Less than 1 minute
Tips
Authorization is a method for Service Providers to grant access to API requests from Service Users. The standards used are:
- OAuth 2.0 is RFC6749 compliant
- Bearer tokens comply with RFC6750
Introduce
| Service Code | 73 |
|---|---|
| Name | API Access Token B2B |
| Version | 1.0 |
| HTTP Method | POST |
| Path | .../{version}/access-token/b2b |
Tips
API Header Format Structure for Access Token Request (B2B):
Request Access Token Header
| Field | Attribute | Type | Description |
|---|---|---|---|
| Content-Type | Mandatory | String | application/json |
| X-TIMESTAMP | Mandatory | String | Date and time in the format yyyy-MM-ddTHH:mm:ssTZD |
| X-CLIENT-KEY | Mandatory | String | Merchant_ID |
| X-SIGNATURE | Mandatory | String | Created using the asymmetric signature algorithm SHA256withRSA. Refer to: Authentication Specification |
Request Access Token Parameter
| Field | Attribute | Type | Description |
|---|---|---|---|
| grantType | Mandatory | String | Fixed value: client_credentials |
| additionalInfo | Optional | Object | Additional Information |
Response Access Token Parameter
| Field | Attribute | Type | Description |
|---|---|---|---|
| responseCode | Mandatory | String(32) | Response code. Success code: 2007300 |
| responseMessage | Mandatory | String(64) | Response description |
| accessToken | Mandatory | String | Authorization token issued to the client for accessing protected resources |
| tokenType | Optional | String | Type of access token provided to the client |
| expiresIn | Optional | String | Session expiry in seconds: 900 (15 minutes) |
| additionalInfo | Mandatory | JSON | Additional information as a JSON string |
Sample Parameter
Sample Request
curl -X POST 'https://sandbox-gateway.smilepay.id/v1.0/access-token/b2b' \
-H 'X-TIMESTAMP: 2025-02-25T15:47:06+07:00' \
-H 'X-CLIENT-KEY: sandbox-10001' \
-H 'X-SIGNATURE: debMrEkgQ3ymztArVxr+lma2BmevPYpBDHLPmD1+yoXaQ6pkcXv6owrhf8w8a49Dk6E6sFqMqbNVaDrQlqyBmsOj3+x+JtGthmJx1VsnzLJHwj5P5OrfG7chfv/trF32OnmiWZks4duaVkEeKUgbyzLehr/icC5TZFbmMcZZdugKaLGZ3yryHNUUj7LHmP8eqkz6azZ4BIOKwXyLgdUPK2rvII1H9xFnSVqf4XBP8dm9or1ZSYfNqbJNeUGaz+tiBMTBF00BFg+9nfp013V44wsCzRfv9f/9MOhWObiO5Rr9dkHgpoIWgePLbwb8E/UiTIKbemWFnUAZVKWVEN64fQ==' \
-H 'Content-Type: application/json' \
-d '{"grantType":"client_credentials"}Sample Response
{
"responseCode": "2007300",
"responseMessage": "Successful",
"accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYmYiOjE3NDA0Njk4NDUsImV4cCI6MTc0MDQ3MDc0NSwiaWF0IjoxNzQwNDY5ODQ1LCJNRVJDSEFOVF9JRCI6InNhbmRib3gtMTAwMDEifQ.ftfhy86dKsMW9yBrtZ1XSgpHSfExg1kJS9ub6_i5ZMk",
"tokenType": "Bearer",
"expiresIn": "900",
"additionalInfo": null
}