et6ln0lJPb52PyOMP0op96OJT6636gqZci/N+j2XpovR4HAIdw5chjBY28MmYg4CBjcoXLcYcA6YSVIRQ3/iIS+uG/dfHsrxIjWxtFuDrOyPrdvhQg0BL+vF5CfKbDKs/o/3fanPGlyEyjV3Ca9/goK4SCZ3KDTmSEhPLZ9F3fMAuL6ufGQL1ZinlWuynqegDacfr1GZRcUVBSLaZI0dg=</td></tr></tbody></table>

## SNAP API Service - Sample Request

This is the sample of Create VA request using the signature that has been generated. Details of SNAP create VA can be seen [here](https://docs.faspay.co.id/merchant-integration/api-reference-1/snap/snap-virtual-account#create-virtual-account-va).

#### Request Header

<details>

<summary>Sample Request Header SNAP Create VA</summary>

```json
X-TIMESTAMP: 2022-12-12T16:00:00+07:00
X-SIGNATURE: nDbaEgmkto+t9zyADVFwTmnKICKENHg/+dtGAUyoxoZr0pHDZ3KC4JrLCrXtqRqf2FbsTK2kUBlCfRjTkJ0rZ+KCPdJ/J4GszU71vf3G7Iip6nPUhG/Cxsj2dXbEojhHvBSp+gYGugTGiMbEZ4VhVLUFGMKFoi87mGRruuJdX/FXdWMd0b5+yPfthmdOTbULNzhjVNZMDCGmhQ722ua8pS5IVSZE92h0qPA352vLef/4Sbmaljxs/QyIZG7S264xnMhQ+GN4M1Gn/x32ZAqQsRA+6CoK0F1sQlwl4S1eskjoksvxbDnTWViVVWIhPylb+7bMsYT3NYxhVLnbWIQ8Y7HV4VHScyG6IOILKtvoOqY5z1w5rSSTJub3ZolJz/7jpe+/BjozkEYiiG7jn6bD/T5HWMKuub56HGP5/mbKXSVtgfA8QzlCH7574mD+xK/bteT1LPBRsQXUpiuCNCmCx4Et6ln0lJPb52PyOMP0op96OJT6636gqZci/N+j2XpovR4HAIdw5chjBY28MmYg4CBjcoXLcYcA6YSVIRQ3/iIS+uG/dfHsrxIjWxtFuDrOyPrdvhQg0BL+vF5CfKbDKs/o/3fanPGlyEyjV3Ca9/goK4SCZ3KDTmSEhPLZ9F3fMAuL6ufGQL1ZinlWuynqegDacfr1GZRcUVYSLcZI0dg=
X-PARTNER-ID: 12345
X-EXTERNAL-ID: 95184120658180428881231208566
CHANNEL-ID: 77001
```

</details>

#### Request Body

<details>

<summary>Sample Request Body SNAP Create VA</summary>

```json
{
    "virtualAccountName": "Jokul Doe",
    "virtualAccountEmail": "jokul@email.com",
    "virtualAccountPhone": "6281828384858",
    "trxId": "abcdefgh1234",
    "totalAmount":
    {
        "value": "12345678.00",
        "currency": "IDR"
    },
    "expiredDate": "2020-12-31T23:59:59-07:00",
    "additionalInfo":
    {
        "billDate": "2020-12-31T23:59:59-07:00",
        "channelCode": "402",
        "billDescription": "Maintenance"
    }
}
```

</details>

## Verifying Signature SNAP

To validate, the signature that has been generated and sent when request made will be verify by merchant.

#### **Verifying Signature SNAP Parameters**

<table><thead><tr><th width="291">Parameter</th><th>Description</th></tr></thead><tbody><tr><td>X-SIGNATURE_FROM_FASPAY</td><td>The signature used on the SNAP API request</td></tr><tr><td>FASPAY_PUBLIC_KEY</td><td>A key used to verify the signature (generated by Faspay)</td></tr><tr><td>stringToSign</td><td><p>To create a string that will be used to verify signature.<br></p><p><strong>Formula:</strong> </p><p>HTTPMethod+”:“+EndpointUrl+":“+Lowercase(HexEncode(SHA256(minify(RequestBody)))) + ":“ + TimeStamp</p></td></tr><tr><td>HTTPMethod</td><td>POST / DELETE / PUT (based on service API)</td></tr><tr><td>EndpointURL</td><td>Complete the Endpoint URL including all related URL parameters (Relative path, example: Path in the general information of each API service)<br><strong>(sample: /v1.0/transfer-va/create-va)</strong></td></tr><tr><td>RequestBody</td><td>Data that send to API services</td></tr><tr><td>TimeStamp</td><td><p>Timestamp request sent</p><p><strong>Format:</strong> datetime ISO 8601</p><p><strong>(sample: 2022-12-12T16:00:00+07:00)</strong></p></td></tr></tbody></table>

You can verify the signature by following these steps:

1. By using `stringToSign` a string will be created, the string used to verify the signature.
2. Next, the signature will be decoded by `base64_decode`.
3. The decoder result will be verified using algorithm `SHA256`, with string that has been created, and the public key provided by Faspay.
4. Last, it will return 1 if the signature matches, and 0 if it doesn’t matches.

### Verifying Signature Sample

This is a sample to verify the signature that used on VA inquiry. SNAP VA inquiry in details can be seen [here](https://docs.faspay.co.id/merchant-integration/api-reference-1/snap/snap-virtual-account#inquiry).

<table data-header-hidden><thead><tr><th width="206"></th><th></th></tr></thead><tbody><tr><td>SNAP Service</td><td>VA Inquiry</td></tr><tr><td>Method</td><td>POST</td></tr><tr><td>Endpoint URL</td><td>/v1.0/transfer-va/inquiry</td></tr><tr><td>Request Body</td><td><p>{ </p><p>"partnerServiceId": " 88899", </p><p>"customerNo": "12345678901234567890",</p><p>"virtualAccountNo": " 08889912345678901234567890", "inquiryRequestId": "abcdef-123456-abcdef" </p><p>}</p></td></tr><tr><td>Public Key</td><td>MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArrb7I5HI84lxKybUDxSXNlj/QmUtM82Uey2Lx6LHkFc4gMFJZkK9eLdETAo2k+Pd9aLxuGWL/CabRczAZHLc/n4Xr9jeThGU9PpFAyJuUrNNsCOaZgF0Hf05iaeE+HL+LkRKMxg3iNUVy8707pHV94B+cYJJVh/eSLYTrZfhN6177F3Ap8r6ApAh1d8DE6Vr2ITKuS5iI1WYjN1jBntaD82+MOt6su5vcQT+iJv0sLiN+eUysi0NDEabA5Z5OQJPuqt2Mbus4q/H4c06unPbZ15jjoO6tjxznFypBUavDBXXGtxeqsBcWL9dJuJE0R0gVnB7UbpgJaaELpK5pqklY1QQaSHi/M850MqGVHGgeHP6KbgZG3/pcozCv75yoau7nYU3gtwbLoBkMrNSbMlhresz7PpBG6oXrln7Zrt311SftzU3mfcyCckoQwytEGlCbx/mcYuLNorWrL0M3mSircODVL5YYfZq6gXGK6EkYivpp/UIJn2JO9/KBo+9DgChwxBYlGWjA/avhEG9qbs26MfGBz55UtlLjgvHtY+nhJN8fZL2OW0t6RsqYUMsmxisFDTROm/6m0ps15+T6eozrPASFyMGldzEnZynKEjW8jxkvICNzPLL6YIQPHgIcaCwaZgkq6PL9pQkCXCn1K7uyaE6A1wTz13KDJYHvsSyxdUCAwEAAQ==</td></tr><tr><td>Request Body (hashed with SHA256 algorithm)</td><td>c17a71cdbe89106d0950aa390cffa746e0f94359010789955779fd5817c8e924</td></tr><tr><td>Timestamp</td><td>2022-12-12T16:00:00+07:00</td></tr><tr><td>String to Sign for Verifiying Signature</td><td>POST:/v1.0/transfer-va/inquiry:c17a71cdbe89106d0950aa390cffa746e0f94359010789955779fd5817c8e924:2022-12-12T16:00:00+07:00</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.faspay.co.id/merchant-integration/api-reference-1/snap/signature-snap.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.