Linkage

Get Auth Code

Get Auth Code API is an API used to obtain an authorization code, which is typically required in authentication and authorization processes, especially in OAuth-based systems. This authorization code serves as a temporary credential that a client application can use to request access tokens from the authorization server

Type Value
Service Code
10
Name
API Get Oauth URL
HTTP Method
GET

Flow

You send the required parameters to make a request, and Espay Payment Gateway will respond in JSON format.

API URL

Environment URL
Sandbox
Port of HTTPS (443)
https://sandbox-api.espay.id/apidirectdebit/v1.0/get-auth-code
Production
Port of HTTPS (443)
https://api.espay.id/apidirectdebit/v1.0/get-auth-code

Headers

Name Type Mandatory Description
Content-Type
String
Y
Content of your request body.

Example:
application/json
X-TIMESTAMP
String (25)
Y
Customer's current local date and time.

Format:
yyyy-MM-ddThh:mi:ssTZD (ISO 8601)

Example:
2024-03-14T07:49:28+07:00
X-SIGNATURE
String (255)
Y
Code used to validate transactions. Learn Signatures Asymmetric
X-EXTERNAL-ID
String (32)
Y
Numeric String. Reference number that should be unique on the same day.
X-PARTNER-ID
String (50)
Y
Merchant Code from Espay team.

Example:
SGWYESSISHOP
CHANNEL-ID
String (5)
Y
Channel id.

Value:
Espay
Authorization-Customer
String (150)
C
Access Token B2B2C. Espay -> Bank
Y: Yes, O: Optional, C: Conditional

Request Parameters​

Parameter Type Mandatory Description
redirectURL
String (256)
Y
Merchant callback URL after success get auth code.
scopes
String (256)
Y
Access scope from authorization.

Value:
"DEFAULT"
state
String (32)
Y
Random string for CSRF.
merchantId
String (64)
Y
Merchant code from Espay team.

Example:
SGWYESSISHOP
lang
String (2)
Y
Language code.

Format:
  • Indonesia: id
  • Inggris: en
Y: Yes, O: Optional, C: Conditional

Response Parameters

Parameter Type Mandatory Description
responseCode
String (7)
Y
Response Code.

Format:
HTTP Code + Service Code + Error Code

Example:
200+10+00 = 2001000
responseMessage
String (150)
Y
Response description.
authCode
String (256)
Y
Auth code.
state
String (32)
Y
Random string for CSRF.
additionalInfo
Object
  redirectUrl
String (256)
C
Redirect url for linking account.
Y: Yes, O: Optional, C: Conditional

Response Query Parameter (After redirection)

Parameter Type Mandatory Description
authCode
String (256)
C
Auth code used to exchange with access token.
state
String (32)
C
Random string for CSRF (Merchant can validate to check if this is the same as state sent on request).
success
String
C
Indicating whether user has successfully completed linking on GoPay page Will be returned if merchant is onboarded on webview flow
result
String
C
Indicating whether user has successfully completed linking on GoPay page Will be returned if merchant is onboarded on webview flow
errCode
String
C
Indicating the error code in case user fails to successfully linked on GoPay page Will be returned if merchant is onboarded on webview flow
errDesc
String
C
Indicating the error code in case user fails to successfully linked on GoPay page Will be returned if merchant is onboarded on webview flow
Y: Yes, O: Optional, C: Conditional





























Sample Headers

Content-Type:application/json
X-TIMESTAMP:2024-03-14T07:49:28+07:00
X-SIGNATURE:jaCUbDOSIjFcDaZ1rO0aCczJrWSfV0wAXVi/zOLlOLOIVH00gucOSOnHpKTARwpnn6qB08Vi8VJviNhIQh1q6zVJAwdhxnHRlwNFa28IVFTtSmD4nXPWT3LsuYuFPNDGJ59/MgKMVjwIofYvq2dwOHoDi9rnyT3nPl7N2bRdIQceQlD6sITcqdEbRUlm+zTFB2MxNy4vFaEZz1LU8fsENp+giMNqxR26DsNcRj1K8JBXO6nY8q2m3jmTmiduXK5VZXxt/5v6bp+OlYCwJhn3hmdZD1zwC3Hu6qZcCIhO6IVe0ThSCfsaCdye9o/Ew6VdMWbTtQUoR983mq6MubLmzg==
X-EXTERNAL-ID:d3be5aec-155b-4b46-bfee-3fd55363d0f4
X-PARTNER-ID:SGWYESSISHOP
CHANNEL-ID:ESPAY



























Sample Request

https://sandbox-api.espay.id/apidirectdebit/v1.0/get-auth-code?redirectURL=https://www.yourdomain.com/authSuccess&scopes=CIMBDIRECTDEBIT&state=889871204JJK1I23K&merchantId=703061953400&lang=id&seamlessData=%7B%22mobileNumber%22%3A%226287888088201%22%7D




















Sample Response

{
    "responseCode":"2001000",
    "responseMessage":"Request has been processed successfully",
    "authCode":"a4sd5a4fsaf5d5f4df66ad85f4",
    "state":"WodkkwijSDs",
    "additionalInfo": {
        "redirectUrl":"https://domain.com/authSuccess"
    }
}


CURL

curl --location --request GET 'https://sandbox-api.espay.id/apidirectdebit/v1.0/get-auth-code' \
--header 'X-TIMESTAMP: 2024-03-14T07:49:28+07:00' \
--header 'X-SIGNATURE: UbJ0SbaplGZXDqWU9+gVwtNY9/4afKgtoM2l/3eanq0i0bdcWzr7QimXL/sd1hAGaSZc5XfuImbiX8EhVnukbwPXaT5gGvdK3LeqOs+0AXfKhqHLoE2hdipi+S2od5QHp2yVADMDwUt1/lrw4A6JoHGlSwyycP/k5FI8ElBoPX3TKLog1/2LRgWU8iWxv8fE9fOob2pDCIDok1p0aCLxxWD/eJgdHhKHsLtzE1JI/nmw9j+6vLnYrgdUqDUpib+G3yZfYQbaIPec9FkEmrSO8D77W9LV9/XnCfqh4HirUrGGLzi7K76V7bt0pshsBXVQZi9kEf0EHC/dfZ5MkR1HAg==' \
--header 'X-EXTERNAL-ID: 8db69b14-76a7-49e3-bb9a-ea2a9805f7a3' \
--header 'X-PARTNER-ID: SGWDIGALLERY' \
--header 'CHANNEL-ID: ESPAY' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'redirectURL=https://www.yourdomain.com/authSuccess' \
--data-urlencode 'scopes=CIMBDIRECTDEBIT' \
--data-urlencode 'state=889871204JJK1I23K' \
--data-urlencode 'merchantId=703061953400' \
--data-urlencode 'lang=id'





Scroll to Top