Generate Token
Step By Step request Generate Token (sample):
-
1. Use key-id for test :
'API-Key: cd86fe4b-bc4f-4200-8ad4-d04971c65ac6'
-
2. Use
$username = ec1f94aa-161b-446a-afb0-2de29a52060e
-
3. Use
$password = fd0f38d4-46dd-44ce-b318-c208f7f0e6df
-
4. Generate header timestamp. example :
OAUTH-Timestamp : 2017-12-09T03:52:01.000+07:00
-
5. Use payload data :
grant_type=client_credentials
-
6. Generate signature for header "oauth-signature"
- construct payload permata signature concat at field using ":" separator
API-Key:OAUTH-Timestamp:payload
basic_auth from user and pass sample :
- Client ID / username :
ec1f94aa-161b-446a-afb0-2de29a52060e
- Client Secret Key / password :
fd0f38d4-46dd-44ce-b318-c208f7f0e6df
generated Base64 Basic Auth:
NzNlODQzY2QtMGIyOC00Zjk4LWEyNjItYjVkYmRmOWVlNTQ5OjJkNDU3MDVjLWU5OTItNGJkOC1iN2ZlLTdkMmQxZGM2YzRjMQ==
Example full payload for permata oauth signature :
cd86fe4b-bc4f-4200-8ad4-d04971c65ac6:2017-12-09T03:52:01.000+07:00:grant_type=client_credentials
Sample generate hmac sha256 using PHP :
//Define Message
$message = 'cd86fe4b-bc4f-4200-8ad4-d04971c65ac6:2017-12-09T03:52:01.000+07:00:grant_type=client_credentials';
//Create Hash
$hash = hash_hmac('sha256', $message, $_GET['permata_static_key'],"true");
echo 'hash before base64 : ' .$hash. ' ';
//Create Signature
$signature = base64_encode($hash);
echo 'Signature: ' . $signature . ' ';
Use 'permata_static_key' with WD62811305f7f796a480bb2c53d76099
The result are OAUTH-Signature:YcKit0AOOJns0z/DWS+VJDHPJr/MWGiqZzqzFHIkBgo=
$payloadName['grant_type']='client_credentials';
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded ','keyid: cd86fe4b-bc4f-4200-8ad4-d04971c65ac6','OAUTH-Signature: YcKit0AOOJns0z/DWS+VJDHPJr/MWGiqZzqzFHIkBgo=','OAUTH-Timestamp : 2017-12-09T03:52:01.000+07:00');
curl_setopt($process, CURLOPT_HEADER, 1);
curl_setopt($process, CURLOPT_USERPWD, $username . ":" . $password);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, $payloadName);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$return = curl_exec($process);
curl_close($process);
Sample Response
{
"access_token": "15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy",
"token_type": "Bearer",
"expires_in": 10800,
"scope": "resource.WRITE resource.READ"
}
Sample generate hmac sha256 using JAVA :
//Define Message
String message = ' 15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy:2017-11-07T10:22:57: {"BalInqRq":{"MsgRqHdr":{"RequestTimestamp":"2017-07-21T14:32:01+07:00","CustRefID":"0878987654321"},"InqInfo":{"AccountNumber":"701075323"}}}';
//Create Hash
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(permataStaticKey.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key)
//Create token
String hash = Base64.encodeBase64String(sha256_HMAC.doFinal(string2hash.getBytes("UTF-8")));
System.out.println(hash);
Sample Response
{
"access_token": "15hBgzeXpK6M8WZJqPwL5z615iFxFS2OW1hKTnUV6c17OEuJKSXsKy",
"token_type": "Bearer",
"expires_in": 10800,
"scope": "resource.WRITE resource.READ"
}