About 2 min
1、Generate RSA Key
Merchants can choose either of the following two ways to generate RSA.
Tips
Please configure the public.key file into the Merchant Public Key field in the merchant management backend, and
ensure that your private. key file is securely stored for safety.
1.1、Web
RSA Keyneed you generate by Generation RSA Key Pair then configuration in merchant page.- tips: Open Site -> Select RSA Key Size :
2048-> Generate RSA Key Pair -> Got Them (public_key, private_key).
1.2.Shell
Generate Private and Public Key
- Create Private Key:
openssl genrsa -out rsa_private_key.pem 2048- Generate Public Key:
openssl rsa -in rsa_private_key.pem -out rsa_public_key.pem -pubout- Encode Private Key to PKCS#8:
openssl pkcs8 -topk8 -in rsa_private_key.pem -out pkcs8_rsa_private_key.pem -nocrypt- For creating signature, please use pkcs8_rsa_private_key.pem (result of step 3) and give the public key
rsa_public_key.pem (result of step 2) to Smilepay. Meanwhile, Smilepay public keys are follows.
2.Security Specification
There are two kinds of API Scope, which are called B2B Access Token API and Transactional API. Both of these APIs
have different sets of security specifications.
2.1.Access Token API
Merchant should use this formula to create X-SIGNATURE for Access Token API:SHA256withRSA(private_key, stringToSign). stringToSign = X-CLIENT-KEY + "|" + X-TIMESTAMP
Step OneGiven merchant has private key:MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDQdvXNBSLssNOouQjAVw70qGAbmqy7egw91iG3MljpFnhFWXk+YQOHs2pBvMK3S6KZjkLgGW0XglQYQ7AVLmv8UmE8t2ImbcKjINp1HCjDC6Oc2TlapICJmX3FeYT5WD9+JGE+19Qxku12Spxd8lJRoL0hAj4lTqoZ+9M8+gLiK86AyG8mXx0jTF9+hnUTB9aHfpY+PyDg4AfBpSlt+zGRHrq8CEphIq6nVpnUII99Rrh1zaxaq5sRf0+pO8wbcXnSyn5FdW7H6aTOMRHSnfsw1ddk/YvfYP9SPRGW4Rv3rJwhEDwbhSNnFE/W5LMn/aIrjf/fCPwswYUxgnECGpn9AgMBAAECggEBAMrxVJ/QBUz5ZETYRd3BoyypEk8tSEWHLo2wfcgz+nyIRHP3A+KnXWFpV+NBWSpKNrRY22ABQMPnO+kXVD96nuPYaxNJ0AJrTlWy8RmbXU9scE6M5poIlZ3fUKLDh6GauM0bq5QbV1cfm49SWWHYOy1+V0DgRxHYwB5lmyK8nbwBd6w+WIpInzZbFSew/a0q9bq/BKGLkOEzAEoKlnUm4oWdV6mMCzQaMovqhDxYVX8VvA93aOe0IDZEqDQ0Hs1T2wwH8DkY0ws5hdWShJUkS/1g5oHL9sqg2+cBxkdjcptngtSR+LP3Vif/fcoU+2MctD6gSYFiG+/T5QTn0jA6QQECgYEA/qjhogvrfeEd4hdvQiX9zgEseh4ungaKCqQyQiVJyMllOOyQEE3R2MExGuSCOFwuylby5U2BJS0jqrr5RJZ60M1sW98iqtbnE88CVjqJq/sKTFI7F5W+TCiLxhnz4RPVD2IzokMnEkz8yKXIKONmy1mchbn1n5WB+Q4inDe7Nz0CgYEA0Y/WYQVPK7gnvio7mUBgMpe5TyprfxDn8tjQ4K4zAnO2QoauNCT5GqoUVn+zQxTNZdgPgxRiWcNS5CLDB2YzhBYp+7MAZIhXoXKUd+/ihKAiWYEd6Yq3HgHzRVggFpPjj+xQ23tFEpXPXEzYvUpKY1PhlERyXBsFy+Sp+zzlGcECgYBkEMhYfIaUeBjd9odpXrRUdnGbqrB2t+sWM17sTuqnUzvLGmmhfnKu0XsSLihdLRvVtkTLhaDxksMpGz9HjDnGQnIJx6w/pSI3zmgEqgve4E4znzxJEDYuhuAlf50tHDXkTZoscGax8j6COWJlbrW9wgCXK3MwufbQfpVq/Rs7oQKBgQDLkp7+wNmX7t0srnoW9aJ9g0ZQ0TR7y0CHeHfwy0hiKWX0WkEABqq2bGI1ZPgPQjYFqU3oV/Tynfv4AozSs0V4Gs/N4qWPA6OdAmGX4UB69dRofjVAmbApRlu8EU+any+AsGAb1jPTShSV5VDnETQSKXoJPjSZpOaMmyVFGnK0AQKBgFk6o5KppmZHF5aL6xnVm5WeXAXvxbN5K7rTUknU97AN9ZdGISvUN9eMhzjtkqa/FE0b4SzuShyFP0E8/aZPqIyBOpycm9ymkl6W7hXJwOny04UMEk6SQu00iLyPkYS3PFi4AQAv9cMogGhP38AwVrla0tvvlTIOTUNjf8Ga0iQ6Step TwoThe value ofX-SIGNATUREused for encryption will be:sandbox-10001|2025-02-25T15:47:06+07:00Step ThreeThe merchant will generate the value by encrypting it using the SHA256withRSA algorithm, using the
merchant's private.key.debMrEkgQ3ymztArVxr+lma2BmevPYpBDHLPmD1+yoXaQ6pkcXv6owrhf8w8a49Dk6E6sFqMqbNVaDrQlqyBmsOj3+x+JtGthmJx1VsnzLJHwj5P5OrfG7chfv/trF32OnmiWZks4duaVkEeKUgbyzLehr/icC5TZFbmMcZZdugKaLGZ3yryHNUUj7LHmP8eqkz6azZ4BIOKwXyLgdUPK2rvII1H9xFnSVqf4XBP8dm9or1ZSYfNqbJNeUGaz+tiBMTBF00BFg+9nfp013V44wsCzRfv9f/9MOhWObiO5Rr9dkHgpoIWgePLbwb8E/UiTIKbemWFnUAZVKWVEN64fQ==Step FourInvoke the interface to generate the token:curl -X POST 'https://sandbox-gateway.smilepay.id/v1.0/access-token/b2b' \ -H 'X-TIMESTAMP: 2025-02-25T15:47:06+07:00' \ -H 'X-CLIENT-KEY: sandbox-10001' \ -H 'X-SIGNATURE: debMrEkgQ3ymztArVxr+lma2BmevPYpBDHLPmD1+yoXaQ6pkcXv6owrhf8w8a49Dk6E6sFqMqbNVaDrQlqyBmsOj3+x+JtGthmJx1VsnzLJHwj5P5OrfG7chfv/trF32OnmiWZks4duaVkEeKUgbyzLehr/icC5TZFbmMcZZdugKaLGZ3yryHNUUj7LHmP8eqkz6azZ4BIOKwXyLgdUPK2rvII1H9xFnSVqf4XBP8dm9or1ZSYfNqbJNeUGaz+tiBMTBF00BFg+9nfp013V44wsCzRfv9f/9MOhWObiO5Rr9dkHgpoIWgePLbwb8E/UiTIKbemWFnUAZVKWVEN64fQ==' \ -H 'Content-Type: application/json' \ -d '{"grantType":"client_credentials"}'
2.2.Transactional API
merchant should use symmetric signature HMAC_SHA512 for Transactional API:HMAC_SHA512 (merchantSecret, stringToSign) with formula stringToSign = HTTPMethod +":"+ EndpointUrl +":"+ AccessToken +":"+ Lowercase(HexEncode(SHA-256(minify(RequestBody))))+ ":" + TimeStamp
Step OneSuppose you prepare the following data:- Token Value:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYmYiOjE3NDA0NzA0NzIsImV4cCI6MTc0MDQ3MTM3MiwiaWF0IjoxNzQwNDcwNDcyLCJNRVJDSEFOVF9JRCI6InNhbmRib3gtMTAwMDEifQ.eMcSoq4bSnJJOPhplQwW7wSz8f6rdh6U7Tv0L4lZxog- MerchantSecret:
a5f6fb21a372b89d49e23f0054e288760cd160de6638c5681419504947650289- PayIn Transaction Body:
{ "paymentMethod": "BRI", "payer": { "name": "test", "email": "[email protected]", "phone": "0877983192", "address": "Jalan Pantai Mutiara TG6, Pluit, Jakarta" }, "receiver": { "name": "smilepay", "email": "[email protected]", "phone": "0877983192", "address": "Jl. Pluit Karang Ayu 1 No.B1 Pluit" }, "orderNo": "T_1737537970911", "purpose": "Purpose For Transaction from Java SDK", "productDetail": "Product details", "additionalParam": "other descriptions", "itemDetailList": [ { "name": "mac A1", "quantity": 1, "price": 10000 } ], "billingAddress": { "address": "Jl. Pluit Karang Ayu 1 No.B1 Pluit", "city": "jakarta", "postalCode": "14450", "phone": "0877983192", "countryCode": "Indonesia" }, "shippingAddress": { "address": "Jl. Pluit Karang Ayu 1 No.B1 Pluit", "city": "jakarta", "postalCode": "14450", "phone": "0877983192", "countryCode": "Indonesia" }, "money": { "currency": "IDR", "amount": 10000 }, "merchant": { "merchantId": "sandbox-10001", "merchantName": "smilepay" } }Step TwoTheminifyprocess is performed on the packet body to generate aSHA-256hash value and convert it to lowercase format:0134a59aca012f42309f4225ef963bbd4072ab5b38518aa6f59fc836211ca769Step ThreeThe value ofX-SIGNATUREused for encryption will be:POST:/v1.0/transaction/pay-in:eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYmYiOjE3NDA0NzA0NzIsImV4cCI6MTc0MDQ3MTM3MiwiaWF0IjoxNzQwNDcwNDcyLCJNRVJDSEFOVF9JRCI6InNhbmRib3gtMTAwMDEifQ.eMcSoq4bSnJJOPhplQwW7wSz8f6rdh6U7Tv0L4lZxog:0134a59aca012f42309f4225ef963bbd4072ab5b38518aa6f59fc836211ca769:2025-02-25T16:01:45+07:00Step Four"Merchants will use merchantSecret to encrypt the value using the HMAC-SHA512 algorithm to generate the value.":so39+A3G7AU6i4Gx8aiLkNFJ+zpZop6JU3V6xYeYGaznCjP5DchHQirOQxu5uXbvPHagvd1TUK3sMZbFJSjkyQ==Step FiveInvoke the interface to generate the PayIn:curl -X POST 'https://sandbox-gateway.smilepay.id/v1.0/transaction/pay-in' \ -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYmYiOjE3NDA0NzA0NzIsImV4cCI6MTc0MDQ3MTM3MiwiaWF0IjoxNzQwNDcwNDcyLCJNRVJDSEFOVF9JRCI6InNhbmRib3gtMTAwMDEifQ.eMcSoq4bSnJJOPhplQwW7wSz8f6rdh6U7Tv0L4lZxog' \ -H 'X-TIMESTAMP: 2025-02-25T16:01:45+07:00' \ -H 'X-SIGNATURE: so39+A3G7AU6i4Gx8aiLkNFJ+zpZop6JU3V6xYeYGaznCjP5DchHQirOQxu5uXbvPHagvd1TUK3sMZbFJSjkyQ==' \ -H 'ORIGIN: www.yourdomain.com' \ -H 'X-PARTNER-ID: sandbox-10001' \ -H 'X-EXTERNAL-ID: T_1737537970911' \ -H 'CHANNEL-ID: 95221' \ -H 'Content-Type: application/json' \ -d '{ "paymentMethod": "BRI", "payer": { "name": "test", "email": "[email protected]", "phone": "0877983192", "address": "Jalan Pantai Mutiara TG6, Pluit, Jakarta" }, "receiver": { "name": "smilepay", "email": "[email protected]", "phone": "0877983192", "address": "Jl. Pluit Karang Ayu 1 No.B1 Pluit" }, "orderNo": "T_1737537970911", "purpose": "Purpose For Transaction from Java SDK", "productDetail": "Product details", "additionalParam": "other descriptions", "itemDetailList": [ { "name": "mac A1", "quantity": 1, "price": 10000 } ], "billingAddress": { "address": "Jl. Pluit Karang Ayu 1 No.B1 Pluit", "city": "jakarta", "postalCode": "14450", "phone": "0877983192", "countryCode": "Indonesia" }, "shippingAddress": { "address": "Jl. Pluit Karang Ayu 1 No.B1 Pluit", "city": "jakarta", "postalCode": "14450", "phone": "0877983192", "countryCode": "Indonesia" }, "money": { "currency": "IDR", "amount": 10000 }, "merchant": { "merchantId": "sandbox-10001", "merchantName": "smilepay" } }'