API Account Opening
Version Control
|
API Version |
Date |
Description |
|---|---|---|
|
v1.0 |
27 Maret 2024 |
Baseline version |
|
v1.1 |
30 April 2024 |
This update incorporates comprehensive data types, lengths, and mandatory attributes. Updated List of Error/Response Codes. |
| v1.2 | 20 June 2024 | Added virtual card sequence and endpoint details to the API Specification Document. |
A. Product Overview
Product Overview
The API Account Opening presents a powerful solution, empowering partners/third party to offer a frictionless and secure online experience for prospective clients seeking to open accounts. This transformative API eliminates the need for physical branch visits, revolutionizing the traditional onboarding process and ushering in a new era of convenience and efficiency for both partners/third party and their customers.
The account opening process consists of the following sequential steps:
B. Sequence Diagram API Account Opening
C. Endpoint Lists
1. API Send Pre-request Data
Endpoint Description
The API Send Pre-request Data serves as the initial point of entry for potential customers seeking to open accounts through your organization or partner platforms. This API enables a seamless and efficient pre-application process, allowing users to submit preliminary data and documents electronically.
General Information
|
HTTP Method |
POST |
|---|---|
|
Path |
/v1.0/openingAccount/preRequestData |
|
Tipe Format |
JSON |
|
Authentication |
OAuth 2.0 with Access Token |
Header Structure
|
Key |
Value |
Type |
Mandatory |
Length |
Example |
|---|---|---|---|---|---|
| Authorization | Authorization | String | M | Bearer {Token} | |
| X-TIMESTAMP | timestamp | Datetime | M | Format Timestamp ISO8601 | |
| X-SIGNATURE | signature | String | M | HMAC_SHA512 | |
| Content-type | application/json | M | application/json | ||
| X-PARTNER-ID | Alphanumeric | M | 36 | ||
| CHANNEL-ID | Alphanumeric | M | 5 | ||
| X-EXTERNAL-ID | Numeric | M | 36 |
Request Structure
|
Field |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
partnerReferenceNo |
String |
M |
64 |
Transaction identifier on service consumer system. | 2020102900000000000001 |
| consentId | String | M | |||
| identificationNo | String | M | 16 | Indonesian National Identification Number (NIK) of the applicant in 16-digit format | |
| name | String | M | Full legal name of the applicant | Agung Harsono | |
| bornDate | String | M | 10 | Date of birth of the applicant in DD-MM-YYYY format | 17-08-1945 |
| phoneNo | String | M | 13 | Applicant's mobile phone number | 081213456789 |
| motherName | String | M | |||
| countryCode | String | M | 4 | ||
| String | M | Primary email address of the applicant | agungharsono@gmail.com | ||
| referralCode | String | O | Code used to identify the user who referred this applicant (if applicable) | ||
| requestRefnum | String | M | 12 | Unique reference number assigned to this account opening request. | 123456789012 |
| timestamp | String | M | 13 |
Response Structure
|
Field |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
responseCode |
String |
M |
7 |
Response code | |
| responseMessage | String | M | 150 | Response description | |
| originalPartnerReferenceNo | String | M | |||
| originalReferenceNo | String | M | |||
| responseId | String | M | |||
| customerId | String | M | 36 | Unique identifier for the newly created customer account | |
| phoneNo | String | M | 13 | Verified phone number associated with the new account creation | |
| method | String | M | Method used for verification (e.g., SMS, WA). | ||
| status | Numeric | M | |||
| expiredInSecond | Numeric | M |
Request & Response Payload Sample
Request
{
"partnerReferenceNo": "2020102900000000000001",
"consentId": "",
"identificationNo": "3674010909940005",
"name": "Agung Harsono",
"bornDate": "17-08-1945",
"phoneNo": "08121345XXXX",
"motherName": "Ibu",
"countryCode": "Jakarta",
"email": "agungharsono@gmail.com",
"referralCode": "00123456",
"requestRefnum": "123456789012",
"timestamp": "1696996569871"
}
Normal Response :
{
"responseCode": "2000600",
"responseMessage": "Successful",
"originalReferenceNo": "2020102977770000000009",
"originalPartnerReferenceNo": "2020102900000000000001",
"responseId": "d553f38e480844b683578d75844bac00",
"additionalInfo": {
"customerId": "11ab41e6-e2e4-409c-88fc-50cea8fa2a6cea",
"phoneNo": "08123456789",
"method": "SMS",
"status": 1,
"expiredInSecond": 180
}
}
Error Response :
{
"responseCode": "4000600",
"responseMessage": "Bad Request"
}
List of Error/Response Code
|
HTTP Status |
Code |
Status |
Response Message |
Description |
|---|---|---|---|---|
|
200 |
2000600 |
Success |
Successful |
Successful |
| 400 | 4000600 | Failed | Bad Request | General request failed error, including message parsing failed |
| 400 | 4000601 | Failed | Invalid Field Format {fieldName} | Invalid format |
| 400 | 4000602 | Failed | Invalid Mandatory Field {fieldName} | Missing or invalid format on mandatory field |
| 401 | 4010600 | Failed | Unauthorized. [Reason] | General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found) |
| 403 | 4030605 | Failed | Do Not Honor | Account or User status is abnormal |
| 403 | 4030615 | Failed | Transaction Not Permitted. [Reason] | Transaction Not Permitted |
| 404 | 4040607 | Failed | Journey Not Found | The journeyID cannot be found in the system |
| 409 | 4090600 | Failed | Conflict | Cannot use same X-EXTERNAL-ID in same day |
| 500 | 5000600 | Failed | General Error | General Error |
| 500 | 5000601 | Failed | Internal Server Error | Unknown Internal Server Failure, Please retry the process again |
| 500 | 5000602 | Failed | External Server Error | Backend system failure |
| 504 | 5040600 | Failed | Timeout | Timeout from the issuer |
2. API Resend OTP
Endpoint Description
The API Resend OTP is used to resend a One-Time Password (OTP) to the registered mobile phone number of an applicant as part of the account opening application process. This API aims to provide applicants with the opportunity to complete the verification process if they did not receive the OTP in a certain period of time.
General Information
|
HTTP Method |
POST |
|---|---|
|
Path |
/v1.0/openingAccount/resendOtp |
|
Tipe Format |
JSON |
|
Authentication |
OAuth 2.0 with Access Token |
Header Structure
|
Key |
Value |
Type |
Mandatory |
Length |
Example |
|---|---|---|---|---|---|
| Authorization | Authorization | String | M | Bearer {Token} | |
| X-TIMESTAMP | timestamp | Datetime | M | Format Timestamp ISO8601 | |
| X-SIGNATURE | signature | String | M | HMAC_SHA512 | |
| Content-type | application/json | M | application/json | ||
| X-PARTNER-ID | Alphanumeric | M | 36 | ||
| CHANNEL-ID | Alphanumeric | M | 5 | ||
| X-EXTERNAL-ID | Numeric | M | 36 |
Request Structure
|
Field |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
timestamp |
String |
M |
13 |
||
| requestRefnum | String | M | 12 | ||
| partnerReferenceNo | String | M | 64 | Transaction identifier on service consumer system | 2020102900000000000001 |
| method | String | M | 3 | ||
| customerId | String | M | 36 | ||
| additionalInfo | Object | M |
Response Structure
|
Field |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
responseCode |
String |
M |
7 |
Response code | |
| responseMessage | String | M | 150 | Response description | |
| originalPartnerReferenceNo | String | C | 64 | Transaction identifier on service provider system. Must be filled upon successful transaction | |
| originalReferenceNo | String | O | |||
| additionalInfo | String | M | |||
| customerId | String | O | 36 | Unique identifier for the newly created customer account | |
| phoneNo | String | M | 13 | ||
| method | String | M | 3 | ||
| expiredInSecond | Numeric | M | Time validity of the OTP code in seconds, it specifies the duration in seconds for which the OTP code will be valid before it expires. | ||
| status | Numeric | M | |||
| responseId | String | M |
Request & Response Payload Sample
Request
{
"partnerReferenceNo": "2020102900000000000001",
"additionalInfo": {
"customerId": "11ab41e6-e2e4-409c-88fc-50cea8fa2a6cea",
"method": "SMS",
"requestRefnum": "123456789012",
"timestamp": "1696996569871"
}
}
Normal Response :
{
"responseCode": "2000600",
"responseMessage": "Successful",
"originalReferenceNo": "20201029777",
"originalPartnerReferenceNo": "2020102900000000000001",
"additionalInfo": {
"customerId": "123xyz789",
"phone": "08123456789",
"method": "SMS",
"expiredInSecond": 180,
"status": 1,
"responseId": "d553f38e480844b683578d75844bac00"
}
}
Error Response :
{
"responseCode": "5000600",
"responseMessage": "General Error"
}
List of Error/Response Code
|
HTTP Status |
Code |
Status |
Response Message |
Description |
|---|---|---|---|---|
|
200 |
2000600 |
Success |
Successful |
Successful |
| 400 | 4000600 | Failed | Bad Request | General request failed error, including message parsing failed |
| 400 | 4000601 | Failed | Invalid Field Format {fieldName} | Invalid format |
| 400 | 4000602 | Failed | Invalid Mandatory Field {fieldName} | Missing or invalid format on mandatory field |
| 401 | 4010600 | Failed | Unauthorized. [Reason] | General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found) |
| 403 | 4030605 | Failed | Do Not Honor | Account or User status is abnormal |
| 403 | 4030615 | Failed | Transaction Not Permitted. [Reason] | Transaction Not Permitted |
| 404 | 4040607 | Failed | Journey Not Found | The journeyID cannot be found in the system |
| 409 | 4090600 | Failed | Conflict | Cannot use same X-EXTERNAL-ID in same day |
| 500 | 5000600 | Failed | General Error | General Error |
| 504 | 5040600 | Failed | Timeout | Timeout from the issuer |
3. API Verify OTP
Endpoint Description
The API Verify OTP is used to verify the One-Time Password (OTP) code sent to applicants to verify their mobile phone number and complete the account opening process. This API aims to ensure that the applicant entering the OTP is the legitimate user and reduce the risk of fraud and unauthorized access during the account opening process.
General Information
|
HTTP Method |
POST |
|---|---|
|
Path |
/v1.0/openingAccount/verifyOTP |
|
Tipe Format |
JSON |
|
Authentication |
OAuth 2.0 with Access Token |
Header Structure
|
Key |
Value |
Type |
Mandatory |
Length |
Example |
|---|---|---|---|---|---|
| Authorization | Authorization | String | M | Bearer {Token} | |
| X-TIMESTAMP | timestamp | Datetime | M | Format Timestamp ISO8601 | |
| X-SIGNATURE | signature | String | M | HMAC_SHA512 | |
| Content-type | application/json | M | application/json | ||
| X-PARTNER-ID | Alphanumeric | M | 36 | ||
| CHANNEL-ID | Alphanumeric | M | 5 | ||
| X-EXTERNAL-ID | Numeric | M | 36 |
Request Structure
|
Field |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
partnerReferenceNo |
String |
M |
64 |
||
| otp | String | M | 6 | One-Time Password (OTP) that users receive via SMS/Whatsapp | |
| type | String | M |
arah penggunaan dari verify otp: - OA - DIRDEB |
||
| additionalInfo | String | M | |||
| customerId | String | M | 36 | ||
| requestRefnum | String | M | 12 | ||
| timestamp | String | M | 13 |
Response Structure
|
Field |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
responseCode |
String |
M |
|
||
| responseMessage | String | M | |||
| originalReferenceNo | String | M | Identifikasi transaksi asli pada sistem penyedia layanan. harus diisi setelah transaksi berhasil | ||
| originalPartnerReferenceNo | String | M | Identifikasi transaksi asli pada sistem layanan konsumen | ||
| additionalInfo | Object | M | |||
| customerId | String | M | |||
| String | M | ||||
| expiredInSecond | Numeric | M | Time remaining in seconds for the OTP to be valid | ||
| status | Numeric | M | |||
| responseId | String |
Request & Response Payload Sample
Request
{
"partnerReferenceNo": "2020102900000000000001",
"merchantId": "",
"otp": "140450",
"type": "OA",
"additionalInfo": {
"customerId": "123xyz789",
"requestRefnum": "123456789012",
"timestamp": "1696996569871"
}
}
Normal Response :
{
"responseCode": "2000600",
"responseMessage": "Successful",
"originalReferenceNo": "20201029777",
"originalPartnerReferenceNo": "2020102900000000000001",
"additionalInfo": {
"customerId": "123xyz789",
"email": "andariaaa@gmail.com",
"status": 2,
"expiredInSecond": 300,
"responseId": "d553f38e480844b683578d75844bac00"
}
}
Error Response :
{
"responseCode": "5000600",
"responseMessage": "General Error"
}
List of Error/Response Code
|
HTTP Status |
Code |
Status |
Response Message |
Description |
|---|---|---|---|---|
|
200 |
2000600 |
Success |
Successful |
Successful |
| 400 | 4000600 | Failed | Bad Request | General request failed error, including message parsing failed |
| 400 | 4000601 | Failed | Invalid Field Format {fieldName} | Invalid format |
| 400 | 4000602 | Failed | Invalid Mandatory Field {fieldName} | Missing or invalid format on mandatory field |
| 401 | 4010600 | Failed | Unauthorized. [Reason] | General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found) |
| 403 | 4030612 | Failed | OTP Lifetime Expired | OTP has been expired |
| 403 | 4030615 | Failed | Transaction Not Permitted. [Reason] | Transaction Not Permitted |
| 404 | 4040607 | Failed | Journey Not Found | The journeyID cannot be found in the system |
| 404 | 4040615 | Failed | Invalid OTP | OTP is incorrect |
| 409 | 4090600 | Failed | Conflict | Cannot use same X-EXTERNAL-ID in same day |
| 500 | 5000600 | Failed | General Error | General Error |
| 504 | 5040600 | Failed | Timeout | Timeout from the issuer |
4. API Resend Email
Endpoint Description
The API Resend Email provides a valuable tool for facilitating a seamless and efficient customer onboarding process by offering prospective clients a second chance to complete email verification. This functionality addresses instances where the initial verification email might not have been received or expired, potentially hindering their progress towards account creation. Please note that the email verification link is only valid for the next 10 minutes. After that, customer will need to request a new link to continue the account opening process.
General Information
|
HTTP Method |
POST |
|---|---|
|
Path |
/v1.0/openingAccount/resendEmail |
|
Tipe Format |
JSON |
|
Authentication |
OAuth 2.0 with Access Token |
Header Structure
|
Key |
Value |
Type |
Mandatory |
Length |
Example |
|---|---|---|---|---|---|
| Authorization | Authorization | String | M | Bearer {Token} | |
| X-TIMESTAMP | timestamp | Datetime | M | Format Timestamp ISO8601 | |
| X-SIGNATURE | signature | String | M | HMAC_SHA512 | |
| Content-type | application/json | M | application/json | ||
| X-PARTNER-ID | Alphanumeric | M | 36 | ||
| CHANNEL-ID | Alphanumeric | M | 5 | ||
| X-EXTERNAL-ID | Numeric | M | 36 |
Request Structure
|
Field |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
partnerReferenceNo |
String |
M |
64 |
Transaction identifier on service consumer system | 2020102900000000000001 |
| additionalInfo | Object | M | |||
| customerId | String | M | 36 | Unique identifier for the newly created customer account | 123xyz789 |
| String | M | Email address that will receive the verification link | |||
| requestRefnum | String | M | 12 | Unique reference number assigned to this account opening request | 123456789012 |
| timestamp | String | M | 13 |
Response Structure
|
Field |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
responseCode |
String |
M |
7 |
Response code | |
| responseMessage | String | M | 150 | Response description | |
| originalReferenceNo | String | M | Identifikasi transaksi asli pada sistem penyedia layanan. harus diisi setelah transaksi berhasil | ||
| originalPartnerReferenceNo | String | M | Identifikasi transaksi asli pada sistem layanan konsumen | ||
| additionalInfo | Object | M | |||
| customerId | String | M | 36 | Unique application ID assigned upon initial account creation request (pre-request) | 123xyz789 |
| phone | String | M | 13 | The recipient's email address to receive a verification link | |
| method | String | M | 3 | ||
| status | Numeric | M | |||
| expiredInSecond | Numeric | M | Verification link expiration time (seconds) | ||
| responseId | String | M |
Request & Response Payload Sample
Request
{
"partnerReferenceNo": "2020102900000000000001",
"additionalInfo": {
"customerId": "123xyx789",
"email": "agungharsono2@gmail.com",
"requestRefnum": "123456789012",
"timestamp": "1696996569871"
}
}
Normal Response :
{
"responseCode": "2000600",
"responseMessage": "Successful",
"originalReferenceNo": "20201029777",
"originalPartnerReferenceNo": "2020102900000000000001",
"additionalInfo": {
"customerId": "123xyz789",
"phone": "0813xxxxx",
"method": "WA",
"status": 2,
"expiredInSecond": 180,
"responseId": "6331c5ade50b4a68b41c995f6644b2a1"
}
}
Error Response :
{
"responseCode": "5000600",
"responseMessage": "General Error"
}
List of Error/Response Code
|
HTTP Status |
Code |
Status |
Response Message |
Description |
|---|---|---|---|---|
|
200 |
2000600 |
Success |
Successful |
Successful |
| 400 | 4000600 | Failed | Bad Request | General request failed error, including message parsing failed |
| 400 | 4000601 | Failed | Invalid Field Format {fieldName} | Invalid format |
| 400 | 4000602 | Failed | Invalid Mandatory Field {fieldName} | Missing or invalid format on mandatory field |
| 401 | 4010600 | Failed | Unauthorized. [Reason] | General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found) |
| 403 | 4030615 | Failed | Transaction Not Permitted. [Reason] | Transaction Not Permitted |
| 404 | 4040607 | Failed | Journey Not Found | The journeyID cannot be found in the system |
| 404 | 4040615 | Failed | Invalid OTP | OTP is incorrect |
| 409 | 4090600 | Failed | Conflict | Cannot use same X-EXTERNAL-ID in same day |
| 500 | 5000600 | Failed | General Error | General Error |
| 504 | 5040600 | Failed | Timeout | Timeout from the issuer |
5. API Send KYC
Endpoint Description
The API Send KYC facilitates the secure transmission of Know Your Customer (KYC) data, such as ID card photos and liveness videos, to the Bank. This data is crucial for verifying customer identities and complying with Bank Indonesia regulations during the account opening process.
General Information
|
HTTP Method |
POST |
|---|---|
|
Path |
/v1.0/openingAccount/sendKyc |
|
Tipe Format |
JSON |
|
Authentication |
OAuth 2.0 with Access Token |
Header Structure
|
Key |
Value |
Type |
Mandatory |
Length |
Example |
|---|---|---|---|---|---|
| Authorization | Authorization | String | M | Bearer {Token} | |
| X-TIMESTAMP | timestamp | Datetime | M | Format Timestamp ISO8601 | |
| X-SIGNATURE | signature | String | M | HMAC_SHA512 | |
| Content-type | application/json | M | application/json | ||
| X-PARTNER-ID | Alphanumeric | M | 36 | ||
| CHANNEL-ID | Alphanumeric | M | 5 | ||
| X-EXTERNAL-ID | Numeric | M | 36 |
Request Structure
|
Field |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
partnerReferenceNo |
String |
M |
64 |
||
| customerId | String | M | 36 | Unique identifier for the newly created customer account | 123xyz789 |
| requestRefnum | String | M | 12 | ||
| timestamp | String | M | 13 |
Response Structure
|
Field |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
responseCode |
String |
M |
7 |
Response code | |
| responseMessage | String | M | 150 | Response description | |
| originalPartnerReferenceNo | String | ||||
| originalReferenceNo | |||||
| additionalInfo | Object | ||||
| customerId | String | 36 | |||
| responseId | String | ||||
| status | Numeric |
Request & Response Payload Sample
Request
{
"partnerReferenceNo": "2020102900000000000001",
"customerId": "123xyx789",
"requestRefnum": "123456789012",
"timestamp": "1696996569871"
}
Normal Response :
{
"responseCode": "2000600",
"responseMessage": "Successful",
"originalPartnerReferenceNo": "2020102900000000000001",
"originalReferenceNo": "123456789012",
"additionalInfo": {
"customerId": "123xyz789",
"responseId": "6331c5ade50b4a68b41c995f6644b2a1",
"status": 4
}
}
Error Response :
{
"responseCode": "5000600",
"responseMessage": "General Error"
}
List of Error/Response Code
|
HTTP Status |
Code |
Status |
Response Message |
Description |
|---|---|---|---|---|
|
200 |
2000600 |
Success |
Successful |
Successful |
| 400 | 4000600 | Failed | Bad Request | General request failed error, including message parsing failed |
| 400 | 4000601 | Failed | Invalid Field Format {fieldName} | Invalid format |
| 400 | 4000602 | Failed | Invalid Mandatory Field {fieldName} | Missing or invalid format on mandatory field |
| 401 | 4010600 | Failed | Unauthorized. [Reason] | General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found) |
| 403 | 4030615 | Failed | Transaction Not Permitted. [Reason] | Transaction Not Permitted |
| 404 | 4040607 | Failed | Journey Not Found | The journeyID cannot be found in the system |
| 409 | 4090600 | Failed | Conflict | Cannot use same X-EXTERNAL-ID in same day |
| 500 | 5000600 | Failed | General Error | General Error |
| 500 | 5000601 | Failed | Internal Server Error | Unknown Internal Server Failure, Please retry the process again |
| 504 | 5040600 | Failed | Timeout | Timeout from the issue |
6. API Account Creation
Endpoint Description
The API Account Creation is used to submit applicant data and request online account opening process.
General Information
|
HTTP Method |
POST |
|---|---|
|
Path |
/v1.0/openingAccount/accountCreation |
|
Tipe Format |
JSON |
|
Authentication |
OAuth 2.0 with Access Token |
Header Structure
|
Key |
Value |
Type |
Mandatory |
Length |
Example |
|---|---|---|---|---|---|
| Authorization | Authorization | String | M | Bearer {Token} | |
| X-TIMESTAMP | timestamp | Datetime | M | Format Timestamp ISO8601 | |
| X-SIGNATURE | signature | String | M | HMAC_SHA512 | |
| Content-type | application/json | M | application/json | ||
| X-PARTNER-ID | Alphanumeric | M | 36 | ||
| CHANNEL-ID | Alphanumeric | M | 5 | ||
| X-EXTERNAL-ID | Numeric | M | 36 |
Request Structure
|
Field |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
partnerReferenceNo |
String |
M |
64 |
||
| customerId | String | M | 36 | Unique identifier for the newly created customer account | 123xyz789 |
| additionalInfo | Object | ||||
| requestRefnum | String | 12 | |||
| timestamp | String | 13 | |||
| selfData | Object | Personal information of the applicant | |||
| bornPlace | String | Place of birth | Jakarta | ||
| gender | String | 1 |
Gender of the applicant note: for a detailed list of data, please refer to Data List |
M | |
| religion | String | 3 |
Religion of the applicant note: for a detailed list of data, please refer to Data List |
ISL | |
| education | String | 2 |
Highest level of education attained of the applicant note: for a detailed list of data, please refer to Data List |
S1 | |
| maritalStatus | String | 1 |
Marital status of the applicant note: for a detailed list of data, please refer to Data List |
K | |
| addressData | Object | Residential address information of the applicant | |||
| postcode | String | 5 | Five-digit postal code of the residence | 12550 | |
| postcodeDetail | String | Additional postal code details | Ragunan, Pasar Minggu, Jakarta Selatan | ||
| rt | String | 3 | 007 | ||
| rw | String | 3 | 005 | ||
| addressDetail | String | Full address details | Jl. Harsono 26 | ||
| domPostcode | String | 5 | Five-digit postal code associated with the domicile | ||
| domPostcode Detail | String | Additional postal code details of the applicant's current residence | |||
| domRt | String | 3 | |||
| domRw | String | 3 | |||
| domAddress Detail | String | Details of the applicant's current residential address | |||
| jobData | Object | Information about the applicant's job | |||
| officeName | String | Name of the applicant's employer | BRI | ||
| jobGroup | String | 4 |
Industry sector of the applicant's job note: for a detailed list of data, please refer to Data List |
BUMN | |
| jobRole | String | 2 |
Job title or position of the applicant note: for a detailed list of data, please refer to Data List |
64 | |
| jobPostcode | String | 5 | Five-digit postal code of the workplace | ||
| jobPostcode Detai | String | Additional postal code details | |||
| jobRt | String | 3 | |||
| jobRw | String | 3 | |||
| jobAddressDetail | String | Full address details of the workplace | |||
| financialData | Object | Financial information of the applicant | |||
| incomeSource | String | 2 |
Main source of income note: for a detailed list of data, please refer to Data List |
11 | |
| incomeMonthly | String | 2 | Average monthly income | G1 | |
| dailyTransaction | String | 2 |
Estimated average daily transaction value note: for a detailed list of data, please refer to Data List |
N1 | |
| purpose | String | 2 |
Purpose for opening the account note: for a detailed list of data, please refer to Data List |
T1 |
Response Structure
|
Field |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
responseCode |
String |
M |
7 |
Response code | |
| responseMessage | String | M | 150 | Response description | |
| originalPartnerReferenceNo | String | Transaction identifier on service consumer system | |||
| originalReferenceNo | Transaction identifier on service provider system. Must be filled upon successful transaction | ||||
| additionalInfo | Object | Additional information | |||
| customerId | String | 36 | |||
| responseId | String | ||||
| status | Numeric | ||||
| urlUserBrimo | String | url web view create user brimo |
Request & Response Payload Sample
Request
{
"partnerReferenceNo": "3287423894732",
"customerId": "11ab41e6-e2e4-409c-88fc-50cea8fa2a6cea",
"additionalInfo": {
"requestRefnum": "123456789012",
"timestamp": "1696996569871",
"selfData": {
"bornPlace": "Jakarta",
"gender": "M",
"religion": "ISL",
"education": "S2",
"maritalStatus": "K"
},
"addressData": {
"postcode": "12550",
"postcodeDetail": "Ragunan, Pasar Minggu, Jakarta Selatan",
"rt": "007",
"rw": "005",
"addressDetail": "Jl. Harsono 26",
"domPostcode": "12550",
"domPostcodeDetail": "Ragunan, Pasar Minggu, Jakarta Selatan",
"domRt": "007",
"domRw": "005",
"domAddressDetail": "Jl. Harsono 26"
},
"jobData": {
"officeName": "BRI",
"jobGroup": "BUMN",
"jobRole": "64",
"jobPostcode": "12551",
"jobPostcodeDetail": "Pasar Rebo, Pasar Malem, Jakarta Pusat",
"jobRt": "001",
"jobRw": "002",
"jobAddressDetail": "Jl. Sudirman Said"
},
"financialData": {
"incomeSource": "11",
"incomeMonthly": "G1",
"dailyTransaction": "N1",
"purpose": "T1"
}
}
}
Normal Response :
{
"responseCode": "2000600",
"responseMessage": "Successful",
"originalReferenceNo": "20201029777",
"originalPartnerReferenceNo": "2020102900000000000001",
"additionalInfo": {
"customerId": "11ab41e6-e2e4-409c-88fc-50cea8fa2a6cea",
"status": 4,
"responseId": "88330f385a8c4925864b0c1aad6a2842",
"urlUserBrimo": "https://ms-briapi-web-view-oa.dev.bbri.io/?onboardingId=11ab41e6-
e2e4-409c-88fc-50cea8fa2a6cea"
}
}
Error Response :
{
"responseCode": "5000600",
"responseMessage": "General Error"
}
List of Error/Response Code
|
HTTP Status |
Code |
Status |
Response Message |
Description |
|---|---|---|---|---|
|
200 |
2000600 |
Success |
Successful |
Successful |
| 400 | 4000600 | Failed | Bad Request | General request failed error, including message parsing failed |
| 400 | 4000601 | Failed | Invalid Field Format {fieldName} | Invalid format |
| 400 | 4000602 | Failed | Invalid Mandatory Field {fieldName} | Missing or invalid format on mandatory field |
| 401 | 4010600 | Failed | Unauthorized. [Reason] | General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found) |
| 403 | 4030615 | Failed | Transaction Not Permitted. [Reason] | Transaction Not Permitted |
| 404 | 4040607 | Failed | Journey Not Found | The journeyID cannot be found in the system |
| 409 | 4090600 | Failed | Conflict | Cannot use same X-EXTERNAL-ID in same day |
| 500 | 5000600 | Failed | General Error | General Error |
| 504 | 5040600 | Failed | Timeout | Timeout from the issue |
Data List
Pengkodean Value pada Request
1. Personal Information
1.1 Gender
|
Code |
Value |
|---|---|
|
M |
Laki-Laki |
| F | Perempuan |
1.2 Religion
|
Code |
Value |
|---|---|
|
ISL |
Islam |
| KAT | Katolik |
| KRI | Protestan |
| BUD | Buddha |
| HIN | Hindu |
| ZZZ | Konghucu |
| ZZZ | Lainnya |
1.3 Education
|
Code |
Value |
|---|---|
|
SD |
SD/Sederajat |
| SM | SLTP/SMP/Sederajat |
| SU | SLTA/SMU/SMK/Sederajat |
| S1 | D4/S1 |
| S2 | S2 |
| S3 | S3 |
| ZZ |
Lainnya |
1.4 Martial Status
|
Code |
Value |
|---|---|
|
B |
Belum Kawin |
| K | Kawin |
| D | Duda |
| J | Janda |
2. Employment Data
2.1. Job Group
|
Code |
Value |
|---|---|
|
PENG |
Belum Bekerja/Pencari Kerja |
| BUMN | Pegawai BUMN |
| ADMI | Administrasi Umum / Supervisor |
| AKUN | Akunting / Keuangan |
| DAGA | Pedagang |
| DKTR | Dokter |
| EXEC | Executive / Managerial |
| GURU | Pengajar/Guru/Dosen PNS |
| GUSW | Pengajar/Guru/Dosen Swasta |
| IBRT | Ibu Rumah Tangga |
| KOMP | Ahli Komputer/Programmer |
| KONS | Konsultan |
| MAHA | Mahasiswa |
| MILD | Militer (TNI - AD) |
| MILL | Militer (TNI - AL) |
| MILP | Militer (POLRI) |
| MILU | Militer (TNI - AU) |
| NOTA | Notaris |
| PELA | Pelajar |
| PEMI | Pemilik Perusahaan |
| PENS | Pensiunan |
| PGCR | Pengacara |
| PNSI | Pegawai Negeri Sipil |
| PROD | Produksi/Operasi/ Manufaktur |
| PROF | Professional |
| RISE | Riset & Pengembangan |
| SALE | Sales/Marketing/Promosi |
| SENI | Seniman |
| SERV | Service/Customer Support/Layanan |
| SWAS | Pegawai Swasta |
| TECH | Technical / Engineering-lainnya |
| WIRA | Wiraswasta |
2.2 Job Role
|
Code |
Value |
|---|---|
|
01 |
Pemilik, Direktur Utama/Presiden Dir. |
| 02 | Pemilik, Direktur |
| 03 | Pemilik, Komisaris Utama/Presiden Kom. |
| 04 | Pemilik, Komisaris |
| 06 | Pemilik, Kuasa Direksi |
| 07 | Pemilik, Bukan Pengurus |
| 08 | Pemilik, Grup |
| 09 | Pemilik, Masyarakat |
| 10 | Pemilik, Ketua Umum |
| 11 | Pemilik, Ketua |
| 12 | Pemilik, Sekretaris |
| 13 | Pemilik, Bendahara |
| 14 | Ketua MPR |
| 15 | Wakil Ketua MPR |
| 16 | Anggota MPR |
| 17 | Ketua DPR |
| 18 | Wakil Ketua DPR |
| 19 | Anggota DPR |
| 20 | Presiden |
| 21 | Wakil Presiden |
| 22 | Menteri |
| 23 | Pejabat setingkat menteri |
| 24 | Eksekutif dan Ketua Parpol |
| 25 | Gubernur |
| 26 | Wakil Gubernur |
| 27 | Walikota |
| 28 | Wakil Walikota |
| 29 | Bupati |
| 30 | Wakil Bupati |
| 31 | Camat |
| 32 | Lurah |
| 33 | Hakim |
| 34 | Direksi BUMN atau BUMD |
| 35 | Komisaris BUMN atau BUMD |
| 36 | Pimpinan Bank Indonesia |
| 37 | Pimpinan BPPN |
| 38 | Kepala Divisi BUMN atau BUMD |
| 39 | Wakil Kepala Divisi BUMN atau BUMD |
| 40 | Rektor, Pembantu Rektor, Dekan |
| 41 | Jaksa |
| 42 | Kapolri, Wakapolri, Kapolda, Wakapolda |
| 43 | Panglima TNI, KSAD, KSAU, KSAL |
| 44 | Penyidik |
| 45 | Pejabat yang mengeluarkan perijina |
| 46 | Pejabat pembuat regulasi |
| 47 | Panitera Pengadilan |
| 48 | Pemimpin Proyek APBN atau APBD |
| 49 | Bendahara Proyek APBN atau APBD |
| 50 | Kepala Kantor di Departemen Keuangan |
| 51 | Pengurus, Direktur Utama/Presiden Dir |
| 52 | Pengurus, Direktur |
| 53 | Pengurus, Komisaris Utama/Presiden Kom |
| 54 | Pengurus, Komisaris |
| 55 | Pengurus, Kuasa Direksi |
| 56 | Pengurus, Grup |
| 57 | Pengurus, Ketua Umum |
| 58 | Pengurus, Ketua |
| 59 | Pengurus, Sekretaris |
| 60 | Pengurus, Bendahara |
| 61 | Pengurus, Lainnya |
| 62 | Pengawas Bea dan Cukai |
| 63 | Auditor |
| 64 | Staf |
| 65 | Petugas Administrasi |
| 67 | Petugas Kebersihan |
| 68 | Petugas Keamanan |
| 69 | Juru Masak |
| 70 | Ibu Rumah Tangga |
| 71 |
Tidak Bekerja |
3. Financial Data
3.1. Income Source
|
Code |
Value |
|---|---|
|
11 |
Gaji |
| 12 | Hasil Usaha |
| 99 | Lainnya |
3.2. Monthly Income
|
Code |
Value |
|---|---|
|
G1 |
1 - 5 Juta |
| G2 | 5 - 10 juta |
| G3 | 10 - 50 juta |
| G4 | 50 - 100 juta |
| G4 | Di atas 100 juta |
3.3. Daily Transaction
|
Code |
Value |
|---|---|
|
N1 |
0 - 10 Juta |
| N2 | 10 Juta - 50 Juta |
| N3 | 50 Juta - 100 Juta |
| N4 | 100 Juta - 1 Milyar |
| N5 | Lebih dari 1 Milyar |
3.4. Account Opening Purpose
|
Code |
Value |
|---|---|
|
T1 |
Tabungan |
| T2 | Transaksi |
| T3 | Pribadi |
| ZZ | Lainnya |
7. API Check Progress
Endpoint Description
The API Check Progress is used to retrieve the latest status information of account opening requests submitted by partners. This API is expected to provide partners/third parties with control and visibility over the application process, making it easier for partners to provide more accurate information to their users.
General Information
|
HTTP Method |
POST |
|---|---|
|
Path |
/v1.0/openingAccount/checkProgress |
|
Tipe Format |
JSON |
|
Authentication |
OAuth 2.0 with Access Token |
Header Structure
|
Key |
Value |
Type |
Mandatory |
Length |
Example |
|---|---|---|---|---|---|
| Authorization | Authorization | String | M | Bearer {Token} | |
| X-TIMESTAMP | timestamp | Datetime | M | Format Timestamp ISO8601 | |
| X-SIGNATURE | signature | String | M | HMAC_SHA512 | |
| Content-type | application/json | M | application/json | ||
| X-PARTNER-ID | Alphanumeric | M | 36 | ||
| CHANNEL-ID | Alphanumeric | M | 5 | ||
| X-EXTERNAL-ID | Numeric | M | 36 |
Request Structure
|
Field |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
partnerReferenceNo |
String |
M |
64 |
Transaction identifier on service consumer system | 2020102900000000000001 |
| customerId | String | M | 36 | Unique application ID assigned upon initial account creation request (pre-request). This ID does not signify an active account, use this number to inquire about the application status. | 11ab41e6-e2e4- 409c88fc50cea8fa2a6cea |
| requestRefnum | String | M | 12 | Unique reference number assigned to this account opening request. | 123456789012 |
| timestamp | String | M | 13 |
Response Structure
|
Field |
Data Type |
Mandatory |
Length |
Description |
Example |
||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
responseCode |
String |
M |
7 |
Response code | |||||||||||||||||||||||||||
| responseMessage | String | M | 150 | Response description | |||||||||||||||||||||||||||
| originalPartnerReferenceNo | String | M | 64 | ||||||||||||||||||||||||||||
| originalReferenceNo | M | ||||||||||||||||||||||||||||||
| additionalInfo | Object | M | Additional information | ||||||||||||||||||||||||||||
| customerId | String | M | Unique application ID assigned upon initial account creation request (pre-request). This ID does not signify an active account, use this number to inquire about the application status. | 11ab41e6-e2e4- 409c88fc50cea8fa2a6cea | |||||||||||||||||||||||||||
| phone | String | C | |||||||||||||||||||||||||||||
| method | Numeric | C | |||||||||||||||||||||||||||||
| String | C | ||||||||||||||||||||||||||||||
| expiredInSecond | String | C | |||||||||||||||||||||||||||||
| accountNumber | String | C | |||||||||||||||||||||||||||||
| responseId | String | M | |||||||||||||||||||||||||||||
| status | Numeric | M |
The latest status information of account opening applications
|
Request & Response Payload Sample
Request
{
"partnerReferenceNo": "2020102900000000000001",
"requestRefnum": "123456789012",
"timestamp": "1696996569871"
"customerId": "11ab41e6-e2e4-409c-88fc-50cea8fa2a6cea"
}
Normal Response :
{
"responseCode":"2000600",
"responseMessage":"Successful",
"originalPartnerReferenceNo": "2020102900000000000001",
"originalReferenceNo": "123456789012",
"additionalInfo":{
"customerId": "11ab41e6-e2e4-409c-88fc-50cea8fa2a6cea",
"phone": "08123456789",
"method": "WA",
"expiredInSecond": 180,
"responseId":"6331c5ade50b4a68b41c995f6644b2a1",
"status": 1
}
}
Error Response :
{
"responseCode": "5000600",
"responseMessage": "General Error"
}
List of Error/Response Code
|
HTTP Status |
Code |
Status |
Response Message |
Description |
|---|---|---|---|---|
|
200 |
2000600 |
Success |
Successful |
Successful |
| 400 | 4000600 | Failed | Bad Request | General request failed error, including message parsing failed |
| 400 | 4000601 | Failed | Invalid Field Format {fieldName} | Invalid format |
| 400 | 4000602 | Failed | Invalid Mandatory Field {fieldName} | Missing or invalid format on mandatory field |
| 401 | 4010600 | Failed | Unauthorized. [Reason] | General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found) |
| 500 | 5000600 | Failed | General Error | General Error |
| 504 | 5040600 | Failed | Timeout | Timeout from the issue |
8. API Consent
Endpoint Description
This endpoint is used to generate consent
General Information
|
HTTP Method |
POST |
|---|---|
|
Path |
/v1.0/openingAccount/consent |
|
Tipe Format |
JSON |
|
Authentication |
OAuth 2.0 with Access Token |
Header Structure
|
Key |
Value |
Type |
Mandatory |
Length |
Example |
|---|---|---|---|---|---|
| Authorization | Authorization | String | M | Bearer {Token} | |
| X-TIMESTAMP | timestamp | Datetime | M | Format Timestamp ISO8601 | |
| X-SIGNATURE | signature | String | M | HMAC_SHA512 | |
| Content-type | application/json | M | application/json | ||
| X-PARTNER-ID | Alphanumeric | M | 36 | ||
| CHANNEL-ID | Alphanumeric | M | 5 | ||
| X-EXTERNAL-ID | Numeric | M | 36 |
Request Structure
|
Field |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
partnerReferenceNo |
String |
M |
64 |
Transaction identifier on service consumer system. | 2020102900000000000001 |
| onBoardingPartner | String | M | 16 | Onboarding partner of ... | DANA |
| countryCode | String | M | 2 | Requestor's country code | ID |
| permissions | String | M | - | Specifies the data access permissions. This list details the data categories the user consents to and authorizes the bank to share. |
|
| additionalInfo | Object | O |
Response Structure
|
Field |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
responseCode |
String |
M |
7 |
Response code | 2000600 |
| responseMessage | String | M | 150 | Response description | Request has been processed successfully |
| originalPartnerReferenceNo | String | M | 64 | Transaction identifier on service provider system. Must be filled upon successful transaction. | 2020102977770000000009 |
| originalReferenceNo | M | 64 | Transaction identifier on service consumer system. | 2020102900000000000001 | |
| consentId | Object | M | 32 | Unique identification as assigned to identify the account access consent resource. | bri-consent-88379 |
| creationDateTime | String | M | 32 | Date and time at which the resource was created. Format: ISO 8601. | 2023-12-30T09:11:47.169Z |
| status | String | M | 32 | Specifies the status of consent resource in code form. | awaiting_authorization |
| statusUpdateTime | Numeric | M | 32 | Date and time at which the resource status was updated. Format: ISO 8601. | 2023-12-30T09:11:47.169Z |
| permission | Array [String] | M | - | Specifies the data access permissions. This list details the data categories the user consents to and authorizes the bank to share. |
|
| link | String | M | 2048 | Link to the consent document | https://api.bri.co.id/open-banking/bri-consent-1 |
| additionalInfo | Object | O | Additional information | {"deviceId": "12345679237", "channel": "mobilephone"} |
Request & Response Payload Sample
Request
{
"partnerReferenceNo": "2020102900000000000001",
"onBoardingPartner": "Kredivo",
"countryCode": "ID",
"permissions": [
"ReadBalance",
"ReadBalanceExact",
"ReadStatement",
"ReadStatementExact",
"ReadAverageBalance",
"ReadAverageBalanceExact",
"ReadCreditScore",
"ReadAccount"
],
"additionalInfo": {
"deviceId": "123456789237",
"channel": "mobilephone"
}
}
Normal Response :
{
"responseCode": "2000600",
"responseMessage": "Successfully",
"originalReferenceNo": "2020102977770000000009",
"originalPartnerReferenceNo": "2020102900000000000001",
"consentId": "bri-consent-88379",
"creationDateTime": "2017-05-02T00:00:00+00:00",
"status": "AwaitingAuthorization",
"statusUpdateDateTime": "2017-05-02T00:00:00+00:00",
"permissions": [
"ReadBalances",
"ReadStatements"
],
"additionalInfo": {
"deviceId": "12345679237",
"channel": "mobilephone"
}
}
Error Response :
{
"responseCode": "5000600",
"responseMessage": "General Error"
}
List of Error/Response Code
|
HTTP Status |
Code |
Status |
Response Message |
Description |
|---|---|---|---|---|
|
200 |
2000600 |
Success |
Successful |
Successful |
| 400 | 4000601 | Failed | Invalid Field Format {fieldName} | Invalid format |
| 400 | 4000602 | Failed | Invalid Mandatory Field {fieldName} | Missing or invalid format on mandatory field |
| 401 | 4010600 | Failed | Unauthorized. [Reason] | General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found) |
| 403 | 4030615 | Failed | Transaction Not Permitted. [Reason] | Transaction Not Permitted |
| 409 | 4090600 | Failed | Conflict | Cannot use same X-EXTERNAL-ID in same day |
| 500 | 5000600 | Failed | General Error | General Error |
| 504 | 5040600 | Failed | Timeout | Timeout from the issue |
9. API Generate Virtual Card
Endpoint Description
The API Generate Virtual Card serves the purpose of generating a virtual card for customers who have previously opened an account through the "Opening Account Service."
General Information
|
HTTP Method |
POST |
|---|---|
|
Path |
/snap/v1.0/vcard/gen-virtual-card |
|
Tipe Format |
JSON |
|
Authentication |
OAuth 2.0 with Access Token |
Header Structure
|
Key |
Value |
Type |
Mandatory |
Length |
Example |
|---|---|---|---|---|---|
| Authorization | Authorization | String | M | Bearer {Token} | |
| X-TIMESTAMP | timestamp | Datetime | M | Format Timestamp ISO8601 | |
| X-SIGNATURE | signature | String | M | HMAC_SHA512 | |
| Content-type | application/json | M | application/json | ||
| X-PARTNER-ID | Alphanumeric | M | 36 | ||
| CHANNEL-ID | Alphanumeric | M | 5 | ||
| X-EXTERNAL-ID | Numeric | M | 36 |
Request Structure
|
Parameter |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
accountNo |
String |
C |
16 |
Bank account number. must be filled if bankCardToken is Null and Authorization-Customer is Null |
Response Structure
|
Parameter |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
responseCode |
String |
M |
7 |
Response Code |
|
|
responseMessage |
String |
M |
150 |
Response Description |
|
|
queueId |
String |
M |
64 |
|
Request & Response Payload Sample
Request
{
"accountNo": "0206xxxxxxxxxxx"
}
Normal Response :
{
"responseCode": "2000600",
"responseMessage": "Successful",
"queueId": "210922T000000316590"
}
Error Response :
{
"responseCode": "5000600",
"responseMessage": "General Error"
}
List of Error/Response Code
|
HTTP Status |
Code |
Status |
Response Description |
Description |
|---|---|---|---|---|
|
200 |
2000600 |
Success |
Successful |
Successful |
|
400 |
4000601 |
Failed |
Invalid Field Format {fieldName} |
Invalid format |
|
400 |
4000602 |
Failed |
Invalid Mandatory Field {fieldName} |
Missing or invalid format on mandatory field |
|
401 |
4010600 |
Failed |
Unauthoried. [Reason] |
General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found) |
|
409 |
4090600 |
Failed |
Conflict |
Cannot use same X-EXTERNAL-ID in same day |
|
500 |
5000600 |
Failed |
General Error |
General Error |
|
504 |
5040600 |
Failed |
Timeout |
Timeout from the issue |
10. API Inquiry Virtual Card
Endpoint Description
The API Inquiry Virtual Card allows you to inquire about the details of a virtual card previously generated using the "Generate Virtual Card" feature.
General Information
|
HTTP Method |
POST |
|---|---|
|
Path |
/snap/v1.0/vcard/inq-virtual-card |
|
Tipe Format |
JSON |
|
Authentication |
OAuth 2.0 with Access Token |
Header Structure
|
Key |
Value |
Type |
Mandatory |
Length |
Example |
|---|---|---|---|---|---|
| Authorization | Authorization | String | M | Bearer {Token} | |
| X-TIMESTAMP | timestamp | Datetime | M | Format Timestamp ISO8601 | |
| X-SIGNATURE | signature | String | M | HMAC_SHA512 | |
| Content-type | application/json | M | application/json | ||
| X-PARTNER-ID | Alphanumeric | M | 36 | ||
| CHANNEL-ID | Alphanumeric | M | 5 | ||
| X-EXTERNAL-ID | Numeric | M | 36 |
Request Structure
|
Parameter |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
queueId |
String |
M |
64 |
|
|
Response Structure
|
Parameter |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
responseCode |
String |
M |
7 |
Response code |
|
|
responseMessage |
String |
M |
150 |
Response description |
|
|
cardData |
Encrypted Object |
|
|
Merujuk pada standar Enkripsi Simetris pada Dokumen Standar Keamanan bagian 2.1.9 |
|
Card Data Object
|
Parameter |
Data Type |
Mandatory |
Length |
Description |
Example |
|---|---|---|---|---|---|
|
bankCardType |
String |
M |
2 |
D – Debit |
|
|
bankCardNo |
String |
M |
16 |
Nomor kartu |
|
|
bankAccountNo |
String |
M |
16 |
Account number |
|
|
expiryDate |
String |
M |
4 |
Tanggal Kadaluarsa kartu. Format : MMYY |
|
Note: Untuk melakukan dekripsi terhadap card data, gunakan Standar Symmetric Encryption (AES-256-cbc);dengan Client Secret sebagai encryption key yang sudah dienkripsi dengan MD5.
Pada AES-256-cbc membutuhkan inisialization vector yang mana berisi client secret tanpa dihash MD5. Output dari enkripsi (AES-256-cbc) ini berformat hex encoded. Komponen - komponen yang ada pada (AES-256-cbc) seperti pada tabel berikut :
|
No. |
Komponen |
Contoh |
|---|---|---|
|
1. |
Card Data |
a7ccf48471c041948b0efa921492fa0bcfe58dade682bf6251cb9ab77a52003b6ccddbfbce6dcff0b367e6cce3732abe6217cff010440de6a2c27707f9b90c186866c197fc26fdc78f0af5f28d88f8f07900194ec5f44278a1bed52a462bf7c331708df125ac6ef0d6850fe35574e578 |
|
2. |
Initialization Vector |
rQpLmMkB4p2zYUQG |
|
3. |
Encryption key |
00099531c1839c0a0d48fd2d93b271f1 |
Note : Untuk melakukan dekripsi dapat merujuk ke link berikut https://www.javainuse.com/aesgenerator
|
Sample Dekripsi Card Data : "cardData": "a7ccf48471c041948b0efa921492fa0bcfe58dade682bf6251cb9ab77a52003b6ccddbfbce6dcff0b367e6cce3732abe6217cff010440de6a2c27707f9b90c186866c197fc26fdc78f0af5f28d88f8f07900194ec5f44278a1bed52a462bf7c331708df125ac6ef0d6850fe35574e578" Hasil Dekripsi Card Data : {"bankCardType":"D","bankCardNo":"5221841100014660","bankAccountNo":"0206xxxxxxxxxxx","expiryDate":"0525"} |
Request & Response Payload Sample
Request
{
"queueId": "210922T000000316590"
}
Normal Response :
{
"responseCode": "2000600",
"responseMessage": "Successful",
"cardData": "a7ccf48471c041948b0efa921492fa0bcfe58dade682bf6251cb9ab77a52003b6ccddbfbce6dcff0b367e6cce3732abe6217cff010440de6a2c27707f9b90c186866c197fc26fdc78f0af5f28d88f8f07900194ec5f44278a1bed52a462bf7c331708df125ac6ef0d6850fe35574e578"
}
Error Response :
{
"responseCode": "5000600",
"responseMessage": "General Error"
}
List of Error/Response Code
|
HTTP Status |
Code |
Status |
Response Description |
Description |
|---|---|---|---|---|
|
200 |
2000600 |
Success |
Successful |
Successful |
|
400 |
4000601 |
Failed |
Invalid Field Format {fieldName} |
Invalid format |
|
400 |
4000602 |
Failed |
Invalid Mandatory Field {fieldName} |
Missing or invalid format on mandatory field |
|
401 |
4010600 |
Failed |
Unauthoried. [Reason] |
General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found) |
|
409 |
4090600 |
Failed |
Conflict |
Cannot use same X-EXTERNAL-ID in same day |
|
500 |
5000600 |
Failed |
General Error |
General Error |
|
504 |
5040600 |
Failed |
Timeout |
Timeout from the issue |
D. Minio for EKYC
A. Access
Each partner will be provided with a username and password to access the MinIO bucket. The MinIO production environment URL: minio.bri.co.id
Bucket name: baas-oa-thirdparty_name
For testing purposes on the MinIO (development environment), assistance will be provided by the BRI partnership team.
B. How to Store Files
- Create a folder according to the customerId
- Upload the KYC files:
|
No. |
Data |
File Format |
|---|---|---|
|
1 |
ID Card (KTP) |
.png |
|
2 |
BRI prospective customer statement video |
.mp4 |
|
3 |
Liveness image |
.png |
- File Naming Conventions:
|
No. |
Data |
File Naming |
|---|---|---|
|
1 |
ID Card (KTP) |
ktp.png |
|
2 |
BRI prospective customer statement video |
video.mp4 |
|
3 |
Liveness image |
image1.png, image2.png |
