API Account Opening

Version Control

API Version

Date

Description

v1.0

27 Maret 2024

Baseline version

v1.1

30 April 2024

This update incorporates comprehensive data types, lengths, and mandatory attributes.

Updated List of Error/Response Codes.

v1.2 20 June 2024 Added virtual card sequence and endpoint details to the API Specification Document.

A. Product Overview

Product Overview

The API Account Opening presents a powerful solution, empowering partners/third party to offer a frictionless and secure online experience for prospective clients seeking to open accounts. This transformative API eliminates the need for physical branch visits, revolutionizing the traditional onboarding process and ushering in a new era of convenience and efficiency for both partners/third party and their customers.

The account opening process consists of the following sequential steps:

 

briva online

B. Sequence Diagram API Account Opening

Open Banking Diagram

C. Endpoint Lists

1. API Send Pre-request Data

Endpoint Description

The API Send Pre-request Data serves as the initial point of entry for potential customers seeking to open accounts through your organization or partner platforms. This API enables a seamless and efficient pre-application process, allowing users to submit preliminary data and documents electronically.

General Information

HTTP Method

POST

Path

/v1.0/openingAccount/preRequestData

Tipe Format

JSON

Authentication

OAuth 2.0 with Access Token

Header Structure

Key

 Value

Type

Mandatory

Length

Example

Authorization Authorization String M   Bearer {Token}
X-TIMESTAMP timestamp Datetime M   Format Timestamp ISO8601
X-SIGNATURE signature String M   HMAC_SHA512
Content-type application/json   M   application/json
X-PARTNER-ID   Alphanumeric M 36  
CHANNEL-ID   Alphanumeric M 5  
X-EXTERNAL-ID   Numeric M 36  

Request Structure

Field

Data Type

Mandatory

Length

Description

Example

partnerReferenceNo

String

M

64

Transaction identifier on service consumer system. 2020102900000000000001
consentId String M      
identificationNo String M 16 Indonesian National Identification Number (NIK) of the applicant in 16-digit format  
name String M   Full legal name of the applicant Agung Harsono
bornDate String M 10 Date of birth of the applicant in DD-MM-YYYY format 17-08-1945
phoneNo String M 13 Applicant's mobile phone number 081213456789
motherName String M      
countryCode String M 4    
email String M   Primary email address of the applicant agungharsono@gmail.com
referralCode String O   Code used to identify the user who referred this applicant (if applicable)  
requestRefnum String M 12 Unique reference number assigned to this account opening request. 123456789012
timestamp String M 13    

Response Structure

Field

Data Type

Mandatory

Length

Description

Example

responseCode

String

M

7

Response code  
responseMessage String M 150 Response description  
originalPartnerReferenceNo String M      
originalReferenceNo String M      
responseId String M      
customerId String M 36 Unique identifier for the newly created customer account  
phoneNo String M 13 Verified phone number associated with the new account creation  
method String M   Method used for verification (e.g., SMS, WA).  
status Numeric M      
expiredInSecond Numeric M      

Request & Response Payload Sample

Request

{
  "partnerReferenceNo": "2020102900000000000001",
  "consentId": "",
  "identificationNo": "3674010909940005",
  "name": "Agung Harsono",
  "bornDate": "17-08-1945",
  "phoneNo": "08121345XXXX",
  "motherName": "Ibu",
  "countryCode": "Jakarta",
  "email": "agungharsono@gmail.com",
  "referralCode": "00123456",
  "requestRefnum": "123456789012",
  "timestamp": "1696996569871"
}

Normal Response :

{
  "responseCode": "2000600",
  "responseMessage": "Successful",
  "originalReferenceNo": "2020102977770000000009",
  "originalPartnerReferenceNo": "2020102900000000000001",
  "responseId": "d553f38e480844b683578d75844bac00",
  "additionalInfo": {
    "customerId": "11ab41e6-e2e4-409c-88fc-50cea8fa2a6cea",
    "phoneNo": "08123456789",
    "method": "SMS",
    "status": 1,
    "expiredInSecond": 180
  }
}

Error Response :

{
  "responseCode": "4000600",
  "responseMessage": "Bad Request"
}                                           

List of Error/Response Code

HTTP

Status

Code

Status

Response Message

Description

200

2000600

Success

Successful

Successful

400 4000600 Failed Bad Request General request failed error, including message parsing failed
400 4000601 Failed Invalid Field Format {fieldName} Invalid format
400 4000602 Failed Invalid Mandatory Field {fieldName} Missing or invalid format on mandatory field
401 4010600 Failed Unauthorized. [Reason] General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found)
403 4030605 Failed Do Not Honor Account or User status is abnormal
403 4030615 Failed Transaction Not Permitted. [Reason] Transaction Not Permitted
404 4040607 Failed Journey Not Found  The journeyID cannot be found in the system
409 4090600 Failed Conflict Cannot use same X-EXTERNAL-ID in same day
500 5000600 Failed General Error General Error
500 5000601 Failed Internal Server Error Unknown Internal Server Failure, Please retry the process again
500 5000602 Failed External Server Error  Backend system failure
504 5040600 Failed Timeout Timeout from the issuer

2. API Resend OTP

Endpoint Description

The API Resend OTP is used to resend a One-Time Password (OTP) to the registered mobile phone number of an applicant as part of the account opening application process. This API aims to provide applicants with the opportunity to complete the verification process if they did not receive the OTP in a certain period of time.

General Information

HTTP Method

POST

Path

/v1.0/openingAccount/resendOtp

Tipe Format

JSON

Authentication

OAuth 2.0 with Access Token

Header Structure

Key

 Value

Type

Mandatory

Length

Example

Authorization Authorization String M   Bearer {Token}
X-TIMESTAMP timestamp Datetime M   Format Timestamp ISO8601
X-SIGNATURE signature String M   HMAC_SHA512
Content-type application/json   M   application/json
X-PARTNER-ID   Alphanumeric M 36  
CHANNEL-ID   Alphanumeric M 5  
X-EXTERNAL-ID   Numeric M 36  

Request Structure

Field

Data Type

Mandatory

Length

Description

Example

timestamp

String

M

13

   
requestRefnum String M 12    
partnerReferenceNo String M 64 Transaction identifier on service consumer system 2020102900000000000001
method String M 3    
customerId String M 36    
additionalInfo Object M      

Response Structure

Field

Data Type

Mandatory

Length

Description

Example

responseCode

String

M

7

Response code  
responseMessage String M 150 Response description  
originalPartnerReferenceNo String C 64 Transaction identifier on service provider system. Must be filled upon successful transaction  
originalReferenceNo String O      
additionalInfo String M      
customerId String O 36 Unique identifier for the newly created customer account  
phoneNo String M 13    
method String M 3    
expiredInSecond Numeric M   Time validity of the OTP code in seconds, it specifies the duration in seconds for which the OTP code will be valid before it expires.  
status Numeric M      
responseId String M      

Request & Response Payload Sample

Request

{
  "partnerReferenceNo": "2020102900000000000001",
  "additionalInfo": {
    "customerId": "11ab41e6-e2e4-409c-88fc-50cea8fa2a6cea",
    "method": "SMS",
    "requestRefnum": "123456789012",
    "timestamp": "1696996569871"
  }
}

Normal Response :

{
  "responseCode": "2000600",
  "responseMessage": "Successful",
  "originalReferenceNo": "20201029777",
  "originalPartnerReferenceNo": "2020102900000000000001",
  "additionalInfo": {
    "customerId": "123xyz789",
    "phone": "08123456789",
    "method": "SMS",
    "expiredInSecond": 180,
    "status": 1,
    "responseId": "d553f38e480844b683578d75844bac00"
  }
}

Error Response :

{
  "responseCode": "5000600",
  "responseMessage": "General Error"
}                                         

List of Error/Response Code

HTTP

Status

Code

Status

Response Message

Description

200

2000600

Success

Successful

Successful

400 4000600 Failed Bad Request General request failed error, including message parsing failed
400 4000601 Failed Invalid Field Format {fieldName} Invalid format
400 4000602 Failed Invalid Mandatory Field {fieldName} Missing or invalid format on mandatory field
401 4010600 Failed Unauthorized. [Reason] General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found)
403 4030605 Failed Do Not Honor Account or User status is abnormal
403 4030615 Failed Transaction Not Permitted. [Reason] Transaction Not Permitted
404 4040607 Failed Journey Not Found  The journeyID cannot be found in the system
409 4090600 Failed Conflict Cannot use same X-EXTERNAL-ID in same day
500 5000600 Failed General Error General Error
504 5040600 Failed Timeout Timeout from the issuer

3. API Verify OTP

Endpoint Description

The API Verify OTP is used to verify the One-Time Password (OTP) code sent to applicants to verify their mobile phone number and complete the account opening process. This API aims to ensure that the applicant entering the OTP is the legitimate user and reduce the risk of fraud and unauthorized access during the account opening process.

General Information

HTTP Method

POST

Path

/v1.0/openingAccount/verifyOTP

Tipe Format

JSON

Authentication

OAuth 2.0 with Access Token

Header Structure

Key

 Value

Type

Mandatory

Length

Example

Authorization Authorization String M   Bearer {Token}
X-TIMESTAMP timestamp Datetime M   Format Timestamp ISO8601
X-SIGNATURE signature String M   HMAC_SHA512
Content-type application/json   M   application/json
X-PARTNER-ID   Alphanumeric M 36  
CHANNEL-ID   Alphanumeric M 5  
X-EXTERNAL-ID   Numeric M 36  

Request Structure

Field

Data Type

Mandatory

Length

Description

Example

partnerReferenceNo

String

M

64

   
otp String M 6 One-Time Password (OTP) that users receive via SMS/Whatsapp  
type String M  

arah penggunaan dari verify otp:

- OA

- DIRDEB

 
additionalInfo String M      
customerId String M 36    
requestRefnum String M 12    
timestamp String M 13    

Response Structure

Field

Data Type

Mandatory

Length

Description

Example

responseCode

String

M

 

   
responseMessage String M      
originalReferenceNo String M   Identifikasi transaksi asli pada sistem penyedia layanan. harus diisi setelah transaksi berhasil  
originalPartnerReferenceNo String M   Identifikasi transaksi asli pada sistem layanan konsumen  
additionalInfo Object M      
customerId String M      
email String M      
expiredInSecond Numeric M   Time remaining in seconds for the OTP to be valid  
status Numeric M      
responseId String        

Request & Response Payload Sample

Request

{
  "partnerReferenceNo": "2020102900000000000001",
  "merchantId": "",
  "otp": "140450",
  "type": "OA",
  "additionalInfo": {
    "customerId": "123xyz789",
    "requestRefnum": "123456789012",
    "timestamp": "1696996569871"
  }
}

Normal Response :

{
  "responseCode": "2000600",
  "responseMessage": "Successful",
  "originalReferenceNo": "20201029777",
  "originalPartnerReferenceNo": "2020102900000000000001",
  "additionalInfo": {
    "customerId": "123xyz789",
    "email": "andariaaa@gmail.com",
    "status": 2,
    "expiredInSecond": 300,
    "responseId": "d553f38e480844b683578d75844bac00"
  }
}

Error Response :

{
  "responseCode": "5000600",
  "responseMessage": "General Error"
}                                       

List of Error/Response Code

HTTP

Status

Code

Status

Response Message

Description

200

2000600

Success

Successful

Successful

400 4000600 Failed Bad Request General request failed error, including message parsing failed
400 4000601 Failed Invalid Field Format {fieldName} Invalid format
400 4000602 Failed Invalid Mandatory Field {fieldName} Missing or invalid format on mandatory field
401 4010600 Failed Unauthorized. [Reason] General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found)
403 4030612 Failed OTP Lifetime Expired OTP has been expired
403 4030615 Failed Transaction Not Permitted. [Reason] Transaction Not Permitted
404 4040607 Failed Journey Not Found  The journeyID cannot be found in the system
404 4040615 Failed Invalid OTP OTP is incorrect
409 4090600 Failed Conflict Cannot use same X-EXTERNAL-ID in same day
500 5000600 Failed General Error General Error
504 5040600 Failed Timeout Timeout from the issuer

4. API Resend Email

Endpoint Description

The API Resend Email provides a valuable tool for facilitating a seamless and efficient customer onboarding process by offering prospective clients a second chance to complete email verification. This functionality addresses instances where the initial verification email might not have been received or expired, potentially hindering their progress towards account creation. Please note that the email verification link is only valid for the next 10 minutes. After that, customer will need to request a new link to continue the account opening process.

General Information

HTTP Method

POST

Path

/v1.0/openingAccount/resendEmail

Tipe Format

JSON

Authentication

OAuth 2.0 with Access Token

Header Structure

Key

 Value

Type

Mandatory

Length

Example

Authorization Authorization String M   Bearer {Token}
X-TIMESTAMP timestamp Datetime M   Format Timestamp ISO8601
X-SIGNATURE signature String M   HMAC_SHA512
Content-type application/json   M   application/json
X-PARTNER-ID   Alphanumeric M 36  
CHANNEL-ID   Alphanumeric M 5  
X-EXTERNAL-ID   Numeric M 36  

Request Structure

Field

Data Type

Mandatory

Length

Description

Example

partnerReferenceNo

String

M

64

Transaction identifier on service consumer system 2020102900000000000001
additionalInfo Object M      
customerId String M 36 Unique identifier for the newly created customer account 123xyz789
email String M   Email address that will receive the verification link  
requestRefnum String M 12 Unique reference number assigned to this account opening request 123456789012
timestamp String M 13    

Response Structure

Field

Data Type

Mandatory

Length

Description

Example

responseCode

String

M

7

Response code  
responseMessage String M 150 Response description  
originalReferenceNo String M   Identifikasi transaksi asli pada sistem penyedia layanan. harus diisi setelah transaksi berhasil  
originalPartnerReferenceNo String M   Identifikasi transaksi asli pada sistem layanan konsumen  
additionalInfo Object M      
customerId String M 36 Unique application ID assigned upon initial account creation request (pre-request) 123xyz789
phone String M 13 The recipient's email address to receive a verification link  
method String M 3    
status Numeric M      
expiredInSecond Numeric M   Verification link expiration time (seconds)  
responseId String M      

Request & Response Payload Sample

Request

{
  "partnerReferenceNo": "2020102900000000000001",
  "additionalInfo": {
    "customerId": "123xyx789",
    "email": "agungharsono2@gmail.com",
    "requestRefnum": "123456789012",
    "timestamp": "1696996569871"
  }
}

Normal Response :

{
  "responseCode": "2000600",
  "responseMessage": "Successful",
  "originalReferenceNo": "20201029777",
  "originalPartnerReferenceNo": "2020102900000000000001",
  "additionalInfo": {
    "customerId": "123xyz789",
    "phone": "0813xxxxx",
    "method": "WA",
    "status": 2,
    "expiredInSecond": 180,
    "responseId": "6331c5ade50b4a68b41c995f6644b2a1"
  }
}

Error Response :

{
 "responseCode": "5000600",
 "responseMessage": "General Error"
}                                       

List of Error/Response Code

HTTP

Status

Code

Status

Response Message

Description

200

2000600

Success

Successful

Successful

400 4000600 Failed Bad Request General request failed error, including message parsing failed
400 4000601 Failed Invalid Field Format {fieldName} Invalid format
400 4000602 Failed Invalid Mandatory Field {fieldName} Missing or invalid format on mandatory field
401 4010600 Failed Unauthorized. [Reason] General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found)
403 4030615 Failed Transaction Not Permitted. [Reason] Transaction Not Permitted
404 4040607 Failed Journey Not Found  The journeyID cannot be found in the system
404 4040615 Failed Invalid OTP OTP is incorrect
409 4090600 Failed Conflict Cannot use same X-EXTERNAL-ID in same day
500 5000600 Failed General Error General Error
504 5040600 Failed Timeout Timeout from the issuer

5. API Send KYC

Endpoint Description

The API Send KYC facilitates the secure transmission of Know Your Customer (KYC) data, such as ID card photos and liveness videos, to the Bank. This data is crucial for verifying customer identities and complying with Bank Indonesia regulations during the account opening process.

General Information

HTTP Method

POST

Path

/v1.0/openingAccount/sendKyc

Tipe Format

JSON

Authentication

OAuth 2.0 with Access Token

Header Structure

Key

 Value

Type

Mandatory

Length

Example

Authorization Authorization String M   Bearer {Token}
X-TIMESTAMP timestamp Datetime M   Format Timestamp ISO8601
X-SIGNATURE signature String M   HMAC_SHA512
Content-type application/json   M   application/json
X-PARTNER-ID   Alphanumeric M 36  
CHANNEL-ID   Alphanumeric M 5  
X-EXTERNAL-ID   Numeric M 36  

Request Structure

Field

Data Type

Mandatory

Length

Description

Example

partnerReferenceNo

String

M

64

   
customerId String M 36 Unique identifier for the newly created customer account 123xyz789
requestRefnum String M 12    
timestamp String M 13    

Response Structure

Field

Data Type

Mandatory

Length

Description

Example

responseCode

String

M

7

Response code  
responseMessage String M 150 Response description  
originalPartnerReferenceNo String        
originalReferenceNo          
additionalInfo Object        
customerId String   36    
responseId String        
status Numeric        

Request & Response Payload Sample

Request

{
  "partnerReferenceNo": "2020102900000000000001",
  "customerId": "123xyx789",
  "requestRefnum": "123456789012",
  "timestamp": "1696996569871"
}

Normal Response :

{
  "responseCode": "2000600",
  "responseMessage": "Successful",
  "originalPartnerReferenceNo": "2020102900000000000001",
  "originalReferenceNo": "123456789012",
  "additionalInfo": {
    "customerId": "123xyz789",
    "responseId": "6331c5ade50b4a68b41c995f6644b2a1",
    "status": 4
  }
}

Error Response :

{
  "responseCode": "5000600",
  "responseMessage": "General Error"
}

List of Error/Response Code

HTTP

Status

Code

Status

Response Message

Description

200

2000600

Success

Successful

Successful

400 4000600 Failed Bad Request General request failed error, including message parsing failed
400 4000601 Failed Invalid Field Format {fieldName} Invalid format
400 4000602 Failed Invalid Mandatory Field {fieldName} Missing or invalid format on mandatory field
401 4010600 Failed Unauthorized. [Reason] General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found)
403 4030615 Failed Transaction Not Permitted. [Reason] Transaction Not Permitted
404 4040607 Failed Journey Not Found  The journeyID cannot be found in the system
409 4090600 Failed Conflict Cannot use same X-EXTERNAL-ID in same day
500 5000600 Failed General Error General Error
500 5000601 Failed Internal Server Error Unknown Internal Server Failure, Please retry the process again
504 5040600 Failed Timeout Timeout from the issue

6. API Account Creation

Endpoint Description

The API Account Creation is used to submit applicant data and request online account opening process.

General Information

HTTP Method

POST

Path

/v1.0/openingAccount/accountCreation

Tipe Format

JSON

Authentication

OAuth 2.0 with Access Token

Header Structure

Key

 Value

Type

Mandatory

Length

Example

Authorization Authorization String M   Bearer {Token}
X-TIMESTAMP timestamp Datetime M   Format Timestamp ISO8601
X-SIGNATURE signature String M   HMAC_SHA512
Content-type application/json   M   application/json
X-PARTNER-ID   Alphanumeric M 36  
CHANNEL-ID   Alphanumeric M 5  
X-EXTERNAL-ID   Numeric M 36  

Request Structure

Field

Data Type

Mandatory

Length

Description

Example

partnerReferenceNo

String

M

64

   
customerId String M 36 Unique identifier for the newly created customer account 123xyz789
additionalInfo Object        
requestRefnum String   12    
timestamp String   13    
selfData Object     Personal information of the applicant  
bornPlace String     Place of birth Jakarta
gender String   1

Gender of the applicant

note: for a detailed list of data, please refer to Data List

M
religion String   3

Religion of the applicant

note: for a detailed list of data, please refer to Data List

ISL
education String   2

Highest level of education attained of the applicant

note: for a detailed list of data, please refer to Data List

S1
maritalStatus String   1

Marital status of the applicant

note: for a detailed list of data, please refer to Data List

K
addressData Object     Residential address information of the applicant  
postcode String   5 Five-digit postal code of the residence 12550
postcodeDetail String     Additional postal code details Ragunan, Pasar Minggu, Jakarta Selatan
rt String   3   007
rw String   3   005
addressDetail String     Full address details Jl. Harsono 26
domPostcode String   5 Five-digit postal code associated with the domicile  
domPostcode Detail String     Additional postal code details of the applicant's current residence  
domRt String   3    
domRw String   3    
domAddress Detail String     Details of the applicant's current residential address  
jobData Object     Information about the applicant's job  
officeName String     Name of the applicant's employer BRI
jobGroup String   4

Industry sector of the applicant's job

note: for a detailed list of data, please refer to Data List

BUMN
jobRole String   2

Job title or position of the applicant

note: for a detailed list of data, please refer to Data List

64
jobPostcode String   5 Five-digit postal code of the workplace  
jobPostcode Detai String     Additional postal code details  
jobRt String   3    
jobRw String   3    
jobAddressDetail String     Full address details of the workplace  
financialData Object     Financial information of the applicant  
incomeSource String   2

Main source of income

note: for a detailed list of data, please refer to Data List

11
incomeMonthly String   2 Average monthly income G1
dailyTransaction String   2

Estimated average daily transaction value

note: for a detailed list of data, please refer to Data List

N1
purpose String   2

Purpose for opening the account

note: for a detailed list of data, please refer to Data List

T1

Response Structure

Field

Data Type

Mandatory

Length

Description

Example

responseCode

String

M

7

Response code  
responseMessage String M 150 Response description  
originalPartnerReferenceNo String     Transaction identifier on service consumer system  
originalReferenceNo       Transaction identifier on service provider system. Must be filled upon successful transaction  
additionalInfo Object     Additional information  
customerId String   36    
responseId String        
status Numeric        
urlUserBrimo String     url web view create user brimo  

Request & Response Payload Sample

Request

{
  "partnerReferenceNo": "3287423894732",
  "customerId": "11ab41e6-e2e4-409c-88fc-50cea8fa2a6cea",
  "additionalInfo": {
    "requestRefnum": "123456789012",
    "timestamp": "1696996569871",
    "selfData": {
      "bornPlace": "Jakarta",
      "gender": "M",
      "religion": "ISL",
      "education": "S2",
      "maritalStatus": "K"
    },
    "addressData": {
      "postcode": "12550",
      "postcodeDetail": "Ragunan, Pasar Minggu, Jakarta Selatan",
      "rt": "007",
      "rw": "005",
      "addressDetail": "Jl. Harsono 26",
      "domPostcode": "12550",
      "domPostcodeDetail": "Ragunan, Pasar Minggu, Jakarta Selatan",
      "domRt": "007",
      "domRw": "005",
      "domAddressDetail": "Jl. Harsono 26"
    },
    "jobData": {
      "officeName": "BRI",
      "jobGroup": "BUMN",
      "jobRole": "64",
      "jobPostcode": "12551",
      "jobPostcodeDetail": "Pasar Rebo, Pasar Malem, Jakarta Pusat",
      "jobRt": "001",
      "jobRw": "002",
      "jobAddressDetail": "Jl. Sudirman Said"
    },
    "financialData": {
      "incomeSource": "11",
      "incomeMonthly": "G1",
      "dailyTransaction": "N1",
      "purpose": "T1"
    }
  }
}

Normal Response :

{
 "responseCode": "2000600",
 "responseMessage": "Successful",
 "originalReferenceNo": "20201029777",
 "originalPartnerReferenceNo": "2020102900000000000001",
 "additionalInfo": {
 "customerId": "11ab41e6-e2e4-409c-88fc-50cea8fa2a6cea",
 "status": 4,
 "responseId": "88330f385a8c4925864b0c1aad6a2842",
 "urlUserBrimo": "https://ms-briapi-web-view-oa.dev.bbri.io/?onboardingId=11ab41e6-
e2e4-409c-88fc-50cea8fa2a6cea"
 }
}

Error Response :

{
 "responseCode": "5000600",
 "responseMessage": "General Error"
}

List of Error/Response Code

HTTP

Status

Code

Status

Response Message

Description

200

2000600

Success

Successful

Successful

400 4000600 Failed Bad Request General request failed error, including message parsing failed
400 4000601 Failed Invalid Field Format {fieldName} Invalid format
400 4000602 Failed Invalid Mandatory Field {fieldName} Missing or invalid format on mandatory field
401 4010600 Failed Unauthorized. [Reason] General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found)
403 4030615 Failed Transaction Not Permitted. [Reason] Transaction Not Permitted
404 4040607 Failed Journey Not Found  The journeyID cannot be found in the system
409 4090600 Failed Conflict Cannot use same X-EXTERNAL-ID in same day
500 5000600 Failed General Error General Error
504 5040600 Failed Timeout Timeout from the issue

Data List

Pengkodean Value pada Request

1. Personal Information

1.1 Gender

Code

Value

M

Laki-Laki

F Perempuan

1.2 Religion

Code

Value

ISL

Islam

KAT Katolik
KRI Protestan
BUD Buddha
HIN Hindu
ZZZ Konghucu
ZZZ Lainnya

1.3 Education

Code

Value

SD

SD/Sederajat

SM SLTP/SMP/Sederajat
SU SLTA/SMU/SMK/Sederajat
S1 D4/S1
S2 S2
S3 S3
ZZ

Lainnya

1.4 Martial Status

Code

Value

B

Belum Kawin

K Kawin
D Duda
J Janda

2. Employment Data

2.1. Job Group

Code

Value

PENG

Belum Bekerja/Pencari Kerja

BUMN Pegawai BUMN
ADMI Administrasi Umum / Supervisor
AKUN Akunting / Keuangan
DAGA Pedagang
DKTR Dokter
EXEC Executive / Managerial
GURU Pengajar/Guru/Dosen PNS
GUSW Pengajar/Guru/Dosen Swasta
IBRT Ibu Rumah Tangga
KOMP Ahli Komputer/Programmer
KONS Konsultan
MAHA Mahasiswa
MILD Militer (TNI - AD)
MILL Militer (TNI - AL)
MILP Militer (POLRI)
MILU Militer (TNI - AU)
NOTA Notaris
PELA Pelajar
PEMI Pemilik Perusahaan
PENS Pensiunan
PGCR Pengacara
PNSI Pegawai Negeri Sipil
PROD Produksi/Operasi/ Manufaktur
PROF Professional
RISE Riset & Pengembangan
SALE Sales/Marketing/Promosi
SENI Seniman
SERV Service/Customer Support/Layanan
SWAS Pegawai Swasta
TECH Technical / Engineering-lainnya
WIRA Wiraswasta

2.2 Job Role

Code

Value

01

Pemilik, Direktur Utama/Presiden Dir.
02 Pemilik, Direktur
03 Pemilik, Komisaris Utama/Presiden Kom.
04 Pemilik, Komisaris
06 Pemilik, Kuasa Direksi
07 Pemilik, Bukan Pengurus
08 Pemilik, Grup
09 Pemilik, Masyarakat
10 Pemilik, Ketua Umum
11 Pemilik, Ketua
12 Pemilik, Sekretaris
13 Pemilik, Bendahara
14 Ketua MPR
15 Wakil Ketua MPR
16 Anggota MPR
17 Ketua DPR
18 Wakil Ketua DPR
19 Anggota DPR
20 Presiden
21 Wakil Presiden
22 Menteri
23 Pejabat setingkat menteri
24 Eksekutif dan Ketua Parpol
25 Gubernur
26 Wakil Gubernur
27 Walikota
28 Wakil Walikota
29 Bupati
30 Wakil Bupati
31 Camat
32 Lurah
33 Hakim
34 Direksi BUMN atau BUMD
35 Komisaris BUMN atau BUMD
36 Pimpinan Bank Indonesia
37 Pimpinan BPPN
38 Kepala Divisi BUMN atau BUMD
39 Wakil Kepala Divisi BUMN atau BUMD
40 Rektor, Pembantu Rektor, Dekan
41 Jaksa
42 Kapolri, Wakapolri, Kapolda, Wakapolda
43 Panglima TNI, KSAD, KSAU, KSAL
44 Penyidik
45 Pejabat yang mengeluarkan perijina
46 Pejabat pembuat regulasi
47 Panitera Pengadilan
48 Pemimpin Proyek APBN atau APBD
49 Bendahara Proyek APBN atau APBD
50 Kepala Kantor di Departemen Keuangan
51 Pengurus, Direktur Utama/Presiden Dir
52 Pengurus, Direktur
53 Pengurus, Komisaris Utama/Presiden Kom
54 Pengurus, Komisaris
55 Pengurus, Kuasa Direksi
56 Pengurus, Grup
57 Pengurus, Ketua Umum
58 Pengurus, Ketua
59 Pengurus, Sekretaris
60 Pengurus, Bendahara
61 Pengurus, Lainnya
62 Pengawas Bea dan Cukai
63 Auditor
64 Staf
65 Petugas Administrasi
67 Petugas Kebersihan
68 Petugas Keamanan
69 Juru Masak
70 Ibu Rumah Tangga
71

Tidak Bekerja

3. Financial Data

3.1. Income Source

Code

Value

11

Gaji

12 Hasil Usaha
99 Lainnya

3.2. Monthly Income

Code

Value

G1

1 - 5 Juta
G2 5 - 10 juta
G3 10 - 50 juta
G4 50 - 100 juta
G4 Di atas 100 juta

3.3. Daily Transaction

Code

Value

N1

0 - 10 Juta
N2 10 Juta - 50 Juta
N3 50 Juta - 100 Juta
N4 100 Juta - 1 Milyar
N5 Lebih dari 1 Milyar

3.4. Account Opening Purpose

Code

Value

T1

Tabungan
T2 Transaksi
T3 Pribadi
ZZ Lainnya

7. API Check Progress

Endpoint Description

The API Check Progress is used to retrieve the latest status information of account opening requests submitted by partners. This API is expected to provide partners/third parties with control and visibility over the application process, making it easier for partners to provide more accurate information to their users.

General Information

HTTP Method

POST

Path

/v1.0/openingAccount/checkProgress

Tipe Format

JSON

Authentication

OAuth 2.0 with Access Token

Header Structure

Key

 Value

Type

Mandatory

Length

Example

Authorization Authorization String M   Bearer {Token}
X-TIMESTAMP timestamp Datetime M   Format Timestamp ISO8601
X-SIGNATURE signature String M   HMAC_SHA512
Content-type application/json   M   application/json
X-PARTNER-ID   Alphanumeric M 36  
CHANNEL-ID   Alphanumeric M 5  
X-EXTERNAL-ID   Numeric M 36  

Request Structure

Field

Data Type

Mandatory

Length

Description

Example

partnerReferenceNo

String

M

64

Transaction identifier on service consumer system 2020102900000000000001
customerId String M 36 Unique application ID assigned upon initial account creation request (pre-request). This ID does not signify an active account, use this number to inquire about the application status. 11ab41e6-e2e4- 409c88fc50cea8fa2a6cea
requestRefnum String M 12 Unique reference number assigned to this account opening request. 123456789012
timestamp String M 13    

Response Structure

Field

Data Type

Mandatory

Length

Description

Example

responseCode

String

M

7

Response code  
responseMessage String M 150 Response description  
originalPartnerReferenceNo String M 64    
originalReferenceNo   M      
additionalInfo Object M   Additional information  
customerId String M   Unique application ID assigned upon initial account creation request (pre-request). This ID does not signify an active account, use this number to inquire about the application status. 11ab41e6-e2e4- 409c88fc50cea8fa2a6cea
phone String C      
method Numeric C      
email String C      
expiredInSecond String C      
accountNumber String C      
responseId String M      
status Numeric M  

The latest status information of account opening applications

 

Code

Description

0

Not Started Yet, Submit Data

1 Done Submit, Verify Phone
2 Phone Verified, Verify Email
3

Email Verified, Submit Document

4 Document OK, KYC Progress
5 KYC Success, Submit Additional Data
6 Additional Data OK, Setup Username
7 Username OK, Setup PIN
8 PIN OK, Verify OTP Privy
9 OTP Privy OK, Retry Create Account
10 Create Account OK, Retry Generate BRImo
11 Success
 

Request & Response Payload Sample

Request

{
 "partnerReferenceNo": "2020102900000000000001",
 "requestRefnum": "123456789012",
 "timestamp": "1696996569871"
 "customerId": "11ab41e6-e2e4-409c-88fc-50cea8fa2a6cea"
}

Normal Response :

{
 "responseCode":"2000600",
 "responseMessage":"Successful",
 "originalPartnerReferenceNo": "2020102900000000000001",
 "originalReferenceNo": "123456789012",
 "additionalInfo":{
 "customerId": "11ab41e6-e2e4-409c-88fc-50cea8fa2a6cea",
 "phone": "08123456789",
 "method": "WA",
 "expiredInSecond": 180,
 "responseId":"6331c5ade50b4a68b41c995f6644b2a1",
 "status": 1
 }
}

Error Response :

{
 "responseCode": "5000600",
 "responseMessage": "General Error"
}

List of Error/Response Code

HTTP

Status

Code

Status

Response Message

Description

200

2000600

Success

Successful

Successful

400 4000600 Failed Bad Request General request failed error, including message parsing failed
400 4000601 Failed Invalid Field Format {fieldName} Invalid format
400 4000602 Failed Invalid Mandatory Field {fieldName} Missing or invalid format on mandatory field
401 4010600 Failed Unauthorized. [Reason] General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found)
500 5000600 Failed General Error General Error
504 5040600 Failed Timeout Timeout from the issue

8. API Consent

Endpoint Description

This endpoint is used to generate consent

General Information

HTTP Method

POST

Path

/v1.0/openingAccount/consent

Tipe Format

JSON

Authentication

OAuth 2.0 with Access Token

Header Structure

Key

 Value

Type

Mandatory

Length

Example

Authorization Authorization String M   Bearer {Token}
X-TIMESTAMP timestamp Datetime M   Format Timestamp ISO8601
X-SIGNATURE signature String M   HMAC_SHA512
Content-type application/json   M   application/json
X-PARTNER-ID   Alphanumeric M 36  
CHANNEL-ID   Alphanumeric M 5  
X-EXTERNAL-ID   Numeric M 36  

Request Structure

Field

Data Type

Mandatory

Length

Description

Example

partnerReferenceNo

String

M

64

Transaction identifier on service consumer system. 2020102900000000000001
onBoardingPartner String M 16 Onboarding partner of ... DANA
countryCode String M 2 Requestor's country code ID
permissions String M - Specifies the data access permissions. This list details the data categories the user consents to and authorizes the bank to share.
  • ReadBalance
  • ReadStatement
  • ReadAccount
  • OpenAccount
  • BindingAccount
additionalInfo Object O      

Response Structure

Field

Data Type

Mandatory

Length

Description

Example

responseCode

String

M

7

Response code 2000600
responseMessage String M 150 Response description Request has been processed successfully
originalPartnerReferenceNo String M 64 Transaction identifier on service provider system. Must be filled upon successful transaction. 2020102977770000000009
originalReferenceNo   M 64 Transaction identifier on service consumer system. 2020102900000000000001
consentId Object M 32 Unique identification as assigned to identify the account access consent resource. bri-consent-88379
creationDateTime String M 32 Date and time at which the resource was created. Format: ISO 8601. 2023-12-30T09:11:47.169Z
status String M 32 Specifies the status of consent resource in code form. awaiting_authorization
statusUpdateTime Numeric M 32 Date and time at which the resource status was updated. Format: ISO 8601. 2023-12-30T09:11:47.169Z
permission Array [String] M - Specifies the data access permissions. This list details the data categories the user consents to and authorizes the bank to share.
  • ReadBalance
  • ReadStatement
  • ReadAccount
  • OpenAccount
  • BindingAccount
link String M 2048 Link to the consent document https://api.bri.co.id/open-banking/bri-consent-1
additionalInfo Object O   Additional information {"deviceId": "12345679237", "channel": "mobilephone"}

Request & Response Payload Sample

Request

{
  "partnerReferenceNo": "2020102900000000000001",
  "onBoardingPartner": "Kredivo",
  "countryCode": "ID",
  "permissions": [
    "ReadBalance",
    "ReadBalanceExact",
    "ReadStatement",
    "ReadStatementExact",
    "ReadAverageBalance",
    "ReadAverageBalanceExact",
    "ReadCreditScore",
    "ReadAccount"
  ],
  "additionalInfo": {
    "deviceId": "123456789237",
    "channel": "mobilephone"
  }
}

Normal Response :

{
  "responseCode": "2000600",
  "responseMessage": "Successfully",
  "originalReferenceNo": "2020102977770000000009",
  "originalPartnerReferenceNo": "2020102900000000000001",
  "consentId": "bri-consent-88379",
  "creationDateTime": "2017-05-02T00:00:00+00:00",
  "status": "AwaitingAuthorization",
  "statusUpdateDateTime": "2017-05-02T00:00:00+00:00",
  "permissions": [
    "ReadBalances",
    "ReadStatements"
  ],
  "additionalInfo": {
    "deviceId": "12345679237",
    "channel": "mobilephone"
  }
}

Error Response :

{
  "responseCode": "5000600",
  "responseMessage": "General Error"
}

List of Error/Response Code

HTTP

Status

Code

Status

Response Message

Description

200

2000600

Success

Successful

Successful

400 4000601 Failed Invalid Field Format {fieldName} Invalid format
400 4000602 Failed Invalid Mandatory Field {fieldName} Missing or invalid format on mandatory field
401 4010600 Failed Unauthorized. [Reason] General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found)
403 4030615 Failed Transaction Not Permitted. [Reason] Transaction Not Permitted
409 4090600 Failed Conflict Cannot use same X-EXTERNAL-ID in same day
500 5000600 Failed General Error General Error
504 5040600 Failed Timeout Timeout from the issue

9. API Generate Virtual Card

Endpoint Description

The API Generate Virtual Card serves the purpose of generating a virtual card for customers who have previously opened an account through the "Opening Account Service."

General Information

HTTP Method

POST

Path

/snap/v1.0/vcard/gen-virtual-card

Tipe Format

JSON

Authentication

OAuth 2.0 with Access Token

Header Structure

Key

Value

Type

Mandatory

Length

Example

Authorization Authorization String M   Bearer {Token}
X-TIMESTAMP timestamp Datetime M   Format Timestamp ISO8601
X-SIGNATURE signature String M   HMAC_SHA512
Content-type application/json   M   application/json
X-PARTNER-ID   Alphanumeric M 36  
CHANNEL-ID   Alphanumeric M 5  
X-EXTERNAL-ID   Numeric M 36  

Request Structure

Parameter

Data Type

Mandatory

Length

Description

Example

accountNo

String

C

16

Bank account number. must be filled if bankCardToken is Null and Authorization-Customer is Null

 

Response Structure

Parameter

Data Type

Mandatory

Length

Description

Example

responseCode

String

M

7

Response Code

 

responseMessage

String

M

150

Response Description

 

queueId

String

M

64

 

 

Request & Response Payload Sample

Request

    {
      "accountNo": "0206xxxxxxxxxxx"
    }

Normal Response :

    {
      "responseCode": "2000600",
      "responseMessage": "Successful",
      "queueId": "210922T000000316590"
    }

Error Response :

    {
      "responseCode": "5000600",
      "responseMessage": "General Error"
    }

List of Error/Response Code

HTTP Status

Code

Status

Response Description

Description

200

2000600

Success

Successful

Successful

400

4000601

Failed

Invalid Field Format {fieldName}

Invalid format

400

4000602

Failed

Invalid Mandatory Field {fieldName}

Missing or invalid format on mandatory field

401

4010600

Failed

Unauthoried. [Reason]

General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found)

409

4090600

Failed

Conflict

Cannot use same X-EXTERNAL-ID in same day

500

5000600

Failed

General Error

General Error

504

5040600

Failed

Timeout

Timeout from the issue

10. API Inquiry Virtual Card

Endpoint Description

The API Inquiry Virtual Card allows you to inquire about the details of a virtual card previously generated using the "Generate Virtual Card" feature.

General Information

HTTP Method

POST

Path

/snap/v1.0/vcard/inq-virtual-card

Tipe Format

JSON

Authentication

OAuth 2.0 with Access Token

Header Structure

Key

Value

Type

Mandatory

Length

Example

Authorization Authorization String M   Bearer {Token}
X-TIMESTAMP timestamp Datetime M   Format Timestamp ISO8601
X-SIGNATURE signature String M   HMAC_SHA512
Content-type application/json   M   application/json
X-PARTNER-ID   Alphanumeric M 36  
CHANNEL-ID   Alphanumeric M 5  
X-EXTERNAL-ID   Numeric M 36  

Request Structure

Parameter

Data Type

Mandatory

Length

Description

Example

queueId

String

M

64

 

 

Response Structure

Parameter

Data Type

Mandatory

Length

Description

Example

responseCode

String

M

7

Response code

 

responseMessage

String

M

150

Response description

 

cardData

Encrypted Object

 

 

Merujuk pada standar Enkripsi Simetris pada Dokumen Standar Keamanan bagian 2.1.9

 

 

Card Data Object

Parameter

Data Type

Mandatory

Length

Description

Example

bankCardType

String

M

2

D – Debit

 

bankCardNo

String

M

16
Notes :
SNAP BI
(19)

Nomor kartu

 

bankAccountNo

String

M

16

Account number

 

expiryDate

String

M

4

Tanggal Kadaluarsa kartu. Format : MMYY

 

Note: Untuk melakukan dekripsi terhadap card data, gunakan Standar Symmetric Encryption (AES-256-cbc);dengan Client Secret sebagai encryption key yang sudah dienkripsi dengan MD5. 

Pada AES-256-cbc membutuhkan inisialization vector yang mana berisi client secret tanpa dihash MD5. Output dari enkripsi (AES-256-cbc) ini berformat hex encoded. Komponen - komponen yang ada pada (AES-256-cbc) seperti pada tabel berikut :

No.

Komponen

Contoh

1.

Card Data

a7ccf48471c041948b0efa921492fa0bcfe58dade682bf6251cb9ab77a52003b6ccddbfbce6dcff0b367e6cce3732abe6217cff010440de6a2c27707f9b90c186866c197fc26fdc78f0af5f28d88f8f07900194ec5f44278a1bed52a462bf7c331708df125ac6ef0d6850fe35574e578

2.

Initialization Vector

rQpLmMkB4p2zYUQG

3.

Encryption key

00099531c1839c0a0d48fd2d93b271f1

 

Note : Untuk melakukan dekripsi dapat merujuk ke link berikut https://www.javainuse.com/aesgenerator

Sample Dekripsi Card Data :

"cardData": "a7ccf48471c041948b0efa921492fa0bcfe58dade682bf6251cb9ab77a52003b6ccddbfbce6dcff0b367e6cce3732abe6217cff010440de6a2c27707f9b90c186866c197fc26fdc78f0af5f28d88f8f07900194ec5f44278a1bed52a462bf7c331708df125ac6ef0d6850fe35574e578"

Hasil Dekripsi Card Data :

{"bankCardType":"D","bankCardNo":"5221841100014660","bankAccountNo":"0206xxxxxxxxxxx","expiryDate":"0525"}

Request & Response Payload Sample

Request

    {
      "queueId": "210922T000000316590"
    }

Normal Response :

    {
      "responseCode": "2000600",
      "responseMessage": "Successful",
      "cardData": "a7ccf48471c041948b0efa921492fa0bcfe58dade682bf6251cb9ab77a52003b6ccddbfbce6dcff0b367e6cce3732abe6217cff010440de6a2c27707f9b90c186866c197fc26fdc78f0af5f28d88f8f07900194ec5f44278a1bed52a462bf7c331708df125ac6ef0d6850fe35574e578"
    }

Error Response :

    {
      "responseCode": "5000600",
      "responseMessage": "General Error"
    }

List of Error/Response Code

HTTP Status

Code

Status

Response Description

Description

200

2000600

Success

Successful

Successful

400

4000601

Failed

Invalid Field Format {fieldName}

Invalid format

400

4000602

Failed

Invalid Mandatory Field {fieldName}

Missing or invalid format on mandatory field

401

4010600

Failed

Unauthoried. [Reason]

General unauthorized error (No Interface Def, API is Invalid, Oauth Failed, Verify Client Secret Fail, Client Forbidden Access API, Unknown Client, Key not Found)

409

4090600

Failed

Conflict

Cannot use same X-EXTERNAL-ID in same day

500

5000600

Failed

General Error

General Error

504

5040600

Failed

Timeout

Timeout from the issue

D. Minio for EKYC

A. Access

Each partner will be provided with a username and password to access the MinIO bucket. The MinIO production environment URL: minio.bri.co.id
Bucket name: baas-oa-thirdparty_name

For testing purposes on the MinIO (development environment), assistance will be provided by the BRI partnership team.

B. How to Store Files

  1. Create a folder according to the customerId
  2. Upload the KYC files:

No.

Data

File Format

1

ID Card (KTP)

.png

2

BRI prospective customer statement video

.mp4

3

Liveness image

.png

  1. File Naming Conventions:

No.

Data

File Naming

1

ID Card (KTP)

ktp.png

2

BRI prospective customer statement video

video.mp4

3

Liveness image

image1.png, image2.png