QRIS Merchant Presented Mode (MPM) Dinamis v1.1
What is QRIS Merchant Presented Mode (MPM) Dynamic ?
Quick Response Code Indonesian Standard or QRIS is a combined QR code from every kind of QR code Payment Service Provider. QRIS was developed by the payment service provider industry together with Bank Indonesia with the intention of having a QR code payment service that is easy, fast, and secure.
With QRIS, QR code payment from every kind of service provider application including bank or non-bank will be able to be used at every merchant with QRIS logo.
QRIS Merchant Presented Mode (MPM) Dynamic is a QR code that must be generated and presented to the customer every time the transaction is made. Merchant will need to input the payment amount and the customer will scan the QR code that was generated and printed.
Use Case of API QRIS Merchant Presented Mode (MPM) Dynamic
QRIS Merchant Presented Mode (MPM) Dynamic is suitable for middle and large business merchants with large volume of transactions. With this API merchant will need to input the payment amount and the customer will scan the QR code that was generated and printed.
API Information
|
Title |
QRIS Dinamis - MPM |
|---|---|
|
Version |
v1.1 |
|
URL Sandbox |
|
|
URL Production |
Version Control
|
Doc Version |
API Version |
Date |
Link to Documentation |
Description |
|---|---|---|---|---|
|
v1.0 |
v1.1 |
11th May 2022 |
this pages |
Baseline version |
| v1.0 | v1.1 | 31st July 2023 | this pages | Addition of Field issuerRrn to the QR Inquiry Endpoint |
| v1.0 | v1.1 | 27th May2025 | this pages | Addition of field paidTime on Inquiry Payment endpoint response and update path on Generate QR endpoint |
Product Description
Product Overview
This document aims to explain the API specifications of the development of Dynamic QRIS - MPM with the scheme of merchants issuing QRIS, customers using tools to scan / scan merchant QRIS. Then from BRI sends a notification / callback in accordance with predetermined specifications.
Endpoint
A. Get Token
Endpoint Description
This endpoint is used to get an access token that serves as authentication when you want to access other APIs. Pilot tests check that the get token is not hit every time you access the endpoint (integrator).
General Information
| HTTP Method | POST |
|---|---|
| Path | /snap/v1.0/access-token/b2b |
| Type Format | JSON |
| Authentication | Digital Signature |
Header Structure
| Key | Value | Format | Mandatory | Length | Description | Example |
|---|---|---|---|---|---|---|
| X-SIGNATURE | M |
Retrieved from algoritma asymmetric signature SHA256withRSA (Private_Key, stringToSign). stringToSign = client_ID + “|” + XTIMESTAMP |
||||
| X-CLIENT-KEY | Alphanumeric | M | Client’s client_id (Nama PJP) (given upon completion of registration process) | |||
| X-TIMESTAMP | Datetime | M | Client's current local time yyyy-MM- ddTHH:mm:ss.SSSTZD format | |||
| Content-Type | application/json | M |
Request Structure
| Field | Data Type | Format | Mandatory | Length | Description | Example |
|---|---|---|---|---|---|---|
| grantType | String | Alphabet | Y | “client_credentials” : a client may request an access token using only its client credentials (or other supported means of authentication) when the client requests access to a protected resource under its control. (OAuth 2.0: RFC 6749 & 6750) | client_credentials |
Response Structure
| Field | Data Type | Format | Mandatory | Length | Deskripsi | Contoh |
|---|---|---|---|---|---|---|
| responseCode | String | Numeric | C | Response code | (example code) | |
| responseMessage | String | Alphabet | C | Response description | (example message) | |
| accessToken | String | Alphanumeric | M |
The access token type provides the client with the information necessary to successfully use the access token to protect the resource request (along with type-specific attributes) The type of token type:
Referensi: OAuth2.0 RFC 6749 & 6750 |
(example access token) | |
| tokenType | String | Alphabet | M | (example token type) | ||
| expiresIn | String | Alphanumeric | M | The session ends in seconds: 900 (15 minutes) | (example expiration) |
{
"grantType": "client_credentials"
}
Normal Response:
{
"accessToken": "jwy7GgloLqfqbZ9OnxGxmYOuGu85",
"tokenType": "BearerToken",
"expiresIn": "899"
}
Error Response:
{
"responseCode": "4007301",
"responseMessage": "Invalid Field Format"
}
List of Error/Response Code
| HTTP Status Code | Response Status | Response Description | Deskripsi |
|---|---|---|---|
| 200 | Success | - | - |
| 400 | 4007300 | Failed Bad Request | - |
| 400 | 4007301 | Failed Invalid Field Format | - |
| 401 | 4017300 | Failed Unauthorized Client | - |
| 401 | 4017300 | Failed Unauthorized stringToSign | - |
| 401 | 4017300 | Failed Unauthorized Signature | - |
| 401 | 4017301 | Failed Invalid Token (B2B) | - |
| 500 | 500000 | Failed General Error | - |
Signature
Signature ensures that the transmitted data is authentic and cannot be refuted. The signature is generated by the service user and verified by the service receiver.
The signature is formed from the specified payload, by implementing the HMAC_SHA512 algorithm with clientSecret as the key.
Payload
Payload tergabung dari kata kerja, path, token, timestamp, dan body. Dengan format Symetric-Signature:
HMAC_SHA512 (clientSecret, stringToSign) dengan rumus stringToSign = HTTPMethod + ": "+ EndpointUrl + ": "+ AccessToken + ":" + Lowercase(HexEncode(SHA-256(minify(RequestBody))))+ ":" +TimeStamp
Example:
POST:/snap/v1.1/dummy:muhpwhwOkPRU9nNXYnyYHj8t54x3:8b4e9e83b5231cff4f84358ec8ca81951cfe9f999f635b1566452a501d5c23b2:2021-11- 29T09:22:18.172+07:00
The details of each element in the payload are described below:
Path
Value in path is URL after hostname and port without Query Parameter
Example:
https://sandbox.partner.api.bri.co.id/simulator/qr/qr-cpm-payment-url becomes /simulator/qr/qr-cpm-payment-ur
Verb
Method HTTP with capital letters.
Example: GET, POST, PUT, PATCH, and DELETE.
Token
The token used in the Authorisation header.
Example: Bearer R04XSUbnm1GXNmDiXx9ysWMpFWBr
Timestamp
The time when sending the API request. The time format must follow ISO8601 format (yyyy-MM-ddTHH:mm:ss.SSSZ). Must be within zero UTC offset.
Example:
2021-11-02T13:14:15.678+07:00
Body
Body when submitting an API request. Lowercase(HexEncode(SHA-256(minify(RequestBody))))
Contoh: {"hello":"world"}
Result SHA256 : a47a5f14b3e78b5e3d3f81b1a1468499be964660f818c10adcac792c42709749
If there is no request body, for example using the GET method, just leave it blank.
Reference : https://developers.bri.co.id/en/snap-bi/apidocs-oauth-snap-bi
B. Generate QR
Endpoint Description
The Generate QR API is used to generate the Dynamic MPM QR
General Information
|
HTTP Method |
POST |
|---|---|
|
Path |
/snap/v1.1/qr/qr-mpm-generate |
|
Type Format |
JSON |
|
Authentication |
OAuth 2.0 |
Header Structure
| Key | Value | Format | Mandatory | Length | Deskripsi |
|---|---|---|---|---|---|
| Authorization | Authorization | Alphanumeric | M | - | Bearer {Token} |
| X-TIMESTAMP | BRI - timestamp | Datetime | M | - | Format Timestamp ISO8601 |
| X-SIGNATURE | BRI - Signature | Alphanumeric | M | - | HMAC_SHA512 |
| Content-Type | application/json | Alpha | M | - | application/json |
| X-PARTNER-ID | Alphanumeric | M | 36 | ||
| CHANNEL-ID | Alpha | M | 5 | ||
| X-EXTERNAL-ID | Numeric | M | 36 |
Request Structure
| Field | Data Type | Mandatory | Length | Description | Example |
|---|---|---|---|---|---|
| partnerReferenceNo | String | M | 6 | Identify transactions in the customer service system | 1234567890133 |
| amount | Object | M | - | The detailed contents of the object amount are in the table belowi | |
| merchantId | String | M | 64 | A unique ID owned by each merchant | 00007100010926 |
| terminalId | String | M | 16 | Terminal ID | 213141251124 |
Request Structure in Object "amount"
| Field | Data Type | Mandatory | Length | Description | Example |
|---|---|---|---|---|---|
| value | Decimal | M | 18 | The net amount of the transaction. If it is IDR then the value includes 2 decimal places. for example IDR 10,000,- will be placed with 10000.00 | 123456.00 |
| currency | String | M | 3 | 3 digit code of ISO Currency | IDR |
Response Structure
| Field | Data Type | Mandatory | Length | Description | Example |
|---|---|---|---|---|---|
| responseCode | String | M | 7 |
Response code HTTP status code + service code + case code |
2004700 |
| responseMessage | String | M | 150 | Description response | Successfull |
| partnerReferenceNo | String | M | 6 | Transaction identification number in the customer service system | 1234567890133 |
| qrContent | String | M | 512 | QR String MPM | 0002xxxxxxxxxx |
| referenceNo | String | M | 12 | The transaction identification number on the service provider's system. | 409676201434 |
Request & Response Payload Sample
Request:
{
"partnerReferenceNo": "1234567890133",
"amount": {
"value": "123456.00",
"currency": "IDR"
},
"merchantId": "00007100010926",
"terminalId": "213141251124"
}
Normal Response:
{
"responseCode": "2004700",
"responseMessage": "Successful",
"partnerReferenceNo": "1234567890133",
"qrContent": "0002XXXXXXXXX",
"referenceNo": "409676201434"
}
C. Inquiry Payment
Endpoint Description
Endpoint to make a Dynamic MPM QR payment inquiry.
General Information
|
HTTP Method |
POST |
|---|---|
|
Path |
/snap/v1.1/qr/qr-mpm-query |
|
Type Format |
JSON |
|
Authentication |
OAuth 2.0 |
Header Structure
| Key | Value | Format | Mandatory | Length | Deskripsi |
|---|---|---|---|---|---|
| Authorization | Authorization Bearer {Token} | Alphanumeric | M | Bearer {Token} | |
| X-TIMESTAMP | BRI - timestamp | Datetime | M | Format Timestamp ISO8601 | |
| X-SIGNATURE | BRI - Signature | Alphanumeric | M | HMAC_SHA512 | |
| Content-Type | application/json | Alpha | M | application/json | |
| X-PARTNER-ID | Alphanumeric | M | 36 | ||
| CHANNEL-ID | Alpha | M | 5 | ||
| X-EXTERNAL-ID | Numeric | M | 36 |
Request Structure
| Field | Data Type | Mandatory | Length | Description | Example |
|---|---|---|---|---|---|
| originalReferenceNo | String | M | 64 | Transaction identification number in the service provider's system | 000008526955 |
| serviceCode | String | M | 2 | Transaction type indicator (service code of the original request transaction) | 17 |
| additionalInfo | Object | M | Details of the contents of the additionalInfo object are in the table below |
Request Structure in Object "additionalInfo"
| Field | Data Type | Mandatory | Length | Description | Example |
|---|---|---|---|---|---|
| terminalId | String | M | 16 | ID Terminal | 100492 |
Response Structure
| Field | Data Type | Mandatory | Length | Description | Example |
|---|---|---|---|---|---|
| responseCode | String | M | 7 |
Response Code HTTP status code + service code + case code |
2005100 |
| responseMessage | String | M | 150 | Description Response | Successful |
| originalReferenceNo | String | C | 64 | Transaction identification number in the service provider's system | 290005165369 |
| serviceCode | String | M | 2 | Service Code | 17 |
| latestTransactionStatus | String | M | 2 |
Transaction Status
00 - Success 01 - Initiated 02 - Paying 03 - Pending 04 - Refunded 05 - Canceled 06 - Failed 07 - Not found |
00 |
| transactionStatusDesc | String | O | 50 | Description of the transaction status | Successfully |
| paidTime | String | M | 25 | Paid transaction timestamp |
2025-05-27T09:59:07+07:00 |
| amount | Object | M | Details of the contents of the amount object are in the table below | ||
| terminalId | String | O | 16 | Terminal identification | 10049258 |
| additionalInfo | Object | O | Details of the contents of the additionalInfo object are in the table below |
Response Structure in Object "amount"
| Field | Data Type | Mandatory | Length | Description | Example |
|---|---|---|---|---|---|
| value | Decimal | M | 18 | The net amount of the transaction. If it is IDR then the value includes 2 decimal places. for example IDR 10,000,- will be placed with 10000.00 | 2000.00 |
| currency | String | M | 3 | 3 digit code ISO Currency | IDR |
Response Structure in Object "additionalInfo"
| Field | Data Type | Mandatory | Length | Description | Example |
|---|---|---|---|---|---|
| customerName | String | O | Name of customer | I GEDE TONI DHARMAWAN | |
| customerNumber | String | O | Costumer number | 9360015723456789 | |
| invoiceNumber | String | O | Invoice number | 10009121031000912103 | |
| issuerName | String | O | Issuer name | Finnet 2 | |
| issuerRrn | String | O | transaction id of the QR issuer | 110002756582 | |
| mpan | String | O | Merchant PAN of the original Payment QR | 9360000201102921379 |
Request & Response Payload Sample Request:
{
"originalReferenceNo":"290005165369",
"serviceCode":"17",
"additionalInfo":{
"terminalId": "10049258"
}
}
Normal Response:
{
"responseCode": "2005100",
"responseMessage": "Successful",
"originalReferenceNo": "290005165369",
"serviceCode": "17",
"latestTransactionStatus": "00",
"transactionStatusDesc": "Successfully",
"amount": {
"value": "2000.00",
"currency": "IDR"
},
"terminalId": "10049258",
"additionalInfo": {
"customerName": "I GEDE TONI DHARMAWAN",
"customerNumber": "9360015723456789",
"invoiceNumber": "10009121031000912103",
"issuerName": "Finnet 2",
"issuerRrn": "110002756582",
"mpan": "9360000201102921379"
}
}
List of Error/Response Code
| HTTP Status Code | Code | Status | Response Description | Deskripsi |
|---|---|---|---|---|
| 200 | 00 | Sukses | Successfull | Sukses |
| 400 | 01 | Gagal | Invalid Field Format Request | Format Request Tidak Valid |
| 403 | 00 | Gagal | Transaction Expired | Refund sudah tidak bisa dilakukan |
| 403 | 02 | Gagal | Exceeds Transaction Amount Limit | Amount exceeding the limit |
| 403 | 15 | Gagal | Transaction Not Permitted. Invalid Data. Abort Process | Invalid Data. Abort Process |
| 403 | 15 | Gagal | Transaction Not Permitted. QR Expired | QR Expired |
| 403 | 23 | Gagal | Account Limit Exceed | Akumulasi Nominal Melebihi Limit |
| 404 | 01 | Gagal | Transaction Not Found |
|
| 404 | 08 | Gagal | Invalid Merchant | Invalid Merchant |
| 404 | 11 | Gagal | Invalid Card/Account/Customer [info]/Virtual Account | Invalid CPAN |
| 404 | 12 | Gagal | Invalid Bill | Invalid transaction / invalid number |
| 404 | 13 | Gagal | Invalid Amount | Invalid Amount |
| 404 | 14 | Gagal | Paid Bill | Transaksi Sudah Terbayar |
| 500 | 01 | Gagal | Internal Server Error Retrieve Data Failed | Retrieve Data Failed |
| 500 | 01 | Gagal | Internal Server Error Database Error | Database Error |
D. Refund Payment
Endpoint Description
Endpoint for refund QRIS MPM Dynamic
General Information
|
HTTP Method |
POST |
|---|---|
|
Path |
/snap/v1.1/qr/qr-mpm-refund |
|
Type Format |
JSON |
|
Authentication |
OAuth 2.0 |
Header Structure
| Key | Value | Format | Mandatory | Length | Description |
|---|---|---|---|---|---|
| Authorization | Authorization Bearer {Token} | Alphanumeric | M | Bearer {Token} | |
| X-TIMESTAMP | BRI - timestamp | Datetime | M | Format Timestamp ISO8601 | |
| X-SIGNATURE | BRI - Signature | Alphanumeric | M | HMAC_SHA512 | |
| ORIGIN | www.hostname.com | M | Origin request from partner or apps | ||
| X-PARTNER-ID | Alphanumeric | M | 36 | ID Partner | |
| CHANNEL-ID | Alpha | M | 5 | ID channel used for transaction | |
| X-EXTERNAL-ID | Numeric | M | 36 | Unique external ID used for request identification | |
| X-IP-ADDRESS | M | Device or client IP address | |||
| X-DEVICE-ID | M | Device ID used by user | |||
| M | Device's Latitude coordinate | ||||
| X-LONGITUDE | M | Device's Longtitude coordinate |
Request Structure
| Field | Data Type | Mandatory | Length | Description | Example |
|---|---|---|---|---|---|
| merchantId | String | M | 64 | Merchant unique ID | 000001989110137 |
| originalPartnerReferenceNo | String | M |
Original reference number from partner |
1982047513684 | |
| originalReferenceNo | String | M | 64 |
Transaction identification number on the service provider system |
|
| partnerRefundNo | String | M |
Refund reference number from partner |
||
| refundAmount | Object | M |
Details of the contents of the refundAmount object are in the table below |
||
| additionalInfo | Object | M | Details of the contents of the additionalinfo object are in the table below |
Request Structure in Object "refundAmount"
| Field | Data Type | Mandatory | Length | Description | Example |
|---|---|---|---|---|---|
| value | Decimal | M | 18 | The net amount of the transaction. If it is IDR then the value includes 2 decimal places. for example IDR 10,000,- will be placed with 10000.00 | 100.00 |
| currency | String | M | 3 | 3 digit code ISO Currency | IDR |
Request Structure in Object "additionalInfo"
| Field | Data Type | Mandatory | Length | Description | Example |
|---|---|---|---|---|---|
| invoiceNumber | String | M | invoice transaction number | 19352405261935240526 | |
| terminalId | String | M | ID terminal | 15012304 |
Response Structure
| Field | Data Type | Mandatory | Length | Description | Example |
|---|---|---|---|---|---|
| responseCode | String | M |
Response code HTTP status code + service code + case code |
2007800 | |
| responseMessage | String | M | Description response | Successful | |
| originalPartnerReferenceNo | String | M | Original reference number from partner |
1982047513684 |
|
| originalReferenceNo | String | M | Transaction identification number on the service provider system |
574072067022 |
|
| refundNo | String | M | Refund reference number | ||
| partnerRefundNo | String | M | Refund reference number from partner |
12345678901234567 |
|
| refundAmount | Object | M | The detailed contents of the object refundAmount are in the table below |
|
|
| refundTime | String | M | Refund timestamp | 2026-05-18T11:26:55+07:00 |
Response Structure in Object "refundAmount"
| Field | Data Type | Mandatory | Length | Description | Example |
|---|---|---|---|---|---|
| value | Decimal | M | 18 | The net amount of the transaction. If it is IDR then the value includes 2 decimal places. for example IDR 10,000,- will be placed with 10000.00 | 100.00 |
| currency | String | M | 3 | 3 digit code ISO Currency | IDR |
Request & Response Payload Sample Request:
{
"merchantId": "000001989110137",
"originalPartnerReferenceNo": "1982047513684",
"originalReferenceNo": "",
"partnerRefundNo": "12345678901234567",
"refundAmount": {
"value": "100.00",
"currency": "IDR"
},
"additionalInfo": {
"invoiceNumber": "19352405261935240526",
"terminalId": "15012304"
}
}
Normal Response:
{
"responseCode": "2007800",
"responseMessage": "Successful",
"originalPartnerReferenceNo": "1982047513684",
"originalReferenceNo": "574072067022",
"refundNo": "",
"partnerRefundNo": "12345678901234567",
"refundAmount": {
"value": "100.00",
"currency": "IDR"
},
"refundTime": "2026-05-18T11:26:55+07:00"
}
List of Error/Response Code
| HTTP Status Code | Code | Status | Response Description | Deskripsi |
|---|---|---|---|---|
| 200 | 00 | Sukses | Successfull | Sukses |
| 400 | 01 | Gagal | Invalid Field Format Request | Format Request Tidak Valid |
| 403 | 00 | Gagal | Transaction Expired | Refund sudah tidak bisa dilakukan |
| 403 | 02 | Gagal | Exceeds Transaction Amount Limit | Amount exceeding the limit |
| 403 | 15 | Gagal | Transaction Not Permitted. Invalid Data. Abort Process | Invalid Data. Abort Process |
| 403 | 15 | Gagal | Transaction Not Permitted. QR Expired | QR Expired |
| 403 | 23 | Gagal | Account Limit Exceed | Akumulasi Nominal Melebihi Limit |
| 404 | 01 | Gagal | Transaction Not Found |
|
| 404 | 08 | Gagal | Invalid Merchant | Invalid Merchant |
| 404 | 11 | Gagal | Invalid Card/Account/Customer [info]/Virtual Account | Invalid CPAN |
| 404 | 12 | Gagal | Invalid Bill | Invalid transaction / invalid number |
| 404 | 13 | Gagal | Invalid Amount | Invalid Amount |
| 404 | 14 | Gagal | Paid Bill | Transaksi Sudah Terbayar |
| 500 | 01 | Gagal | Internal Server Error Retrieve Data Failed | Retrieve Data Failed |
| 500 | 01 | Gagal | Internal Server Error Database Error | Database Error |
