Permata API

Generate Token

Step By Step request Generate Token (sample):

1. Use key-id for test :

'API-Key: cd86fe4b-bc4f-4200-8ad4-d04971c65ac6'

2. Use $username = ec1f94aa-161b-446a-afb0-2de29a52060e
3. Use $password = fd0f38d4-46dd-44ce-b318-c208f7f0e6df

4. Generate header timestamp. example :

OAUTH-Timestamp : 2017-12-09T03:52:01.000+07:00

5. Use payload data :grant_type=client_credentials
6. Generate signature for header "oauth-signature"

- construct payload permata signature concat at field using ":" separator
```
API-Key:OAUTH-Timestamp:payload
```
basic_auth from user and pass sample :

- Client ID / username :
```
ec1f94aa-161b-446a-afb0-2de29a52060e
```
- Client Secret Key / password :
```
fd0f38d4-46dd-44ce-b318-c208f7f0e6df
```
generated Base64 Basic Auth:
```
NzNlODQzY2QtMGIyOC00Zjk4LWEyNjItYjVkYmRmOWVlNTQ5OjJkNDU3MDVjLWU5OTItNGJkOC1iN2ZlLTdkMmQxZGM2YzRjMQ==
```

Example full payload for permata oauth signature :

cd86fe4b-bc4f-4200-8ad4-d04971c65ac6:2017-12-09T03:52:01.000+07:00:grant_type=client_credentials

Sample generate hmac sha256 using PHP :

//Define Message
$message = 'cd86fe4b-bc4f-4200-8ad4-d04971c65ac6:2017-12-09T03:52:01.000+07:00:grant_type=client_credentials';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Signature
$signature = base64_encode($hash);
echo 'Signature: ' . $signature . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099

The result are OAUTH-Signature:YcKit0AOOJns0z/DWS+VJDHPJr/MWGiqZzqzFHIkBgo=

$payloadName['grant_type']='client_credentials';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded ','keyid: cd86fe4b-bc4f-4200-8ad4-d04971c65ac6','OAUTH-Signature: YcKit0AOOJns0z/DWS+VJDHPJr/MWGiqZzqzFHIkBgo=','OAUTH-Timestamp : 2017-12-09T03:52:01.000+07:00');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_USERPWD, $username . ":" . $password);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $payloadName);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);

Sample Response


{
    "access_token": "15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy",
    "token_type": "Bearer",
    "expires_in": 10800,
    "scope": "resource.WRITE resource.READ"
}

Sample generate hmac sha256 using JAVA :


//Define Message
String message = ' 15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"BalInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"701075323"}}}';
//Create Hash
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(permataStaticKey.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key)
//Create token
String hash = Base64.encodeBase64String(sha256_HMAC.doFinal(string2hash.getBytes("UTF-8")));
System.out.println(hash);

Sample Response


{
    "access_token": "15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy",
    "token_type": "Bearer",
    "expires_in": 10800,
    "scope": "resource.WRITE resource.READ"
}

Use token Oauth And Permata Signature to Hit Services

After get response from generate token oauth. use access_token to generate permata signature.

a. use access_token from response as header
'authorization: Bearer 15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy'
b. add header
```
'organizationname: WD62876099'
```

c. add header

'permata-timestamp : 2017-11-07T10:22:57.000'

d. add header permata-signature :

- construct permata-signature :
- construct payload permata signature concat at field using ":" separator
access_token:permata-timestamp:bodymessage(message without space)

Example :

15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57:{"BalInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"701075323"}}}

Sample generate hmac sha256 using PHP :

//Define Message
$message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"BalInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"701075323"}}}';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Token
$token = base64_encode($hash);
echo 'Token: ' . $token . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099,
The result are permata-signature:
YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=

Sample request using PHP curl :

$jsonPayload=''{"BalInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"701075323"}}}';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json',
'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ',
'permata-signature:YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=', 'organizationname: WD62876099',
'permata-timestamp: 2017-11-07T10:22:57.000');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $jsonPayload);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);
curl -X POST -k https://api.pbdevtest.com/apiservice/InquiryServices/BalanceInfo_V2/inq   -H 'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ'   -H 'cache-control: no-cache'   -H 'content-type: application/json'   -H 'organizationname: Permata Bank'   -H 'permata-signature: YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4='   -H 'permata-timestamp: 2017-11-07T10:22:57.000+07:00'  -d '{"BalInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"701075323"}}}'

Sample Response


{
    "BalInqRs": {
        "MsgRsHdr": {
            "ResponseTimestamp": "2017-11-24T01:56:16.245+07:00",
            "CustRefID": "0878987654321",
            "StatusCode": "14",
            "StatusDesc": "Account Not Found"
        },
        "InqInfo": {
            "AccountNumber": "701075323",
            "AccountCurrency": "",
            "AccountBalanceAmount": "",
            "BalanceType": "AvailBalance"
        }
    }
}

Example :

15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57:{"BalInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"701075323"}}}

Sample generate hmac sha256 using PHP :

//Define Message
$message = ' 15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"BalInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"701075323"}}}';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Token
$token = base64_encode($hash);
echo 'Token: ' . $token . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099,
The result are permata-signature:
YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=

Sample request using PHP curl :

$jsonPayload='{"BalInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"701075323"}}}';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json',
'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ',
'permata-signature:YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=', 'organizationname: WD62876099',
'permata-timestamp: 2017-11-07T10:22:57');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $jsonPayload);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);
curl -X POST -k https://api.pbdevtest.com/apiservice/InquiryServices/BalanceInfo_V2/inq   -H 'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ'   -H 'cache-control: no-cache'   -H 'content-type: application/json'   -H 'organizationname: Permata Bank'   -H 'permata-signature: YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4='   -H 'permata-timestamp: 2017-11-07T10:22:57'  -d '{"BalInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"701075323"}}}'

Sample Response


{
    "BalInqRs": {
        "MsgRsHdr": {
            "ResponseTimestamp": "2017-11-24T01:56:16.245+07:00",
            "CustRefID": "0878987654321",
            "StatusCode": "14",
            "StatusDesc": "Account Not Found"
        },
        "InqInfo": {
            "AccountNumber": "701075323",
            "AccountCurrency": "",
            "AccountBalanceAmount": "",
            "BalanceType": "AvailBalance"
        }
    }
}

Balance Inquiry

1.1 Detail

Name	Balance Inquiry
Description	Balance Inquiry Operations: inq
Transport Protocol	HTTP POST
Message Format	JSON
Interaction Type	Synchronous
Security Policy	API Key + JWE
Interface ID

1.2 Request

Message Format

Field	Type	Length	Mandatory	Description
BalInqRq
MsgRqHdr
RequestTimestamp	xs:dateTime		Y	Format: YYYY-MM-DDTHH:mm:ss 2017-07-21T14:32:01.000+07:00
CustRefID	xs:string	20	Y
InqInfo
AccountNumber	xs:string		Y	Account number

1.3 Response

Message Format

Field	Type	Length	Mandatory	Description
BalInqRs
MsgRqHdr
ResponseTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00.000
CustRefID	xs:string		Y
StatusCode	xs:string	*	Y	Status code
StatusDesc	xs:string	*	N	Status description
InqInfo
AccountNumber	xs:string		Y
AccountCurrency	xs:string		Y
AccountBalanceAmount	xs:string		Y
BalanceType	xs:string		Y

Sample code

After get response from generate token oauth. use access_token to generate permata signature.

a. use access_token from response as header

'authorization: Bearer 15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy'

b. add header
```
'organizationname: WD62876099'
```

c. add header

'permata-timestamp : 2017-11-07T10:22:57.000'

d. add header permata-signature :
- construct permata-signature :
- construct payload permata signature concat at field using ":" separator access_token:permata-timestamp:bodymessage(message without space)

Post

https://api.pbdevtest.com/apiservice/InquiryServices/BalanceInfo/inq

Sample Request


{ 
   "BalInqRq":{ 
      "MsgRqHdr":{ 
         "RequestTimestamp":"2017-07-21T14:32:01.000+07:00",
         "CustRefID":"0878987654321"
      },
      "InqInfo":{ 
         "AccountNumber":"701075323"
      }
   }
}

Sample Response


{
    "BalInqRs": {
        "MsgRsHdr": {
            "ResponseTimestamp": "2017-07-21T14:32:01.000+07:00",
            "CustRefID": "0878987654321",
            "StatusCode": "00",
            "StatusDesc": "Success"
        },
        "InqInfo": {
            "AccountNumber": "701075323",
            "AccountCurrency": "IDR",
            "AccountBalanceAmount": "106555123",
            "BalanceType": "AvailBalance"
        }
    }
}

Example :

15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57:{"BalInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"701075323"}}}

Sample generate hmac sha256 using PHP :

//Define Message
$message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"BalInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"701075323"}}}';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Token
$token = base64_encode($hash);
echo 'Token: ' . $token . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099,
The result are permata-signature:
YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=

Sample request using PHP curl :

$jsonPayload='{"BalInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"701075323"}}}';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json',
'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ',
'permata-signature:YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=', 'organizationname: WD62876099',
'permata-timestamp: 2017-11-07T10:22:57.000');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $jsonPayload);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);

Sample generate hmac sha256 using JAVA :


//Define Message
String message = ' 15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"BalInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"701075323"}}}';
//Create Hash
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(permataStaticKey.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key)
//Create token
String hash = Base64.encodeBase64String(sha256_HMAC.doFinal(string2hash.getBytes("UTF-8")));
System.out.println(hash);

Sample request using JAVA :


String host = "host";
String payload = "{"BalInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-0721T14:32:01+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccounNumber":"701075323"}}}";

String OrganizationName = "WD62876099";
String authorization = "Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ" ;
String Content_Type = "application/json";
String PERMATA_Signature = "YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=";
String PERMATA_Timestamp = "2017-11-07T10:22:57";

HttpClient httpClient = HttpClientBuilder.create().build();
HttpPost request = new HttpPost(host);

request.setEntity(new StringEntity(payload));
request.setHeader("authorization",authorization);
request.setHeader("OrganizationName",OrganizationName);
request.setHeader("Content-Type",Content_Type);
request.setHeader("PERMATA-Signature",PERMATA_Signature);
request.setHeader("PERMATA-Timestamp",PERMATA_Timestamp);

HttpResponse response = httpClient.execute(request);
System.out.println(response.getStatusLine().getStatusCode());

Inquiry Overbooking

1.1 Detail

Name	Inquiry Overbooking
Description	Service to get source and destination Account Operations: inq
Transport Protocol	HTTP POST
Message Format	JSON
Interaction Type	Synchronous
Security Policy	API Key + JWE
Interface ID

1.2 Request

Message Format

Field	Type	Length	Mandatory	Description
AcctInqRq
MsgRqHdr
RequestTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00.000
CustRefID	xs:string	20	Y
InqInfo
AccountNumber	xs:string		Y	Account number

1.3 Response

Message Format

Field	Type	Length	Mandatory	Description
AcctInqRs
MsgRqHdr
ResponseTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00.000
CustRefID	xs:string	20	Y
StatusCode	xs:string	*	Y	Status code
StatusDesc	xs:string	*	N	Status description
InqInfo
AccountNumber	xs:string		Y
AccountName	xs:string		Y

Sample code

After get response from generate token oauth. use access_token to generate permata signature.

a. use access_token from response as header

'authorization: Bearer 15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy'

b. add header
```
'organizationname: WD62876099'
```

c. add header

'permata-timestamp : 2017-11-07T10:22:57.000+07:00'

d. add header permata-signature :
- construct permata-signature :
- construct payload permata signature concat at field using ":" separator access_token:permata-timestamp:bodymessage(message without space)

Post

https://api.pbdevtest.com/apiservice/InquiryServices/AccountInfo/inq

Sample Request


{ 
   "AcctInqRq":{ 
      "MsgRqHdr":{ 
         "RequestTimestamp":"2017-07-21T14:32:01.000+07:00",
         "CustRefID":"0878987654321"
      },
      "InqInfo":{ 
            "AccountNumber":"9999002800"
      }
   }
}

Sample Response


{
    "AcctInqRs": {
        "MsgRsHdr": {
            "ResponseTimestamp": "2017-11-24T05:06:26.698+07:00",
            "CustRefID": "0878987654321",
            "StatusCode": "00",
            "StatusDesc": "Success"
        },
        "InqInfo": {
            "AccountNumber": "701075323",
            "AccountName": "KR DUMMY ACCOUNT TB"
        }
    }
}

Example :

15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"AcctInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"9999002800"}}}

Sample generate hmac sha256 using PHP :

//Define Message
$message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"AcctInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"9999002800"}}}';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Token
$signature = base64_encode($hash);
echo 'Permata Signature: ' . $signature  . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099,
The result are permata-signature:
YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=

Sample request using PHP curl :

$jsonPayload='{"AcctInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"9999002800"}}}';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json',
'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ',
'permata-signature:YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=', 'organizationname: WD62876099',
'permata-timestamp: 2017-11-07T10:22:57.000+07:00');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $jsonPayload);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);

Sample generate hmac sha256 using JAVA :


//Define Message
String message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"AcctInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"9999002800"}}}';
//Create Hash
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(permataStaticKey.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key)
//Create token
String hash = Base64.encodeBase64String(sha256_HMAC.doFinal(string2hash.getBytes("UTF-8")));
System.out.println(hash);

Sample request using JAVA :


String host = "host";
String payload = "{"AcctInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-0721T14:32:01+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccounNumber":"701075323"}}}";

String OrganizationName = "WD62876099";
String authorization = "Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ" ;
String Content_Type = "application/json";
String PERMATA_Signature = "YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=";
String PERMATA_Timestamp = "2017-11-07T10:22:57";

HttpClient httpClient = HttpClientBuilder.create().build();
HttpPost request = new HttpPost(host);

request.setEntity(new StringEntity(payload));
request.setHeader("authorization",authorization);
request.setHeader("OrganizationName",OrganizationName);
request.setHeader("Content-Type",Content_Type);
request.setHeader("PERMATA-Signature",PERMATA_Signature);
request.setHeader("PERMATA-Timestamp",PERMATA_Timestamp);

HttpResponse response = httpClient.execute(request);
System.out.println(response.getStatusLine().getStatusCode());

Overbooking (Posting)

1.1 Detail

Name	Overbooking
Description	Service to Posting Overbook Operations: add
Transport Protocol	HTTP POST
Message Format	JSON
Interaction Type	Synchronous
Security Policy	API Key + JWE
Interface ID

1.2 Request

Message Format

Field	Type	Length	Mandatory	Description
XferAddRq
MsgRqHdr
RequestTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00.000
CustRefID	xs:string	20	Y
XferInfo
FromAccount	xs:string		Y	Remmiter Account number
ToAccount	xs:string		Y	Bennef Account number
Amount	xs:number		Y	Transaction Amount
CurrencyCode	xs:string		Y	Transaction Currency
ChargeTo	xs:string		Y	0 : Charge to Remmiter/Sender
TrxDesc	xs:string		N	Transaction Description
TrxDesc2	xs:string		N	Transaction Description
BenefEmail	xs:string		N	Benef Email Address
BenefAcctName	xs:string		Y	Benef Name
BenefPhoneNo	xs:string		Y	Benef Phone Number
FromAcctName	xs:string		Y	Remmiter Name
TkiFlag	xs:string		Y	TKI Flag (Y or N)

1.3 Response

Message Format

Field	Type	Length	Mandatory	Description
XferAddRs
MsgRsHdr
RequestTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00.000
CustRefID	xs:string	20	Y
StatusCode	xs:string	*	Y	Status code
StatusDesc	xs:string	*	N	Status description
TrxReffNo	xs:string	*	Y	Transaction Reff Number

Sample code

After get response from generate token oauth. use access_token to generate permata signature.

a. use access_token from response as header

'authorization: Bearer 15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy'

b. add header
```
'organizationname: WD62876099'
```

c. add header

'permata-timestamp : 2017-11-07T10:22:57.000'

d. add header permata-signature :
- construct permata-signature :
- construct payload permata signature concat at field using ":" separator access_token:permata-timestamp:bodymessage(message without space)
For success transaction we will send http code response 200 and response code 00.
For other status transaction response, that include in Response Code Table.
For http response 400 (exclude 401 (unauthorized) and 403 (signature not valid)) is suspect transaction. Wait for reconcile. Confirm to our team for that transaction.

Post

https://api.pbdevtest.com/apiservice/BankingServices/FundsTransfer/add

Sample Request


{
  "XferAddRq": {
    "MsgRqHdr": {
      "RequestTimestamp": "2017-07-21T14:32:01.000+07:00",
      "CustRefID": "0001234502"
    },
    "XferInfo": {
      "FromAccount":"701075331",
      "ToAccount":"701075323",
      "Amount":21001,
      "CurrencyCode":"IDR",
      "ChargeTo":"0",
      "TrxDesc":"Coba 1",
      "TrxDesc2":"Desc 2",
      "BenefEmail":"john@gmail.com",
      "BenefAcctName":"John",
      "BenefPhoneNo":"0821222333467",
      "FromAcctName":"Doe",
      "TkiFlag":""
    }
  }
}

Sample Response


{
    "XferAddRs": {
        "MsgRsHdr": {
            "ResponseTimestamp": "2017-12-04T19:45:07.765+07:00",
            "CustRefID": "0001234502",
            "StatusCode": "00",
            "StatusDesc": "Success"
        },
        "TrxReffNo": "0870171204984683"
    }
}

Example :

15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"XferAddRq": {"MsgRqHdr": {"RequestTimestamp": "2017-07-21T14:32:01.000+07:00","CustRefID": "0001234502"},"XferInfo": {"FromAccount":"701075331","ToAccount":"701075323","Amount":21001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","FromAcctName":"Doe","TkiFlag":""}}}

Sample generate hmac sha256 using PHP :

//Define Message
$message =  '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"XferAddRq": {"MsgRqHdr": {"RequestTimestamp": "2017-07-21T14:32:01.000+07:00","CustRefID": "0001234502"},"XferInfo": {"FromAccount":"701075331","ToAccount":"701075323","Amount":21001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","FromAcctName":"Doe","TkiFlag":""}}}';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Token
$signature = base64_encode($hash);
echo 'Permata Signature: ' . $signature . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099,
The result are permata-signature:
YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=

Sample request using PHP curl :

$jsonPayload='{"XferAddRq": {"MsgRqHdr": {"RequestTimestamp": "2017-07-21T14:32:01.000+07:00","CustRefID": "0001234502"},"XferInfo": {"FromAccount":"701075331","ToAccount":"701075323","Amount":21001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","FromAcctName":"Doe","TkiFlag":""}}}';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json',
'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ',
'permata-signature:YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=', 'organizationname: WD62876099',
'permata-timestamp: 2017-11-07T10:22:57.000');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $jsonPayload);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);

Sample generate hmac sha256 using JAVA :


//Define Message
String message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57:"{"XferAddRq": {"MsgRqHdr": {"RequestTimestamp": "2017-07-21T14:32:01+07:00","CustRefID": "0001234502"},"XferInfo": {"FromAccount":"701075331","ToAccount":"701075323","Amount":21001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","FromAcctName":"Doe","TkiFlag":""}}}';
//Create Hash
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(permataStaticKey.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key)
//Create token
String hash = Base64.encodeBase64String(sha256_HMAC.doFinal(string2hash.getBytes("UTF-8")));
System.out.println(hash);

Sample request using JAVA :


String host = "host";
String payload = "{"XferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-0721T14:32:01+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccounNumber":"701075323"}}}";

String OrganizationName = "WD62876099";
String authorization = "Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ" ;
String Content_Type = "application/json";
String PERMATA_Signature = "YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=";
String PERMATA_Timestamp = "2017-11-07T10:22:57.000";

HttpClient httpClient = HttpClientBuilder.create().build();
HttpPost request = new HttpPost(host);

request.setEntity(new StringEntity(payload));
request.setHeader("authorization",authorization);
request.setHeader("OrganizationName",OrganizationName);
request.setHeader("Content-Type",Content_Type);
request.setHeader("PERMATA-Signature",PERMATA_Signature);
request.setHeader("PERMATA-Timestamp",PERMATA_Timestamp);

HttpResponse response = httpClient.execute(request);
System.out.println(response.getStatusLine().getStatusCode());

Transfer Inquiry Online

1.1 Detail

Name	Inquiry Transfer Online
Description	Service to get source and destination Account Operations: inq (Inq Trf Online)
Transport Protocol	HTTP POST
Message Format	JSON
Interaction Type	Synchronous
Security Policy	API Key + JWE
Interface ID

1.2 Request

Message Format

Field	Type	Length	Mandatory	Description
OlXferInqRq
MsgRqHdr
RequestTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00.000
CustRefID	xs:string	20	Y
XferInfo
ToAccount	xs:string		Y	Benef Account number
BankId	xs:string		Y	Bank ID (List BankId on Attachment)
BankName	xs:string		N	Bank Name (fill with blank)

1.3 Response

Message Format

Field	Type	Length	Mandatory	Description
OlXferInqRs
MsgRsHdr
ResponseTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00.000
CustRefID	xs:string	20	Y
StatusCode	xs:string	*	Y	Status code
StatusDesc	xs:string	*	N	Status description
XferInfo
ToAccount	xs:string		Y	Benef Account Number
ToAccountFullName	xs:string		Y	Benef Name
BankId	xs:string	*	Y	Bank ID (List BankId below)
BankName	xs:string	*	N	Bank Name

Sample code

After get response from generate token oauth. use access_token to generate permata signature.

a. use access_token from response as header

'authorization: Bearer 15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy'

b. add header
```
'organizationname: WD62876099'
```

c. add header

'permata-timestamp : 2017-11-07T10:22:57.000+07:00'

d. add header permata-signature :
- construct permata-signature :
- construct payload permata signature concat at field using ":" separator access_token:permata-timestamp:bodymessage(message without space)

Post

https://api.pbdevtest.com/apiservice/InquiryServices/OnlineXferInfo/inq

Sample Request


{
  "OlXferInqRq" : {
    "MsgRqHdr" : {
      "RequestTimestamp" : "2017-07-21T14:32:01.000+07:00",
      "CustRefID" : "0878987654321"
    },
    "XferInfo" : {
      "ToAccount" : "456456",
      "BankId" : "80017",
      "BankName" : "BANK MANDIRI"
   }
  }
}

Sample Response


{ 
   "OlXferInqRs":{ 
      "MsgRsHdr":{ 
         "ResponseTimestamp":"2017-07-21T14:32:01.000+07:00",
         "CustRefID":"0878987654321",
         "StatusCode":"00",
         "StatusDesc":"Success"
      },
      "XferInfo":{ 
            "ToAccount":"456456",
            "ToAccountFullName":"ALEX HIDAYAT                  ",
            "BankId":"80017",
            "BankName":"BANK MANDIRI"
      }
   }
}

Example :

15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57.000+07:00: {"OlXferInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"XferInfo":{"ToAccount":"456456","BankId":"80017","BankName":"BANK MANDIRI"}}}

Sample generate hmac sha256 using PHP :

//Define Message
$message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57.000+07:00: {"OlXferInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"XferInfo":{"ToAccount":"456456","BankId":"80017","BankName":"BANK MANDIRI"}}}';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Token
$token = base64_encode($hash);
echo 'Permata Signature: ' .$signature . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099,
The result are permata-signature:
YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=

Sample request using PHP curl :

$jsonPayload='{"OlXferInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"XferInfo":{"ToAccount":"456456","BankId":"80017","BankName":"BANK MANDIRI"}}}';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json',
'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ',
'permata-signature:YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=', 'organizationname: WD62876099',
'permata-timestamp: 2017-11-07T10:22:57.000+07:00');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $jsonPayload);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);

Sample generate hmac sha256 using JAVA :


//Define Message
String message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57:" {"OlXferInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0878987654321"},"XferInfo":{"ToAccount":"456456","BankId":"142861","BankName":""}}}';
//Create Hash
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(permataStaticKey.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key)
//Create token
String hash = Base64.encodeBase64String(sha256_HMAC.doFinal(string2hash.getBytes("UTF-8")));
System.out.println(hash);

Sample request using JAVA :


String host = "host";
String payload = "{"OlXferInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0878987654321"},"XferInfo":{"ToAccount":"456456","BankId":"142861","BankName":""}}}";
String OrganizationName = "WD62876099";
String authorization = "Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ" ;
String Content_Type = "application/json";
String PERMATA_Signature = "YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=";
String PERMATA_Timestamp = "2017-11-07T10:22:57";

HttpClient httpClient = HttpClientBuilder.create().build();
HttpPost request = new HttpPost(host);
request.setEntity(new StringEntity(payload));
                
request.setHeader("authorization",authorization);
request.setHeader("OrganizationName",OrganizationName);
request.setHeader("Content-Type",Content_Type);
request.setHeader("PERMATA-Signature",PERMATA_Signature);
request.setHeader("PERMATA-Timestamp",PERMATA_Timestamp);
HttpResponse response = httpClient.execute(request);
System.out.println(response.getStatusLine().getStatusCode());

Transfer Online

1.1 Detail

Name	Transfer Online
Description	Service For Transfer Obline to Other Bank Operations: add
Transport Protocol	HTTP POST
Message Format	JSON
Interaction Type	Synchronous
Security Policy	API Key + JWT
Interface ID

1.2 Request

Message Format

Field	Type	Length	Mandatory	Description
OlXferAddRq
MsgRqHdr
RequestTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00
CustRefID	xs:string	20	Y	Customer Reff ID
XferInfo
FromAccount	xs:string		Y	Remitter Account number
ToAccount	xs:string		Y	Benef Account number
ToBankId	xs:string		Y	Benef Bank ID
ToBankName	xs:string		Y	Benef Bank Name
Amount	xs:number		Y	Transaction Amount
ChargeTo	xs:string		Y	0 : Charge to Remitter/Sender
TrxDesc	xs:string		N	Transaction Description
TrxDesc2	xs:string		N	Transaction Description
BenefEmail	xs:string		N	Benef Email Address
BenefAcctName	xs:string		Y	Benef Name
BenefPhoneNo	xs:string		Y	Benef Phone Number
FromAcctName	xs:string		Y	Remitter Name
DatiII	xs:string		N	Dati II If TKI Flag 'Y' → DatiII mandatory
TkiFlag	xs:string		Y	TKI Flag (fill with 'Y' or 'N')

1.3 Response

Message Format

Field	Type	Length	Mandatory	Description
XferAddRs
MsgRsHdr
ResponseTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00
CustRefID	xs:string	20	Y
StatusCode	xs:string	*	Y	Status code
StatusDesc	xs:string	*	N	Status description
TrxReffNo	xs:string			Transaction Reff Number

Sample code

After get response from generate token oauth. use access_token to generate permata signature.

a. use access_token from response as header

'authorization: Bearer 15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy'

b. add header
```
'organizationname: WD62876099'
```

c. add header

'permata-timestamp : 2017-11-07T10:22:57.000+07:00'

d. add header permata-signature :
- construct permata-signature :
- construct payload permata signature concat at field using ":" separator access_token:permata-timestamp:bodymessage(message without space)
For success transaction we will send http code response 200 and response code 00.
For other status transaction response, that include in Response Code Table.
For http response 400 (exclude 401 (unauthorized) and 403 (signature not valid)) is suspect transaction. Wait for reconcile. Confirm to our team for that transaction.

Post

https://api.pbdevtest.com/apiservice/BankingServices/InterBankTransfer/add

Sample Request


{ 
   "OlXferAddRq":{ 
      "MsgRqHdr":{ 
         "RequestTimestamp":"2017-07-21T14:32:01.000+07:00",
         "CustRefID":"0001234409"
      },
      "XferInfo":{ 
         "FromAccount":"701075331",
         "ToAccount":"701075323",
         "ToBankId":"86079",
         "ToBankName":"MANDIRI",
         "Amount":20001,
         "ChargeTo":"0",
         "TrxDesc":"Coba 1",
         "TrxDesc2":"Desc 2",
         "BenefEmail":"john@gmail.com",
         "BenefAcctName":"John",
         "BenefPhoneNo":"0821222333467",
         "FromAcctName":"Doe",
         "DatiII":"",
         "TkiFlag":""
      }
   }
}

Sample Response


{
    "OlXferAddRs": {
        "MsgRsHdr": {
            "ResponseTimestamp": "2017-12-04T20:08:18.531+07:00",
            "CustRefID": "0001234409",
            "StatusCode": "00",
            "StatusDesc": "Success"
        },
        "TrxReffNo": "0898171204984691"
    }
}

Example :

15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57.000+07:00: {"OlXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0001234409"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"86079","ToBankName":"MANDIRI","Amount":20001,"ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","FromAcctName":"Doe","DatiII":"","TkiFlag":""}}}

Sample generate hmac sha256 using PHP :

//Define Message
$message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"OlXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0001234409"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"86079","ToBankName":"MANDIRI","Amount":20001,"ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","FromAcctName":"Doe","DatiII":"","TkiFlag":""}}}';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Token
$signature = base64_encode($hash);
echo 'Permata Signature: ' . $signature . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099,
The result are permata-signature:
YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=

Sample request using PHP curl :

$jsonPayload='{"OlXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0001234409"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"86079","ToBankName":"MANDIRI","Amount":20001,"ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","FromAcctName":"Doe","DatiII":"","TkiFlag":""}}}';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json',
'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ',
'permata-signature:XiG848NZNNZaNvebAQRKFVjKmads/p/WmiPb6lCve9c=', 'organizationname: WD62876099',
'permata-timestamp: 2017-11-07T10:22:57.000+07:00');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $jsonPayload);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);

Sample generate hmac sha256 using JAVA :


//Define Message
String message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"OlXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0001234409"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"142861","ToBankName":"MANDIRI","Amount":20001,"ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","FromAcctName":"Doe","DatiII":"","TkiFlag":""}}}';
//Create Hash
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(permataStaticKey.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key)
//Create token
String hash = Base64.encodeBase64String(sha256_HMAC.doFinal(string2hash.getBytes("UTF-8")));
System.out.println(hash);

Sample request using JAVA :


String host = "host";
String payload = "{"OlXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0001234409"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"142861","ToBankName":"MANDIRI","Amount":20001,"ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","FromAcctName":"Doe","DatiII":"","TkiFlag":""}}}";

String OrganizationName = "WD62876099";
String authorization = "Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ" ;
String Content_Type = "application/json";
String PERMATA_Signature = "YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=";
String PERMATA_Timestamp = "2017-11-07T10:22:57";

HttpClient httpClient = HttpClientBuilder.create().build();
HttpPost request = new HttpPost(host);

request.setEntity(new StringEntity(payload));
request.setHeader("authorization",authorization);
request.setHeader("OrganizationName",OrganizationName);
request.setHeader("Content-Type",Content_Type);
request.setHeader("PERMATA-Signature",PERMATA_Signature);
request.setHeader("PERMATA-Timestamp",PERMATA_Timestamp);

HttpResponse response = httpClient.execute(request);
System.out.println(response.getStatusLine().getStatusCode());

LLG

1.1 Detail

Name	LLG
Description	Service For LLG Operations: add Cut Off Time Monday-Friday at 15:00 Jakarta time.
Transport Protocol	HTTP POST
Message Format	JSON
Interaction Type	Synchronous
Security Policy	API Key + JWT
Interface ID

1.2 Request

Message Format

Field	Type	Length	Mandatory	Description
LlgXferAddRq
MsgRqHdr
RequestTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00
CustRefID	xs:string	20	Y	Customer Reff ID
XferInfo
FromAccount	xs:string		Y	Remitter Account number
ToAccount	xs:string		Y	Benef Account number
ToBankId	xs:string		Y	Benef Bank ID
ToBankName	xs:string		Y	Benef Bank Name
Amount	xs:number		Y	Transaction Amount
CurrencyCode	xs:string		N	Transaction Currency
ChargeTo	xs:string		Y	0 : Charge to Remitter/Sender
TrxDesc	xs:string		N	Transaction Description
TrxDesc2	xs:string		N	Transaction Description
CitizenStatus	xs:string		Y	0: WNI 1: WNA
ResidentStatus	xs:string		Y	0 : Resident 1: Non Resident
BenefType	xs:string		Y	1: Individu 2. Corporate
BenefEmail	xs:string		N	Benef Email Address
BenefAcctName	xs:string		Y	Benef Name
BenefPhoneNo	xs:string		N	Benef Phone Number
BenefBankAddress	xs:string		N
BenefBankBranchName	xs:string		N
BenefBankCity	xs:string		N
FromAcctName	xs:string		Y	Remitter Name
FromCurrencyCode	xs:string		N
Filler1	xs:string		N
Filler2	xs:string		N
Filler3	xs:string		N
BenefAddress1	xs:string		N
BenefAddress2	xs:string		N
BenefAddress3	xs:string		N
DatiII	xs:string		N	Dati II If TKI Flag “Y” → DatiII mandatory
TkiFlag	xs:string		N	TKI Flag (fill with 'Y' or 'N')

1.3 Response

Message Format

Field	Type	Length	Mandatory	Description
LlgXferAddRs
MsgRsHdr
ResponseTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00
CustRefID	xs:string	20	Y
StatusCode	xs:string	*	Y	Status code
StatusDesc	xs:string	*	N	Status description
TrxReffNo	xs:string			Transaction Reff Number

Sample code

After get response from generate token oauth. use access_token to generate permata signature.

a. use access_token from response as header

'authorization: Bearer 15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy'

b. add header
```
'organizationname: WD62876099'
```

c. add header

'permata-timestamp : : 2017-11-07T10:22:57.000+07:00'

d. add header permata-signature :
- construct permata-signature :
- construct payload permata signature concat at field using ":" separator access_token:permata-timestamp:bodymessage(message without space)
For success transaction we will send http code response 200 and response code 00.
For other status transaction response, that include in Response Code Table.
For http response 400 (exclude 401 (unauthorized) and 403 (signature not valid)) is suspect transaction. Wait for reconcile. Confirm to our team for that transaction.

Post

https://api.pbdevtest.com/apiservice/BankingServices/LlgTransfer/add

Sample Request


{
  "LlgXferAddRq": {
    "MsgRqHdr": {
      "RequestTimestamp": "2017-07-21T14:32:01.000+07:00",
      "CustRefID": "0001234407"
    },
    "XferInfo": {
         "FromAccount":"701075331",
         "ToAccount":"701075323",
         "ToBankId":"86079",
         "ToBankName":"MANDIRI",
         "Amount":22001,
         "CurrencyCode":"IDR",
         "ChargeTo":"0",
         "TrxDesc":"Coba 1",
         "TrxDesc2":"Desc2",
         "CitizenStatus":"0",
         "ResidentStatus":"0",
         "BenefType":"1",
         "BenefEmail":"john@gmail.com",
         "BenefAcctName":"John",
         "BenefPhoneNo":"0821222333467",
         "BenefBankAddress":"JALAN JEND SUDIRMAN",
         "BenefBankBranchName":"SUDIRMAN",
         "BenefBankCity":"JAKARTA",
         "FromAcctName":"Doe",
         "FromCurrencyCode":"IDR",
         "Filler1":"",
         "Filler2":"",
         "Filler3":"",
         "BenefAddress1":"jl Berkah no.14",
         "BenefAddress2":"Perum Satu",
         "BenefAddress3":"Pulo Gadung",
         "DatiII":"",
         "TkiFlag":""
    }
  }
}

Sample Response


{
    "LlgXferAddRs": {
        "MsgRsHdr": {
            "ResponseTimestamp": "2017-12-04T20:04:07.105+07:00",
            "CustRefID": "0001234407",
            "StatusCode": "00",
            "StatusDesc": "Success"
        },
        "TrxReffNo": "0870171204984685"
    }
}

Example :

15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"LlgXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0001234407"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"86079","ToBankName":"MANDIRI","Amount":22001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","CitizenStatus":"0","ResidentStatus":"0","BenefType":"1","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","BenefBankAddress":"JALANJENDSUDIRMAN","BenefBankBranchName":"SUDIRMAN","BenefBankCity":"JAKARTA","FromAcctName":"Doe","FromCurrencyCode":"IDR","Filler1":"","Filler2":"","Filler3":"","BenefAddress1":"jlBerkahno.14","BenefAddress2":"PerumSatu","BenefAddress3":"PuloGadung","DatiII":"","TkiFlag":""}}}

Sample generate hmac sha256 using PHP :

//Define Message
$message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"LlgXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0001234407"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"86079","ToBankName":"MANDIRI","Amount":22001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","CitizenStatus":"0","ResidentStatus":"0","BenefType":"1","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","BenefBankAddress":"JALANJENDSUDIRMAN","BenefBankBranchName":"SUDIRMAN","BenefBankCity":"JAKARTA","FromAcctName":"Doe","FromCurrencyCode":"IDR","Filler1":"","Filler2":"","Filler3":"","BenefAddress1":"jlBerkahno.14","BenefAddress2":"PerumSatu","BenefAddress3":"PuloGadung","DatiII":"","TkiFlag":""}}}';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Token
$signature  = base64_encode($hash);
echo 'Permata Signature: ' . $signature  . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099,
The result are permata-signature:
YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=

Sample request using PHP curl :

$jsonPayload='{"LlgXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0001234407"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"86079","ToBankName":"MANDIRI","Amount":22001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","CitizenStatus":"0","ResidentStatus":"0","BenefType":"1","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","BenefBankAddress":"JALANJENDSUDIRMAN","BenefBankBranchName":"SUDIRMAN","BenefBankCity":"JAKARTA","FromAcctName":"Doe","FromCurrencyCode":"IDR","Filler1":"","Filler2":"","Filler3":"","BenefAddress1":"jlBerkahno.14","BenefAddress2":"PerumSatu","BenefAddress3":"PuloGadung","DatiII":"","TkiFlag":""}}}';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json',
'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ',
'permata-signature:YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=', 'organizationname: WD62876099',
'permata-timestamp: 2017-11-07T10:22:57');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $jsonPayload);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);

Sample generate hmac sha256 using JAVA :


//Define Message
String message = "15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"LlgXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0001234407"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"142861","ToBankName":"MANDIRI","Amount":22001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","CitizenStatus":"0","ResidentStatus":"0","BenefType":"1","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","BenefBankAddress":"JALANJENDSUDIRMAN","BenefBankBranchName":"SUDIRMAN","BenefBankCity":"JAKARTA","FromAcctName":"Doe","FromCurrencyCode":"IDR","Filler1":"","Filler2":"","Filler3":"","BenefAddress1":"jlBerkahno.14","BenefAddress2":"PerumSatu","BenefAddress3":"PuloGadung","DatiII":"","TkiFlag":""}}}";
//Create Hash
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(permataStaticKey.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key)
//Create token
String hash = Base64.encodeBase64String(sha256_HMAC.doFinal(string2hash.getBytes("UTF-8")));
System.out.println(hash);

Sample request using JAVA :


String host = "host";
String payload = "{"LlgXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0001234407"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"142861","ToBankName":"MANDIRI","Amount":22001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","CitizenStatus":"0","ResidentStatus":"0","BenefType":"1","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","BenefBankAddress":"JALANJENDSUDIRMAN","BenefBankBranchName":"SUDIRMAN","BenefBankCity":"JAKARTA","FromAcctName":"Doe","FromCurrencyCode":"IDR","Filler1":"","Filler2":"","Filler3":"","BenefAddress1":"jlBerkahno.14","BenefAddress2":"PerumSatu","BenefAddress3":"PuloGadung","DatiII":"","TkiFlag":""}}}";
String OrganizationName = "WD62876099";
String authorization = "Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ" ;
String Content_Type = "application/json";
String PERMATA_Signature = "YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=";
String PERMATA_Timestamp = "2017-11-07T10:22:57";

HttpClient httpClient = HttpClientBuilder.create().build();
HttpPost request = new HttpPost(host);
request.setEntity(new StringEntity(payload));
                
request.setHeader("authorization",authorization);
request.setHeader("OrganizationName",OrganizationName);
request.setHeader("Content-Type",Content_Type);
request.setHeader("PERMATA-Signature",PERMATA_Signature);
request.setHeader("PERMATA-Timestamp",PERMATA_Timestamp);
HttpResponse response = httpClient.execute(request);
System.out.println(response.getStatusLine().getStatusCode());

RTGS (POSTING)

7.1 Detail

Name	RTGS
Description	Service For RTGS Operation: add Cut Off Time Monday-Friday at 15:00 Jakarta time.
Transport Protocol	HTTP POST
Message Format	JSON
Interaction Type	Synchronous
Security Policy	API Key + JWT
Interface ID

7.2 Request

Format Message

Field	Type	Length	Mandatory	Description
RtgsXferAddRq
MsgRqHdr
RequestTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00
CustRefID	xs:string	20	Y	Customer Reff ID
XferInfo
FromAccount	xs:string		Y	Remitter Account Number
ToAccount	xs:string		Y	Benef Account Number
ToBankId	xs:string		Y	Benef Bank ID
ToBankName	xs:string		Y	Benef Bank Name
Amount	xs:string		Y	Transaction Amount
CurrencyCode	xs:string		N	Transaction Currency
ChargeTo	xs:string		Y	0 : Charge to Remitter/Sender
TrxDesc	xs:string		N	Transaction Description
TrxDesc2	xs:string		N	Transaction Description
CitizenStatus	xs:string		Y	0: WNI 1: WNA
ResidentStatus	xs:string		Y	0 : Resident 1: Non Resident
BenefType	xs:string		Y	1: Individu 2. Corporate
BenefEmail	xs:string		N	Benef Email Adress
BenefAcctName	xs:string		Y	Benef Name
BenefPhoneNo	xs:string		N	Benef Phone Number
BenefBankAddress	xs:string		N
BenefBankBranchName	xs:string		N
BenefBankCity	xs:string		N
FromAcctName	xs:string		Y	Remitter Name
FromCurrencyCode	xs:string		N
Filler1	xs:string		N
Filler2	xs:string		N
Filler3	xs:string		N
BenefAddress1	xs:string
BenefAddress2	xs:string
BenefAddress3	xs:string
DatiII	xs:string		N	Dati II If TKI Flag 'Y' → DatiII mandatory
TkiFlag	xs:string		N	TKI Flag (fill with 'Y' or 'N')

7.3 Reponse

Format Message

Field	Type	Length	Mandatory	Description
RtgsXferAddRs
MsgRsHdr
ResponseTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 14T16:25:09.000+07:00
CustRefID	xs:string	20	Y
StatusCode	xs:string	*	Y	Status Code
StatusDesc	xs:string	*	N	Status Description
TrxReffNo	xs:string			Transaction Reff Number

Sample code

After get response from generate token oauth. use access_token to generate permata signature.

a. use access_token from response as header

'authorization: Bearer 15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy'

b. add header
```
'organizationname: WD62876099'
```

c. add header

'permata-timestamp : 2017-11-07T10:22:57.000+07:00'

d. add header permata-signature :
- construct permata-signature :
- construct payload permata signature concat at field using ":" separator
```
access_token:permata-timestamp:bodymessage(message without space)
```
For success transaction we will send http code response 200 and response code 00.
For other status transaction response, that include in Response Code Table.
For http response 400 (exclude 401 (unauthorized) and 403 (signature not valid)) is suspect transaction. Wait for reconcile. Confirm to our team for that transaction.

Post

https://api.pbdevtest.com/apiservice/BankingServices/RtgsTransfer/add

Sample Request


{ 
   "RtgsXferAddRq":{ 
      "MsgRqHdr":{ 
         "RequestTimestamp":"2017-07-21T14:32:01.000+07:00",
         "CustRefID":"0878987654321"
      },
      "XferInfo":{ 
         "FromAccount":"701075331",
         "ToAccount":"701075323",
         "ToBankId":"008",
         "ToBankName":"MANDIRI",
         "Amount":22001,
         "CurrencyCode":"IDR",
         "ChargeTo":"0",
         "TrxDesc":"Coba 1",
         "TrxDesc2":"Desc2",
         "CitizenStatus":"0",
         "ResidentStatus":"0",
         "BenefEmail":"john@gmail.com",
         "BenefAcctName":"John",
         "BenefPhoneNo":"0821222333467",
         "BenefBankAddress":"JALAN JEND SUDIRMAN",
         "BenefBankBranchName":"SUDIRMAN",
         "BenefBankCity":"JAKARTA",
         "FromAcctName":"Doe",
         "FromCurrencyCode":"IDR",
         "Filler1":"",
         "Filler2":"",
         "Filler3":"",
         "BenefAddress1":"jl Berkah no.14",
         "BenefAddress2":"Perum Satu",
         "BenefAddress3":"Pulo Gadung",
         "DatiII":"1211",
         "TkiFlag":"0"
      }
   }
}

Sample Response


{ 
   "RtgsXferAddRs":{ 
      "MsgRsHdr":{ 
         "ResponseTimestamp":"2017-07-21T14:32:01.000+07:00",
         "CustRefID":"0878987654321",
         "StatusCode":"00",
         "StatusDesc":"Success"
      },
      "TrxReffNo":"0121323333"
   }
}

Example :

Mobile Voucher :

15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"RtgsXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"008","ToBankName":"MANDIRI","Amount":22001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","CitizenStatus":"0","ResidentStatus":"0","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","BenefBankAddress":"JALANJENDSUDIRMAN","BenefBankBranchName":"SUDIRMAN","BenefBankCity":"JAKARTA","FromAcctName":"Doe","FromCurrencyCode":"IDR","Filler1":"","Filler2":"","Filler3":"","BenefAddress1":"jlBerkahno.14","BenefAddress2":"PerumSatu","BenefAddress3":"PuloGadung","DatiII":"1211","TkiFlag":"0"}}}

And generate hmac sha256 for payload.

Sample generate hmac using PHP :

//Define Message
$message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"RtgsXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"008","ToBankName":"MANDIRI","Amount":22001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","CitizenStatus":"0","ResidentStatus":"0","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","BenefBankAddress":"JALANJENDSUDIRMAN","BenefBankBranchName":"SUDIRMAN","BenefBankCity":"JAKARTA","FromAcctName":"Doe","FromCurrencyCode":"IDR","Filler1":"","Filler2":"","Filler3":"","BenefAddress1":"jlBerkahno.14","BenefAddress2":"PerumSatu","BenefAddress3":"PuloGadung","DatiII":"1211","TkiFlag":"0"}}}';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Token
$signature = base64_encode($hash);
echo 'Permata Signature: ' . $signature . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099,
The result are permata-signature:
TU2/FlufAeVnf7qarpFZE3fZUGpRBI8rt08mQt3HAxk=

Sample request using PHP curl :

$jsonPayload='{"RtgsXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"008","ToBankName":"MANDIRI","Amount":22001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","CitizenStatus":"0","ResidentStatus":"0","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","BenefBankAddress":"JALANJENDSUDIRMAN","BenefBankBranchName":"SUDIRMAN","BenefBankCity":"JAKARTA","FromAcctName":"Doe","FromCurrencyCode":"IDR","Filler1":"","Filler2":"","Filler3":"","BenefAddress1":"jlBerkahno.14","BenefAddress2":"PerumSatu","BenefAddress3":"PuloGadung","DatiII":"1211","TkiFlag":"0"}}}';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json',
'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ',
'permata-signature:TU2/FlufAeVnf7qarpFZE3fZUGpRBI8rt08mQt3HAxk=', 'organizationname: WD62876099',
'permata-timestamp: 2017-11-07T10:22:57.000+07:00');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $jsonPayload);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);

Sample generate hmac sha256 using JAVA :


//Define Message
String message = "15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"RtgsXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"008","ToBankName":"MANDIRI","Amount":22001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","CitizenStatus":"0","ResidentStatus":"0","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","BenefBankAddress":"JALANJENDSUDIRMAN","BenefBankBranchName":"SUDIRMAN","BenefBankCity":"JAKARTA","FromAcctName":"Doe","FromCurrencyCode":"IDR","Filler1":"","Filler2":"","Filler3":"","BenefAddress1":"jlBerkahno.14","BenefAddress2":"PerumSatu","BenefAddress3":"PuloGadung","DatiII":"1211","TkiFlag":"0"}}}";
//Create Hash
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(permataStaticKey.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key)
//Create token
String hash = Base64.encodeBase64String(sha256_HMAC.doFinal(string2hash.getBytes("UTF-8")));
System.out.println(hash);

Sample request using JAVA :


String host = "host";
String payload = "{"RtgsXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"008","ToBankName":"MANDIRI","Amount":22001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","CitizenStatus":"0","ResidentStatus":"0","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","BenefBankAddress":"JALANJENDSUDIRMAN","BenefBankBranchName":"SUDIRMAN","BenefBankCity":"JAKARTA","FromAcctName":"Doe","FromCurrencyCode":"IDR","Filler1":"","Filler2":"","Filler3":"","BenefAddress1":"jlBerkahno.14","BenefAddress2":"PerumSatu","BenefAddress3":"PuloGadung","DatiII":"1211","TkiFlag":"0"}}}";
String OrganizationName = "WD62876099";
String authorization = "Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ" ;
String Content_Type = "application/json";
String PERMATA_Signature = "YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=";
String PERMATA_Timestamp = "2017-11-07T10:22:57";

HttpClient httpClient = HttpClientBuilder.create().build();
HttpPost request = new HttpPost(host);
request.setEntity(new StringEntity(payload));
                
request.setHeader("authorization",authorization);
request.setHeader("OrganizationName",OrganizationName);
request.setHeader("Content-Type",Content_Type);
request.setHeader("PERMATA-Signature",PERMATA_Signature);
request.setHeader("PERMATA-Timestamp",PERMATA_Timestamp);
HttpResponse response = httpClient.execute(request);
System.out.println(response.getStatusLine().getStatusCode());

Bill Inquiry

8.1 Detail

Name	Bill Inquiry for Mobile Voucher & Virtual Account
Description	Service to get : - denom & price information for Mobile Voucher - biller information for Virtual Account
Transport Protocol	HTTP POST
Message Format	JSON
Interaction Type	Synchronous
Security Policy	API Key + JWE
Interface ID

8.2 Request

Format Message

Field	Type	Length	Mandatory	Description
BillInquiryRq
MsgRqHdr
RequestTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00
CustRefID	xs:string	20	Y
BillInquiryInfo
BillType	xs:string		Y	Billing Type : "MOBILEVOUCHER" "VIRTUALACCOUNT" "CREDITCARD"
InstCode	xs:string		Y	Institution Code or Biller ID (List BillerID on Attachment)
BillerNumber	xs:string		N	Biller Number

8.3 Reponse

Format Message

Field	Type	Length	Mandatory	Description
BillInquiryRs
MsgRsHdr
ResponseTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00
CustRefID	xs:string	20	Y
StatusCode	xs:string	*	Y	Status Code
StatusDesc	xs:string	*	N	Status Description
BillInquiryInfo
BillType	xs:string		Y	Billing Type : "MOBILEVOUCHER" "VIRTUALACCOUNT" "CREDITCARD"
VoucherList	xs:string		Y	Mandatory for "MOBILEVOUCHER" Contains list of denom & price
BillName	xs:string		Y	Mandatory for "VIRTUALACCOUNT" & "CREDITCARD"
NumberOfRecord	xs:string	*	Y	Mandatory for "VIRTUALACCOUNT"
Repeatable				Mandatory for "VIRTUALACCOUNT"
BillRef	xs:string	*	N	Mandatory for "VIRTUALACCOUNT"
BillAmount	xs:string			Mandatory for "VIRTUALACCOUNT"
BillCurrency	xs:string			Mandatory for "VIRTUALACCOUNT"
BillAmountSign	xs:string			Mandatory for "VIRTUALACCOUNT"
DueDate	xs:string		N	Mandatory for "CREDITCARD"(Permata Only) Format : "YYYY-MM-DD"
DateOfBirth	xs:string		N	Mandatory for "CREDITCARD"(Permata Only) Format : "YYYY-MM-DD"
MinimumAmount	xs:string		N	Mandatory for "CREDITCARD"(Permata Only)
TotalAmount	xs:string		N	Mandatory for "CREDITCARD"(Permata Only)
AvailableCreditBalance	xs:string		N	Mandatory for "CREDITCARD"(Permata Only)
AvailableCashBalance	xs:string		N	Mandatory for "CREDITCARD"(Permata Only)

Sample code

After get response from generate token oauth. use access_token to generate permata signature.

a. use access_token from response as header

'authorization: Bearer 15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy'

b. add header
```
'organizationname: WD62876099'
```

c. add header

'permata-timestamp : 2017-11-07T10:22:57.000+07:00'

d. add header permata-signature :
- construct permata-signature :
- construct payload permata signature concat at field using ":" separator
```
access_token:permata-timestamp:bodymessage(message without space)
```

Post

https://api.pbdevtest.com/apiservice/InquiryServices/BillInfo

Sample Request

Mobile Voucher


{ 
   "BillInquiryRq":{ 
      "MsgRqHdr":{ 
         "RequestTimestamp":"2017-07-21T14:32:01.000+07:00",
         "CustRefID":"000000123451"
      },
      "BillInquiryInfo":{ 
         "BillType":"MOBILEVOUCHER",
         "InstCode":"032",
         "BillNumber":"0812112233456"
      }
   }
}

Virtual Account


{ 
   "BillInquiryRq":{ 
      "MsgRqHdr":{ 
         "RequestTimestamp":"2017-07-21T14:32:01.000+07:00",
         "CustRefID":"000000123451"
      },
     "BillInquiryInfo":{ 
        "BillType":"VIRTUALACCOUNT",
         "InstCode":"961",
         "BillNumber":"8961001060001361"
      }
   }
}

Creadit Card


{ 
   "BillInquiryRq":{ 
      "MsgRqHdr":{ 
         "RequestTimestamp":"2017-07-21T14:32:01.000+07:00",
         "CustRefID":"000000123451"
      },
      "BillInquiryInfo":{ 
         "BillType":"CREDITCARD",
         "InstCode":"005",
         "BillNumber":"750000000123123"
      }
   }
}

Sample Response

Mobile Voucher


{ 
    "BillInquiryRs": {
        "MsgRsHdr": {
            "ResponseTimestamp": "2017-07-21T14:32:01.000+07:00",
            "CustRefID": "000000123451",
            "StatusCode": "00",
            "StatusDesc": "SUCCESS"
        },
        "BillInquiryInfo": {
            "BillType": "MOBILEVOUCHER",
            "VoucherList": " VOUCHER TELKOMSEL (SIMPATI) V20 =20000 V25 =25000 V50=50000 V150=150000 V200=200000 V300=300000 V500=500000 
            VOUCHER TELKOMSEL (SIMPATI) ",
            "Voucher1Denom": "20",
            "Voucher1Price": "20000",
            "Voucher2Denom": "25",
            "Voucher2Price": "25000",
            "Voucher3Denom": "50",
            "Voucher3Price": "50000",
            "Voucher4Denom": "100",
            "Voucher4Price": "100000",
            "Voucher5Denom": "150",
            "Voucher5Price": "150000",
            "Voucher6Denom": "200",
            "Voucher6Price": "200000",
            "Voucher7Denom": "300",
            "Voucher7Price": "300000",
            "Voucher8Denom": "500",
            "Voucher8Price": "500000",
            "Voucher9Denom": "",
            "Voucher9Price": "",
            "Voucher10Denom": "",
            "Voucher10Price": ""
          }
        }
      }

Virtual Account


{ 
    "BillInquiryRs":{ 
        "MsgRsHdr":{ 
            "ResponseTimestamp": "2017-07-21T14:32:01.000+07:00",
            "CustRefID": "000000123451",
            "StatusCode": "00",
            "StatusDesc": " SUCCESS "
        },
        "BillInquiryInfo": {
            "BillType": "VIRTUALACCOUNT",
            "BillName": "IMAM NASRUDIN SANTOS",
            "NumberOfRecord": "2",
            "BillReff1": "TOTAL",
            "BillAmount1": "000062397100",
            "BillCurrency1": "360",
            "BillAmountSign1": "C",
            "BillReff2": "PAYMENT REG",
            "BillAmount2": "000062397100",
            "BillCurrency2": "360",
            "BillAmountSign2": "C"
        }
    }
}

Credit Card Permata


{
   "BillInquiryRs": {
      "MsgRsHdr": {
         "ResponseTimestamp": "2017-07-21T14:32:01.000+07:00",
         "CustRefID": "000000123451",
         "StatusCode": "00",
         "StatusDesc": " SUCCESS "
      },
      "BillInquiryInfo": {
         "BillType": "CREDITCARD",
         "BillName": "IMAM NASRUDIN SANTOS",
         "DueDate": "2018-04-09",
         "DateOfBirth": "1988-01-09",
         "MinimumAmount": "100000",
         "TotalAmount": "1100000",
         "AvailableCreditBalance": "15000000",
         "AvailableCashBalance": "14000000"
      }
   }
}

Credit Card Non Permata


{
   "BillInquiryRs": {
      "MsgRsHdr": {
         "ResponseTimestamp": "2017-07-21T14:32:01.000+07:00",
         "CustRefID": "000000123451",
         "StatusCode": "00",
         "StatusDesc": " SUCCESS "
      },
      "BillInquiryInfo": {
         "BillType": "CREDITCARD",
         "BillName": "IMAM NASRUDIN SANTOS"
      }
   }
}

Example :

Mobile Voucher :

15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"BillInquiryRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"000000123451"},"BillInquiryInfo":{"BillType":"MOBILEVOUCHER","InstCode":"032","BillNumber":"0812112233456"}}}

And generate hmac sha256 for payload.

Sample generate hmac using PHP :

//Define Message
$message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"BillInquiryRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"000000123451"},"BillInquiryInfo":{"BillType":"MOBILEVOUCHER","InstCode":"032","BillNumber":"0812112233456"}}}';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Token
$signature = base64_encode($hash);
echo 'Permata Signature: ' . $signature . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099,
The result are permata-signature:
4pBpdPTuEV9GYojSYjLctt+j5GqnEHDokmwn0Y3LOUg=

Sample request using PHP curl :

$jsonPayload='{"BillInquiryRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"000000123451"},"BillInquiryInfo":{"BillType":"MOBILEVOUCHER","InstCode":"032","BillNumber":"0812112233456"}}}';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json',
'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ',
'permata-signature:4pBpdPTuEV9GYojSYjLctt+j5GqnEHDokmwn0Y3LOUg=', 'organizationname: WD62876099',
'permata-timestamp: 2017-11-07T10:22:57.000+07:00');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $jsonPayload);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);

Example :

Virtual Account :

15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"BillInquiryRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"000000123451"},"BillInquiryInfo":{"BillType":"VIRTUALACCOUNT","InstCode":"961","BillNumber":"8961001060001361"}}}

And generate hmac sha256 for payload.

Sample generate hmac using PHP :

//Define Message
$message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"BillInquiryRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"000000123451"},"BillInquiryInfo":{"BillType":"VIRTUALACCOUNT","InstCode":"961","BillNumber":"8961001060001361"}}}';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Token
$signature = base64_encode($hash);
echo 'Permata Signature: ' . $signature . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099,
The result are permata-signature:
4pBpdPTuEV9GYojSYjLctt+j5GqnEHDokmwn0Y3LOUg=

Sample request using PHP curl :

$jsonPayload='{"BillInquiryRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"000000123451"},"BillInquiryInfo":{"BillType":"VIRTUALACCOUNT","InstCode":"961","BillNumber":"8961001060001361"}}}';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json',
'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ',
'permata-signature:4pBpdPTuEV9GYojSYjLctt+j5GqnEHDokmwn0Y3LOUg=', 'organizationname: WD62876099',
'permata-timestamp: 2017-11-07T10:22:57.000+07:00');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $jsonPayload);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);

Sample generate hmac sha256 using JAVA :


//Define Message
String message = "15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"RtgsXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0878987654321"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"008","ToBankName":"MANDIRI","Amount":22001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","CitizenStatus":"0","ResidentStatus":"0","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","BenefBankAddress":"JALANJENDSUDIRMAN","BenefBankBranchName":"SUDIRMAN","BenefBankCity":"JAKARTA","FromAcctName":"Doe","FromCurrencyCode":"IDR","Filler1":"","Filler2":"","Filler3":"","BenefAddress1":"jlBerkahno.14","BenefAddress2":"PerumSatu","BenefAddress3":"PuloGadung","DatiII":"1211","TkiFlag":"0"}}}";
//Create Hash
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(permataStaticKey.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key)
//Create token
String hash = Base64.encodeBase64String(sha256_HMAC.doFinal(string2hash.getBytes("UTF-8")));
System.out.println(hash);

Sample request using JAVA :


String host = "host";
String payload = "{"BillInquiryRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"000000123451"},"BillInquiryInfo":{"BillType":"VIRTUALACCOUNT","InstCode":"961","BillNumber":"8961001060001361"}}}";
String OrganizationName = "WD62876099";
String authorization = "Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ" ;
String Content_Type = "application/json";
String PERMATA_Signature = "YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=";
String PERMATA_Timestamp = "2017-11-07T10:22:57";

HttpClient httpClient = HttpClientBuilder.create().build();
HttpPost request = new HttpPost(host);
request.setEntity(new StringEntity(payload));
                
request.setHeader("authorization",authorization);
request.setHeader("OrganizationName",OrganizationName);
request.setHeader("Content-Type",Content_Type);
request.setHeader("PERMATA-Signature",PERMATA_Signature);
request.setHeader("PERMATA-Timestamp",PERMATA_Timestamp);
HttpResponse response = httpClient.execute(request);
System.out.println(response.getStatusLine().getStatusCode());

Bill Payment

9.1 Detail

Name	Bill Payment for Mobile Voucher & Virtual Account
Description	Service Payment Mobile Voucher & Virtual Account
Transport Protocol	HTTP POST
Message Format	JSON
Interaction Type	Synchronous
Security Policy	API Key + JWE
Interface ID

9.2 Request

Format Message

Field	Type	Length	Mandatory	Description
BillPaymentRq
MsgRqHdr
RequestTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00
CustRefID	xs:string	20	Y
BillPaymentInfo
BillType	xs:string		Y	Billing Type : "MOBILEVOUCHER" "VIRTUALACCOUNT" "CREDIT CARD"
InstCode	xs:string		Y	Institution Code or Biller ID (List BillerID on Attachment)
BillNumber	xs:string		Y	Biller Number
TrxAmount	xs:string		Y	Transaction Amount
Currency	xs:string			Transaction Currency
UserId	xs:string		Y	Group ID
DebAccNumber	xs:string		Y	Remitter Account Number
DebAccName	xs:string			Remitter Name
DebAccCur	xs:string			Remitter Account Currency
BillName	xs:string		N	Mandatory for "CREDITCARD"(Permata Only, from resp Inq) Format : "YYYY-MM-DD"
DueDate	xs:string		N	Mandatory for "CREDITCARD"(Permata Only, from resp Inq) Format : "YYYY-MM-DD"
DateOfBirth	xs:string		N	Mandatory for "CREDITCARD"(Permata Only, from resp Inq) Format : "YYYY-MM-DD"
MinimumAmount	xs:string		N	Mandatory for "CREDITCARD"(Permata Only, from resp Inq)
TotalAmount	xs:string		N	Mandatory for "CREDITCARD"(Permata Only, from resp Inq)
AvailableCreditBalance	xs:string		N	Mandatory for "CREDITCARD"(Permata Only, from resp Inq)
AvailableCashBalance	xs:string		N	Mandatory for "CREDITCARD"(Permata Only, from resp Inq)

9.3 Reponse

Format Message

Field	Type	Length	Mandatory	Description
BillPaymentRs
MsgRsHdr
ResponseTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00
CustRefID	xs:string	20	Y
StatusCode	xs:string	*	Y	Status Code
StatusDesc	xs:string	*	N	Status Description
BillRefNo
BillType	xs:string		Y	Billing Type : "MOBILEVOUCHER" "VIRTUALACCOUNT"
VoucherList	xs:string		Y	Mandatory for MOBILEVOUCHER Contains list of denom & price
BillName	xs:string		Y
NumberOfRecord	xs:string	*	Y	Number of
Repeatable
BillReff	xs:string	*	N
BillAmount	xs:string			Billing Amount
BillCurrency	xs:string			Billing Currency
BillAmountSign	xs:string			Billing Amount Sign

Sample code

After get response from generate token oauth. use access_token to generate permata signature.

a. use access_token from response as header

'authorization: Bearer 15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy'

b. add header
```
'organizationname: WD62876099'
```

c. add header

'permata-timestamp : 2017-11-07T10:22:57.000+07:00'

d. add header permata-signature :
- construct permata-signature :
- construct payload permata signature concat at field using ":" separator
```
access_token:permata-timestamp:bodymessage(message without space)
```
For success transaction we will send http code response 200 and response code 00.
For other status transaction response, that include in Response Code Table.
For http response 400 (exclude 401 (unauthorized) and 403 (signature not valid)) is suspect transaction. Wait for reconcile. Confirm to our team for that transaction.

Post

https://api.pbdevtest.com/apiservice/BankingServices/Payment/directpay

Sample Request

Mobile Voucher


{ 
   "BillPaymentRq":{ 
      "MsgRqHdr":{ 
         "RequestTimestamp":"2017-07-21T14:32:01.000+07:00",
         "CustRefID":"000000123451"
      },
      "BillPaymentInfo":{ 
         "BillType":"MOBILEVOUCHER",
         "InstCode":"032",
         "BillNumber":"0812112233456",
         "TrxAmount":"50000",
         "Currency":"360",
         "UserId":"WD2698001",
         "DebAccNumber":"701075323",
         "DebAccName":"Dummy Account TB",
         "DebAccCur":"360"
      }
   }
}

Virtual Account


{ 
   "BillPaymentRq":{ 
      "MsgRqHdr":{ 
         "RequestTimestamp":"2017-07-21T14:32:01.000+07:00",
         "CustRefID":"000000123451"
      },
      "BillPaymentInfo":{ 
         "BillType":"VIRTUALACCOUNT",
         "InstCode":"961",
         "BillNumber":"8961001060001361",
         "TrxAmount":"62397100",
         "Currency":"360",
         "UserId":"WD2698001",
         "DebAccNumber":"701075323",
         "DebAccName":"Dummy Account TB",
         "DebAccCur":"360"
      }
   }
}

Sample Response

Mobile Voucher


{ 
   "BillPaymentRs":{ 
      "MsgRsHdr":{ 
         "ResponseTimestamp":"2017-07-21T14:32:01.000+07:00",
         "CustRefID":"0878987654321",
         "StatusCode":"00",
         "StatusDesc":"Success"
      },
      "BillRefNo":"0121323333",
      "InstCode":"032"
   }
}

Virtual Account


{ 
   "BillPaymentRs":{ 
      "MsgRsHdr":{ 
         "ResponseTimestamp":"2017-07-21T14:32:01.000+07:00",
         "CustRefID":"0878987654321",
         "StatusCode":"00",
         "StatusDesc":"Success"
      },
      "BillRefNo":"0121323333",
      "InstCode":"961"
   }
}

Example :

Mobile Voucher

15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"BillPaymentRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"000000123451"},"BillPaymentInfo":{"BillType":"MOBILEVOUCHER","InstCode":"032","BillNumber":"0812112233456","TrxAmount":"50000","Currency":"360","UserId":"WD2698001","DebAccNumber":"701075323","DebAccName":"DummyAccountTB","DebAccCur":"360"}}}

And generate hmac sha256 for payload.

Sample generate hmac using PHP :

//Define Message
$message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"BillPaymentRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"000000123451"},"BillPaymentInfo":{"BillType":"MOBILEVOUCHER","InstCode":"032","BillNumber":"0812112233456","TrxAmount":"50000","Currency":"360","UserId":"WD2698001","DebAccNumber":"701075323","DebAccName":"DummyAccountTB","DebAccCur":"360"}}}';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Token
$signature = base64_encode($hash);
echo 'Permata Signature: ' . $signature . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099,
The result are permata-signature:
T52I6PBgsKFCPN20C1LYJjd96T4FOIkpAA7g95Lk3PM=

Sample request using PHP curl :

$jsonPayload='{"BillPaymentRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"000000123451"},"BillPaymentInfo":{"BillType":"MOBILEVOUCHER","InstCode":"032","BillNumber":"0812112233456","TrxAmount":"50000","Currency":"360","UserId":"WD2698001","DebAccNumber":"701075323","DebAccName":"DummyAccountTB","DebAccCur":"360"}}}';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json',
'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ',
'permata-signature:T52I6PBgsKFCPN20C1LYJjd96T4FOIkpAA7g95Lk3PM=', 'organizationname: WD62876099',
'permata-timestamp: 2017-11-07T10:22:57.000+07:00');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $jsonPayload);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);

Example :

Virtual Account

15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"BillPaymentRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"000000123451"},"BillPaymentInfo":{"BillType":"VIRTUALACCOUNT","InstCode":"961","BillNumber":"8961001060001361","TrxAmount":"62397100","Currency":"360","UserId":"WD2698001","DebAccNumber":"701075323","DebAccName":"DummyAccountTB","DebAccCur":"360"}}}

And generate hmac sha256 for payload.

Sample generate hmac using PHP :

//Define Message
$message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"BillPaymentRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"000000123451"},"BillPaymentInfo":{"BillType":"VIRTUALACCOUNT","InstCode":"961","BillNumber":"8961001060001361","TrxAmount":"62397100","Currency":"360","UserId":"WD2698001","DebAccNumber":"701075323","DebAccName":"DummyAccountTB","DebAccCur":"360"}}}';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Token
$signature = base64_encode($hash);
echo 'Permata Signature: ' . $signature . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099,
The result are permata-signature:
T52I6PBgsKFCPN20C1LYJjd96T4FOIkpAA7g95Lk3PM=

Sample request using PHP curl :

$jsonPayload='{"BillPaymentRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"000000123451"},"BillPaymentInfo":{"BillType":"VIRTUALACCOUNT","InstCode":"961","BillNumber":"8961001060001361","TrxAmount":"62397100","Currency":"360","UserId":"WD2698001","DebAccNumber":"701075323","DebAccName":"DummyAccountTB","DebAccCur":"360"}}}';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json',
'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ',
'permata-signature:K9WUn4PHrs8+lD+ZB0/WUJep8MmTN+DxpdhcmxnS1iY=', 'organizationname: WD62876099',
'permata-timestamp: 2017-11-07T10:22:57.000+07:00');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $jsonPayload);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);

Sample generate hmac sha256 using JAVA :


//Define Message
String message = "15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"BillPaymentRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"000000123451"},"BillPaymentInfo":{"BillType":"MOBILEVOUCHER","InstCode":"032","BillNumber":"0812112233456","TrxAmount":"50000","Currency":"360","UserId":"WD2698001","DebAccNumber":"701075323","DebAccName":"DummyAccountTB","DebAccCur":"360"}}}";
//Create Hash
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(permataStaticKey.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key)
//Create token
String hash = Base64.encodeBase64String(sha256_HMAC.doFinal(string2hash.getBytes("UTF-8")));
System.out.println(hash);

Sample request using JAVA :


String host = "host";
String payload = "{"BillPaymentRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"000000123451"},"BillPaymentInfo":{"BillType":"VIRTUALACCOUNT","InstCode":"961","BillNumber":"8961001060001361","TrxAmount":"62397100","Currency":"360","UserId":"WD2698001","DebAccNumber":"701075323","DebAccName":"DummyAccountTB","DebAccCur":"360"}}}";
String OrganizationName = "WD62876099";
String authorization = "Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ" ;
String Content_Type = "application/json";
String PERMATA_Signature = "YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=";
String PERMATA_Timestamp = "2017-11-07T10:22:57";

HttpClient httpClient = HttpClientBuilder.create().build();
HttpPost request = new HttpPost(host);
request.setEntity(new StringEntity(payload));
                
request.setHeader("authorization",authorization);
request.setHeader("OrganizationName",OrganizationName);
request.setHeader("Content-Type",Content_Type);
request.setHeader("PERMATA-Signature",PERMATA_Signature);
request.setHeader("PERMATA-Timestamp",PERMATA_Timestamp);
HttpResponse response = httpClient.execute(request);
System.out.println(response.getStatusLine().getStatusCode());

Account Statement

10.1 Detail

Name	Account Statement
Description	Service to show detail statement
Transport Protocol	HTTP POST
Message Format	JSON
Interaction Type	Synchronous
Security Policy	API Key + JWE
Interface ID

10.2 Request

Format Message

Field	Type	Length	Mandatory	Description
AcctStmtRq
MsgRqHdr
RequestTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00
CustRefID	xs:string	20	Y
PageCtrl
MoreFlag	xs:string		N	"Y" : for next page flag
SequenceNum	xs:string	30	N	From response
StatementInfo
AccountNumber	xs:string		Y
AccountCurrency	xs:string		Y
StartDate	xs:string		Y	Format : YYYY-MM-DD
EndDate	xs:string		Y	Format : YYYY-MM-DD

10.3 Response

Format Message

Field	Type	Length	Mandatory	Description
AcctStmtRs
MsgRsHdr
ResponseTimestamp	xs:dateTime		Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00
CustRefID	xs:string	20	Y
StatusCode	xs:string	*	Y	Status Code
StatusDesc	xs:string	*	N	Status Description
StatementInfo
BalanceAmount	xs:string		Y	Available Balance
SignBalance	xs:string			Sign Available Balance
DetailStatement
PageCtrl
MoreFlag	xs:string		N	"Y" : if has next record "N" : if has no next record
SequenceNum	xs:string		N	Sequence number
AccstmtDtl		*
Repeatable
PostingDate	xs:string	*		Format : YYYY-MM-DD
EffectiveDate	xs:string			Format : YYYY-MM-DD
ChequeNo	xs:string			Cheque Number
RefNo	xs:string			Ref Number
TrxAmount	xs:string			Transaction Amount
TrxCurrency	xs:string			Transaction Currency
TrxType	xs:string			Transaction Type "D" for Debet Transaction "C" for Credit Transaction
PayRef	xs:string			Pay Ref
CustRef	xs:string			Cust Ref Number
TrxDesc	xs:string			Transaction Description

Sample code

After get response from generate token oauth. use access_token to generate permata signature.

a. use access_token from response as header

'authorization: Bearer 15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy'

b. add header
```
'organizationname: WD62876099'
```

c. add header

'permata-timestamp : 2017-11-07T10:22:57.000+07:00'

d. add header permata-signature :
- construct permata-signature :
- construct payload permata signature concat at field using ":" separator access_token:permata-timestamp:bodymessage(message without space)

Post

https://api.pbdevtest.com/apiservice/AccountStatement/inq

Sample Request

First Request (output max 200 row)


{ 
   "AcctStmtRq":{ 
      "MsgRqHdr":{ 
         "RequestTimestamp":"2017-07-21T14:32:01.000+07:00",
         "CustRefID":"0878987654321"
      },
      "StatementInfo":{ 
         "AccountNumber":"701075331",
         "AccountCurrency":"IDR",
         "StartDate":"2017-11-29",
         "EndDate":"2017-11-29"
      }
   }
}

Next Flag Request


{ 
   "AcctStmtRq":{ 
      "MsgRqHdr":{ 
         "RequestTimestamp":"2017-07-21T14:32:01.000+07:00",
         "CustRefID":"0878987654321"
      },
      "PageCtrl": {
         "MoreFlag": "Y",
         "SequenceNum": "201809010708197250579580017909"
         },
      "StatementInfo":{ 
         "AccountNumber":"701075331",
         "AccountCurrency":"IDR",
         "StartDate":"2017-11-29",
         "EndDate":"2017-11-29"
      }
   }
}

Sample Response


{
    "AcctStmtRs": {
        "MsgRsHdr": {
            "ResponseTimestamp": "2017-12-03T06:12:31.591+07:00",
            "CustRefID": "0878987654321",
            "StatusCode": "00",
            "StatusDesc": ""
        },
        "StatementInfo": {
            "BalanceAmount": "75007644391974",
            "SignBalance": "C",
            "DetailStatement": {
                "AcctStmtDtl": [
                    {
                        "PostingDate": "2017-11-29",
                        "EffectiveDate": "2017-11-29",
                        "ChequeNo": "0000000000",
                        "RefNo": "000000000",
                        "TrxAmount": "121700",
                        "TrxCurrency": "",
                        "TrxType": "D",
                        "PayRef": "0897332526700000",
                        "CustRef": "",
                        "TrxDesc": "PAY PLN 540223456789 PeB via Base24 11:00:42 0897332526700000"
                    },
                    {
                        "PostingDate": "2017-11-29",
                        "EffectiveDate": "2017-11-29",
                        "ChequeNo": "0000000000",
                        "RefNo": "000000000",
                        "TrxAmount": "121700",
                        "TrxCurrency": "",
                        "TrxType": "D",
                        "PayRef": "0897332526700000",
                        "CustRef": "",
                        "TrxDesc": "PAY PLN 540223456789 PeB via Base24 11:00:42 0897332526700000"
                    },
                    {
                        "PostingDate": "2017-11-29",
                        "EffectiveDate": "2017-11-29",
                        "ChequeNo": "0000000000",
                        "RefNo": "000000000",
                        "TrxAmount": "121700",
                        "TrxCurrency": "",
                        "TrxType": "D",
                        "PayRef": "0897332526700000",
                        "CustRef": "",
                        "TrxDesc": "PAY PLN 540223456789 PeB via Base24 11:00:42 0897332526700000"
                    }
                ]
            }
        }
    }
}

Example :

15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"AcctStmtRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"StatementInfo":{"AccountNumber":"701075331","AccountCurrency":"IDR","StartDate":"2017-11-29","EndDate":"2017-11-29"}}}

And generate hmac sha256 for payload.

Sample generate hmac using PHP :

//Define Message
$message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57:{"AcctStmtRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"StatementInfo":{"AccountNumber":"701075331","AccountCurrency":"IDR","StartDate":"2017-11-29","EndDate":"2017-11-29"}}}';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Token
$signature = base64_encode($hash);
echo 'Permata Signature: ' . $signature . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099,
The result are permata-signature:
NTMILw+eOl0vmwfqHPXRNuRX2XWHB3TZqyGp5SFGS24=

Sample request using PHP curl :

$jsonPayload='{"AcctStmtRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01.000+07:00","CustRefID":"0878987654321"},"StatementInfo":{"AccountNumber":"701075331","AccountCurrency":"IDR","StartDate":"2017-11-29","EndDate":"2017-11-29"}}}';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json',
'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ',
'permata-signature:NTMILw+eOl0vmwfqHPXRNuRX2XWHB3TZqyGp5SFGS24=', 'organizationname: WD62876099',
'permata-timestamp: 2017-11-07T10:22:57.000+07:00');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $jsonPayload);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);

Sample generate hmac sha256 using JAVA :


//Define Message
String message = "15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57:{"AcctStmtRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0878987654321"},"StatementInfo":{"AccountNumber":"701075331","AccountCurrency":"IDR","StartDate":"2017-11-29","EndDate":"2017-11-29"}}}";
//Create Hash
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(permataStaticKey.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key)
//Create token
String hash = Base64.encodeBase64String(sha256_HMAC.doFinal(string2hash.getBytes("UTF-8")));
System.out.println(hash);

Sample request using JAVA :


String host = "host";
String payload = "{"AcctStmtRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0878987654321"},"StatementInfo":{"AccountNumber":"701075331","AccountCurrency":"IDR","StartDate":"2017-11-29","EndDate":"2017-11-29"}}}";
String OrganizationName = "WD62876099";
String authorization = "Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ" ;
String Content_Type = "application/json";
String PERMATA_Signature = "YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=";
String PERMATA_Timestamp = "2017-11-07T10:22:57";

HttpClient httpClient = HttpClientBuilder.create().build();
HttpPost request = new HttpPost(host);
request.setEntity(new StringEntity(payload));
                
request.setHeader("authorization",authorization);
request.setHeader("OrganizationName",OrganizationName);
request.setHeader("Content-Type",Content_Type);
request.setHeader("PERMATA-Signature",PERMATA_Signature);
request.setHeader("PERMATA-Timestamp",PERMATA_Timestamp);
HttpResponse response = httpClient.execute(request);
System.out.println(response.getStatusLine().getStatusCode());

Inquiry Status Transaction

11.1 Detail

Name	Inquiry Status Transaction
Description	Service to show status of transaction (Success or Not)
Transport Protocol	HTTP POST
Message Format	JSON
Interaction Type	Synchronous
Security Policy	API Key + JWE
Interface ID

11.2 Request

Format Message

Field	Type	Length	Mandatory	Description
StatusTransactionRq
CorpID	xs:string		Y	CorporateID
CustRefID	xs:string	20	Y	Customer Reff ID

11.3 Response

Format Message

Field	Type	Length	Mandatory	Description
StatusTransactionRs
StatusCode	xs:string	*	Y	Status code
StatusDec	xs:string	*	N	Status description
CustRefID	xs:string	20	Y	Customer Reff ID
TrxReffNo	xs:string			Transaction Reff Number

Sample code

After get response from generate token oauth. use access_token to generate permata signature.

a. use access_token from response as header

'authorization: Bearer 15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy'

b. add header
```
'organizationname: WD62876099'
```

c. add header

'permata-timestamp : 2017-11-07T10:22:57.000+07:00'

d. add header permata-signature :
- construct permata-signature :
- construct payload permata signature concat at field using ":" separator
```
access_token:permata-timestamp:bodymessage(message without space)
```
For success transaction we will send http code response 200 and response code 00.
For other status transaction response, that include in Response Code Table.
For http response 400 (exclude 401 (unauthorized) and 403 (signature not valid)) is suspect transaction. Wait for reconcile. Confirm to our team for that transaction.

Post

https://api.pbdevtest.com/apiservice/InquiryServices/StatusTransaction/Service/inq

Sample Request


{
   "StatusTransactionRq":{
    "CorpID": "WD62876045",
    "CustRefID": "0091234501"
    }
}

Sample Response


{
    "StatusTransactionRs": {
        "StatusCode": "00",
        "StatusDesc": "00",
        "CustRefID": "0091234501",
        "TrxReffNo": "0870171204984696"
    }
}

Example :

15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"StatusTransactionRq":{"CorpID":"WD62876045","CustRefID":"0091234501"}}

And generate hmac sha256 for payload.

Sample generate hmac using PHP :

//Define Message
$message = '15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"StatusTransactionRq":{"CorpID":"WD62876045","CustRefID":"0091234501"}}';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Token
$signature = base64_encode($hash);
echo 'Permata Signature: ' . $signature . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099,
The result are permata-signature:
qCjFWATcvWadBKBgg2k0T1SRk5gKx18wxZL1O8A6iWM=

Sample request using PHP curl :

$jsonPayload='{"StatusTransactionRq":{"CorpID":"WD62876045","CustRefID":"0091234501"}}';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json',
'authorization: Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ',
'permata-signature:qCjFWATcvWadBKBgg2k0T1SRk5gKx18wxZL1O8A6iWM=', 'organizationname: WD62876099',
'permata-timestamp: 2017-11-07T10:22:57.000+07:00');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $jsonPayload);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);

Sample generate hmac sha256 using JAVA :


//Define Message
String message = "15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"LlgXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0001234407"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"142861","ToBankName":"MANDIRI","Amount":22001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","CitizenStatus":"0","ResidentStatus":"0","BenefType":"1","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","BenefBankAddress":"JALANJENDSUDIRMAN","BenefBankBranchName":"SUDIRMAN","BenefBankCity":"JAKARTA","FromAcctName":"Doe","FromCurrencyCode":"IDR","Filler1":"","Filler2":"","Filler3":"","BenefAddress1":"jlBerkahno.14","BenefAddress2":"PerumSatu","BenefAddress3":"PuloGadung","DatiII":"","TkiFlag":""}}}";
//Create Hash
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(permataStaticKey.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key)
//Create token
String hash = Base64.encodeBase64String(sha256_HMAC.doFinal(string2hash.getBytes("UTF-8")));
System.out.println(hash);

Sample request using JAVA :


String host = "host";
String payload = "{"LlgXferAddRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0001234407"},"XferInfo":{"FromAccount":"701075331","ToAccount":"701075323","ToBankId":"142861","ToBankName":"MANDIRI","Amount":22001,"CurrencyCode":"IDR","ChargeTo":"0","TrxDesc":"Coba1","TrxDesc2":"Desc2","CitizenStatus":"0","ResidentStatus":"0","BenefType":"1","BenefEmail":"john@gmail.com","BenefAcctName":"John","BenefPhoneNo":"0821222333467","BenefBankAddress":"JALANJENDSUDIRMAN","BenefBankBranchName":"SUDIRMAN","BenefBankCity":"JAKARTA","FromAcctName":"Doe","FromCurrencyCode":"IDR","Filler1":"","Filler2":"","Filler3":"","BenefAddress1":"jlBerkahno.14","BenefAddress2":"PerumSatu","BenefAddress3":"PuloGadung","DatiII":"","TkiFlag":""}}}";
String OrganizationName = "WD62876099";
String authorization = "Bearer e2jex8v6CwAhJSBVfXFveXtykKC4o01fDOZ3Q3Qp5vglylwk1NONWQ" ;
String Content_Type = "application/json";
String PERMATA_Signature = "YSHxWxEc2rohVDCI8f/H1S3oNBn7l1wf6hNcAscAdb4=";
String PERMATA_Timestamp = "2017-11-07T10:22:57";

HttpClient httpClient = HttpClientBuilder.create().build();
HttpPost request = new HttpPost(host);
request.setEntity(new StringEntity(payload));
                
request.setHeader("authorization",authorization);
request.setHeader("OrganizationName",OrganizationName);
request.setHeader("Content-Type",Content_Type);
request.setHeader("PERMATA-Signature",PERMATA_Signature);
request.setHeader("PERMATA-Timestamp",PERMATA_Timestamp);
HttpResponse response = httpClient.execute(request);
System.out.println(response.getStatusLine().getStatusCode());

Inquiry Status Transaction Virtual Account (For Virtual Account partner)

12.1 Detail

Name	Inquiry Status Transaction VA
Description	Service to show status of transaction (Success or Not)
Transport Protocol	HTTP POST
Message Format	JSON
Interaction Type	Synchronous
Security Policy	API Key + JWE
Interface ID

12.2 Request

Format Message

Field	Type	Length	Mandatory	Description
GetReportRq
MsgRqHdr
RequestTimestamp	xs:string	20	Y	Format : YYYY-MM-DDTHH:mm:ss 2017-10-14T16:25:09.000+07:00
CustRefID	xs:string	20	Y	Customer Reff ID
ReportInfo
FromDate	xs:string		Y	String date : Ex : 2018-09-04T00:44:14.000Z
ToDate	xs:string		Y	String date : Ex : 2018-09-04T00:44:14.000Z
VirtualAccountId	xs:string		N	Virtual account Number / Biller Number

12.3 Response

Format Message

Field	Type	Length	Mandatory	Description
GetReportRs
MsgRsHdr
RqUID
ResponseTimestamp
StatusCode	xs:string	*	Y	Status Code
StatusDesc	xs:string	*	N	Status Description
TransactionInfoList	xs:string			Transaction info list, If only 1 record will be an json object, if more than 1 transaction info it will be json array
BackendTransactionInfo	xs:string
StatusCode	xs:string	*	Y	String Status Code
Amount	xs:string	*	N	Amount Transaction
TraceNumber	xs:string	*	N	Trace No
TransactionDate	xs:string	*	N	String Transaction Date
VirtualAccountId	xs:string	*	N	Virtual account Number / Biller Number

Sample code

After get response from generate token oauth. use access_token to generate permata signature.

a. use access_token from response as header

'authorization: Bearer 24pIQhyIELyO7oe4id0UVj7EpyBvsFwk5ocIER3UF0pJtyoxnfor2J'

b. add header
```
'organizationname: WD62876099'
```

c. add header

'permata-timestamp : 2018-08-28T09:14:12.000+07:00'

d. add header permata-signature :
- construct permata-signature :
- construct payload permata signature concat at field using ":" separator
```
access_token:permata-timestamp:bodymessage(message without space)
```

Post

https://api.pbdevtest.com/apiservice/InquiryServices/StatusTransaction/Service/inq

Sample Request


{
    "GetReportRq": {
        "MsgRqHdr": {
            "CustRefID": "4055be34-6dea-4b56-a9fb-d01f0c86a7f2", "RequestTimestamp": "2018-08-27T04:59:04.000+02:00"
        },
        "ReportInfo" : {
         "FromDate": "2018-09-04T00:44:14.000Z",
         "ToDate": "2018-09-05T00:44:14.000Z",
         "VirtualAccountId" : "8769011234567893"
        }
    }
}

Sample Response

For 1 Record Transaction


{
    "GetReportRs": {
        "MsgRsHdr": {
            "RqUID": "4055be34-6dea-4b56-a9fb-d01f0c86a7f2",
            "ResponseTimestamp": "2018-09-04T14:50:14.958+07:00",
            "StatusCode": "0",
            "StatusDesc": "Success"
        },
        "TransactionInfoList": {
            "BackendTransactionInfo": {
                "StatusCode": "00"
            },
            "Amount": "1000000",
            "TraceNumber": "616349",
            "TransactionDate": "2018-09-04T14:40:42.000+07:00",
            "VirtualAccountId": "8769011234567893"
        }
    }
}

For multiple Record Transaction


 {
    "GetReportRs": {
        "MsgRsHdr": {
            "RqUID": "4055be34-6dea-4b56-a9fb-d01f0c86a7f2",
            "ResponseTimestamp": "2018-09-04T15:14:19.237+07:00",
            "StatusCode": "0",
            "StatusDesc": "Success"
        },
        "TransactionInfoList": [
            {
                "BackendTransactionInfo": {
                    "StatusCode": "00"
                },
                "Amount": "1000000",
                "TraceNumber": "      ",
                "TransactionDate": "2018-09-04T13:51:45.000+07:00",
                "VirtualAccountId": "8769011234567894"
            },
            {
                "BackendTransactionInfo": {
                    "StatusCode": "00"
                },
                "Amount": "1005000",
                "TraceNumber": "      ",
                "TransactionDate": "2018-09-04T15:51:45.000+07:00",
                "VirtualAccountId": "8769011234567894"
            }
        ]
    }
}

Example :

24pIQhyIELyO7oe4id0UVj7EpyBvsFwk5ocIER3UF0pJtyoxnfor2J: 2018-08-28T09:14:12.000+07:00: {"GetReportRq":{"MsgRqHdr":{"CustRefID":"4055be34-6dea-4b56-a9fb-d01f0c86a7f2","RequestTimestamp":"2018-08-27T04:59:04.000+07:00"},"ReportInfo":{"FromDate":"2018-09-04T00:44:14.000Z","ToDate":"2018-09-05T00:44:14.000Z","VirtualAccountId":"8769011234567893"}}}

And generate hmac sha256 for payload.

Sample generate hmac using PHP :

//Define Message
$message = '24pIQhyIELyO7oe4id0UVj7EpyBvsFwk5ocIER3UF0pJtyoxnfor2J: 2018-08-28T09:14:12.000+07:00: {"GetReportRq":{"MsgRqHdr":{"CustRefID":"4055be34-6dea-4b56-a9fb-d01f0c86a7f2","RequestTimestamp":"2018-08-27T04:59:04.000+07:00"},"ReportInfo":{"FromDate":"2018-09-04T00:44:14.000Z","ToDate":"2018-09-05T00:44:14.000Z","VirtualAccountId":"8769011234567893"}}}';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Token
$signature = base64_encode($hash);
echo 'Permata Signature: ' . $signature . ' ';

Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099,
The result are permata-signature:
qCjFWATcvWadBKBgg2k0T1SRk5gKx18wxZL1O8A6iWM=

Sample request using PHP curl :

$jsonPayload='{"GetReportRq": {"MsgRqHdr": {"CustRefID": "4055be34-6dea-4b56-a9fb-d01f0c86a7f2","RequestTimestamp": "2018-08-27T04:59:04.000+02:00"},"ReportInfo" : {"FromDate": "2018-09-04T00:44:14.000Z","ToDate": "2018-09-05T00:44:14.000Z","VirtualAccountId" : "8769011234567893"}}}';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json',
'authorization: Bearer 24pIQhyIELyO7oe4id0UVj7EpyBvsFwk5ocIER3UF0pJtyoxnfor2J',
'permata-signature:JOBPHaQloSCRHZdnUmED8RxrrLj7xejujcr4DgXkOrM=', 'organizationname: WD62876099',
'permata-timestamp: 2018-08-28T09:14:12.000+07:00');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $jsonPayload);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);

List of Response Code

No	RC	HTTP CODE	Desc

List of Bank

BANK_CODE	BANK_NAME	RTGS	LLG	TRF ONLINE

List of InstCode VA

INST_CODE	INST_NAME	STATUS

List of InstCode Mobile Voucher

INSTITUTION_CODE	INSTITUTION_NAME

Security

Services

Additional Information

Generate Token

Use token Oauth And Permata Signature to Hit Services

Balance Inquiry

1.1 Detail

1.2 Request

1.3 Response

Sample code

Inquiry Overbooking

1.1 Detail

1.2 Request

1.3 Response

Sample code

Overbooking (Posting)

1.1 Detail

1.2 Request

1.3 Response

Sample code

Transfer Inquiry Online

1.1 Detail

1.2 Request

1.3 Response

Sample code

Transfer Online

1.1 Detail

1.2 Request

1.3 Response

Sample code

LLG

1.1 Detail

1.2 Request

1.3 Response

Sample code

RTGS (POSTING)

7.1 Detail

7.2 Request

7.3 Reponse

Sample code

And generate hmac sha256 for payload.

Bill Inquiry

8.1 Detail

8.2 Request

8.3 Reponse

Sample code

And generate hmac sha256 for payload.

And generate hmac sha256 for payload.

Bill Payment

9.1 Detail

9.2 Request

9.3 Reponse

Sample code

And generate hmac sha256 for payload.

And generate hmac sha256 for payload.

Account Statement

10.1 Detail

10.2 Request

10.3 Response

Sample code

And generate hmac sha256 for payload.

Inquiry Status Transaction

11.1 Detail

11.2 Request

11.3 Response

Sample code

And generate hmac sha256 for payload.

Inquiry Status Transaction Virtual Account (For Virtual Account partner)

12.1 Detail

12.2 Request

12.3 Response

Sample code

And generate hmac sha256 for payload.

List of Response Code

List of Bank

List of InstCode VA

List of InstCode Mobile Voucher