QRIS Merchant Presented Mode (MPM) Dinamis v1.1

Create API

Simplify Your Business with BRIAPI

Watch the video and see how BRIAPI can make your business more efficient with BRI Interbank Transfer.

 

Create API Now

 

What is QRIS Merchant Presented Mode (MPM) Dynamic ?

Quick Response Code Indonesian Standard or QRIS is a combined QR code from every kind of QR code Payment Service Provider. QRIS was developed by the payment service provider industry together with Bank Indonesia with the intention of having a QR code payment service that is easy, fast, and secure.

With QRIS, QR code payment from every kind of service provider application including bank or non-bank will be able to be used at every merchant with QRIS logo.

QRIS Merchant Presented Mode (MPM) Dynamic is a QR code that must be generated and presented to the customer every time the transaction is made. Merchant will need to input the payment amount and the customer will scan the QR code that was generated and printed.

Use Case of API QRIS Merchant Presented Mode (MPM) Dynamic

QRIS Merchant Presented Mode (MPM) Dynamic is suitable for middle and large business merchants with large volume of transactions. With this API merchant will need to input the payment amount and the customer will scan the QR code that was generated and printed.

API Information

Title QRIS Dinamis - MPM
Version v1.1
URL Sandbox https://sandbox.partner.api.bri.co.id/
URL Production https://partner.api.bri.co.id/

Version Control

API Version Date Link to document Description
v1.0 11 Mei 2022 Here Baseline version.
v1.1 31 Juli 2023 this pages Addition of Field issuerRrn to the QR Inquiry Endpoint

 

Product Description

Product Overview

This document aims to explain the API specifications of the development of Dynamic QRIS - MPM with the scheme of merchants issuing QRIS, customers using tools to scan / scan merchant QRIS. Then from BRI sends a notification / callback in accordance with predetermined specifications.

>Product Overview QRIS Merchant Presented Mode (MPM) Dinamis v1.1

Endpoint

A. Get Token

Endpoint Description

This endpoint is used to get an access token that serves as authentication when you want to access other APIs. Pilot tests check that the get token is not hit every time you access the endpoint (integrator).

General Information

HTTP Method POST
Path /snap/v1.0/access-token/b2b
Type Format JSON
Authentication Digital Signature

Header Structure

Key Value Format Mandatory Length Description Example
X-SIGNATURE     M  

Retrieved from algoritma asymmetric signature SHA256withRSA

(Private_Key, stringToSign). stringToSign = client_ID + “|” + XTIMESTAMP

  
X-CLIENT-KEY   Alphanumeric M   Client’s client_id (Nama PJP) (given upon completion of registration process)  
X-TIMESTAMP   Datetime M   Client's current local time yyyy-MM- ddTHH:mm:ss.SSSTZD format  
Content-Type application/json M        

Request Structure

Field Data Type Format Mandatory Length Description Example
grantType String Alphabet Y   “client_credentials” : a client may request an access token using only its client credentials (or other supported means of authentication) when the client requests access to a protected resource under its control. (OAuth 2.0: RFC 6749 & 6750) client_credentials

Response Structure

Field Data Type Format Mandatory Length Description Example
responseCode String Numeric C   Response code (example code)
responseMessage String Alphabet C   Response description (example message)
accessToken String Alphanumeric M  

The access token type provides the client with the information necessary to successfully use the access token to protect the resource request (along with type-specific attributes) The type of token type:

  • “Bearer”: includes the access token string during the request
  • • “Mac”: issues an authentication code key (MAC) message along with the access token that is used to sign certain components of the HTTPReference request: OAuth2.0 RFC 6749 & 6750

Referensi: OAuth2.0 RFC 6749 & 6750

 (example access token)
tokenType String Alphabet M     (example token type)
expiresIn String Alphanumeric M   The session ends in seconds: 900 (15 minutes) (example expiration)

 

 {
  "grantType": "client_credentials"
 }

Normal Response:

 

 {
   "accessToken": "jwy7GgloLqfqbZ9OnxGxmYOuGu85",
   "tokenType": "BearerToken",
   "expiresIn": "899"
}

Error Response:

 {
  "responseCode": "4007301",
  "responseMessage": "Invalid Field Format"
}

List of Error/Response Code

HTTP Status Code Response Status Response Description Deskripsi
200 Success - -
400 4007300 Failed Bad Request -
400 4007301 Failed Invalid Field Format -
401 4017300 Failed Unauthorized Client -
401 4017300 Failed Unauthorized stringToSign -
401 4017300 Failed Unauthorized Signature -
401 4017301 Failed Invalid Token (B2B) -
500 500000 Failed General Error -

Signature

Signature ensures that the transmitted data is authentic and cannot be refuted. The signature is generated by the service user and verified by the service receiver.

The signature is formed from the specified payload, by implementing the HMAC_SHA512 algorithm with clientSecret as the key.

Payload

Payload tergabung dari kata kerja, path, token, timestamp, dan body. Dengan format Symetric-Signature:

HMAC_SHA512 (clientSecret, stringToSign) dengan rumus stringToSign = HTTPMethod + ": "+ EndpointUrl + ": "+ AccessToken + ":" + Lowercase(HexEncode(SHA-256(minify(RequestBody))))+ ":" +TimeStamp

Example:

POST:/snap/v1.1/dummy:muhpwhwOkPRU9nNXYnyYHj8t54x3:8b4e9e83b5231cff4f84358ec8ca81951cfe9f999f635b1566452a501d5c23b2:2021-11- 29T09:22:18.172+07:00

The details of each element in the payload are described below:

Path

Value in path is URL after hostname and port without Query Parameter

Example:

https://sandbox.partner.api.bri.co.id/simulator/qr/qr-cpm-payment-url becomes /simulator/qr/qr-cpm-payment-ur

Verb

Method HTTP with capital letters.

Example: GET, POST, PUT, PATCH, and DELETE.

Token

The token used in the Authorisation header.

Example:  Bearer R04XSUbnm1GXNmDiXx9ysWMpFWBr

Timestamp

The time when sending the API request. The time format must follow ISO8601 format (yyyy-MM-ddTHH:mm:ss.SSSZ). Must be within zero UTC offset.

Example:

2021-11-02T13:14:15.678+07:00

Body

Body when submitting an API request. Lowercase(HexEncode(SHA-256(minify(RequestBody))))

Contoh: {"hello":"world"}

Result SHA256 : a47a5f14b3e78b5e3d3f81b1a1468499be964660f818c10adcac792c42709749

If there is no request body, for example using the GET method, just leave it blank.

Rerefrensi : https://developers.bri.co.id/en/snap-bi/apidocs-oauth-snap-bi

B. Generate QR

Endpoint Description

The Generate QR API is used to generate the Dynamic MPM QR.

General Information

HTTP Method

POST

Path

/v1.1/qr-dynamic-mpm/qr-mpm-generate-qr

Type Format

JSON

Authentication

OAuth 2.0

Header Structure

Key Value Format Mandatory Length Description
Authorization Authorization Alphanumeric M - Bearer {Token}
X-TIMESTAMP BRI - timestamp Datetime M - Format Timestamp ISO8601
X-SIGNATURE BRI - Signature Alphanumeric M - HMAC_SHA512
Content-Type application/json Alpha M - application/json
X-PARTNER-ID   Alphanumeric M 36  
CHANNEL-ID   Alpha M 5  
X-EXTERNAL-ID   Numeric M 36  

Request Structure

Field Data Type Mandatory Length Description Example
partnerReferenceNo String M 6 Identify transactions in the customer service system 1234567890133
amount Object M - The detailed contents of the object amount are in the table belowi  
merchantId String M 64 A unique ID owned by each merchant 00007100010926
terminalId String M 16 Terminal ID 213141251124

Request Structure dalam Object "amount"

Field Data Type Mandatory Length Description Example
value Decimal M 18 The net amount of the transaction. If it is IDR then the value includes 2 decimal places. for example IDR 10,000,- will be placed with 10000.00 123456.00
currency String M 3 3 digit Code ISO Currency IDR

Response Structure

Field Data Type Mandatory Length Description Example
responseCode String M 7

Response code

HTTP status code + service code + case code

 2004700
responseMessage String M 150 Description response Successfull
partnerReferenceNo String M 6 Transaction identification number in the customer service system 1234567890133
qrContent String M 512 QR String MPM  
referenceNo String M 12 The transaction identification number on the service provider's system. 409676201434

Request & Response Payload Sample

Request:

{
  "partnerReferenceNo": "1234567890133",
   "amount": {
     "value": "123456.00",
     "currency": "IDR"
   },
   "merchantId": "00007100010926",
   "terminalId": "213141251124"
}

Normal Response:

{
  "responseCode": "2004700",
  "responseMessage": "Successful",
  "partnerReferenceNo": "1234567890133",
  "qrContent": "0002XXXXXXXXX",
  "referenceNo": "409676201434"
}

C. Inquiry Payment

Endpoint Description

Endpoint to make a Dynamic MPM QR payment inquiry.

General Information

HTTP Method

POST

Path

/v1.1/qr-dynamic-mpm/qr-mpm-query

Type Format

JSON

Authentication

OAuth 2.0

Header Structure

Key Value Format Mandatory Length Deskripsi
Authorization Authorization Bearer {Token} Alphanumeric M    
X-TIMESTAMP BRI - timestamp Datetime M   Format Timestamp ISO8601
X-SIGNATURE BRI - Signature Alphanumeric M   HMAC_SHA512
Content-Type application/json Alpha M   application/json
X-PARTNER-ID   Alphanumeric M 36  
CHANNEL-ID   Alpha M 5  
X-EXTERNAL-ID   Numeric M 36  

Request Structure

Field Data Type Mandatory Length Description Example
originalReferenceNo String M 64 Transaction identification number in the service provider's system 000008526955
serviceCode String M 2 Transaction type indicator (service code of the original request transaction) 17
additionalInfo Object M   Details of the contents of the additionalInfo object are in the table below  

Request Structure dalam Object "additionalInfo"

Field Data Type Mandatory Length Description Example
terminalId String M 16 ID Terminal 100492

Response Structure

Field Data Type Mandatory Length Description Example
responseCode String M 7

Response Code

HTTP status code + service code + case code

 2005100
responseMessage String M 150 Description Response Successful
originalReferenceNo String C 64 Transaction identification number in the service provider's system 290005165369
serviceCode String M 2 Service Code 17
latestTransactionStatus String M 2

00 - Success

01 - Initiated

02 - Paying

03 - Pending

04 - Refunded

05 - Canceled

06 - Failed

07 - Not found

 00 - Success
transactionStatusDesc String O 50 Description of the transaction status Successfully
amount Object M   Details of the contents of the additionalInfo object are in the table below  
terminalId String O 16 Terminal identification 10049258
additionalInfo Object O   Details of the contents of the additionalInfo object are in the table below  

Response Structure dalam Object "amount"

Field Data Type Mandatory Length Description Example
value Decimal M 18 The net amount of the transaction. If it is IDR then the value includes 2 decimal places. for example IDR 10,000,- will be placed with 10000.00 2000.00
currency String M 3 3 digit Code ISO Currency IDR

Response Structure dalam Object "additionalInfo"

Field Data Type Mandatory Length Description Example
customerName String O   Name of customer I GEDE TONI DHARMAWAN
customerNumber String O   Consumer number 9360015723456789
invoiceNumber String O   Invoice number 10009121031000912103
issuerName String O   Issuer name Finnet 2
issuerRrn String O   transaction id of the QR issuer 110002756582
mpan String O   Merchant PAN of the original Payment QR 9360000201102921379

Request & Response Payload Sample Request:

{
  "originalReferenceNo":"290005165369",
  "serviceCode":"17",
  "additionalInfo":{
    "terminalId": "10049258"
  }
}

Normal Response:

{
    "responseCode": "2005100",
    "responseMessage": "Successful",
    "originalReferenceNo": "290005165369",
    "serviceCode": "17",
    "latestTransactionStatus": "00",
    "transactionStatusDesc": "Successfully",
    "amount": {
        "value": "2000.00",
        "currency": "IDR"
    },
    "terminalId": "10049258",
    "additionalInfo": {
        "customerName": "I GEDE TONI DHARMAWAN",
        "customerNumber": "9360015723456789",
        "invoiceNumber": "10009121031000912103",
        "issuerName": "Finnet 2",
        "issuerRrn": "110002756582",
        "mpan": "9360000201102921379"
    }
}

List of Error/Response Code

HTTP Status Code Code Status Response Description Description
200 00 Sukses Successfull Success
202 00 Pending Transaction still on process Transaction in progress
202 00 Pending Request on progress Payment is in process / failed
400 01 Failed Invalid Field Format Request Invalid Request Format
403 00 Failed Transaction Expired Refund is no longer possible
403 02 Failed Exceeds Transaction Amount Limit Amount exceeding the limit
403 15 Failed Transaction Not Permitted. Invalid Data. Abort Process Invalid Data. Abort Process
403 15 Failed Transaction Not Permitted. QR Expired QR Expired
403 23 Failed Account Limit Exceed Accumulated Amount Exceeds Limit
404 01 Failed Transaction Not Found
  • CPAN data not found
  • Invalid Number
  • Transaction has been refunded
  • Data not found
404 08 Failed Invalid Merchant Invalid Merchant
404 11 Failed Invalid Card/Account/Customer [info]/Virtual Account Invalid CPAN
404 12 Failed Invalid Bill Invalid transaction / invalid number
404 13 Failed Invalid Amount Invalid Amount
404 14 Failed Paid Bill Transaction Paid
500 01 Failed Internal Server Error Retrieve Data Failed Retrieve Data Failed
500 01 Failed Internal Server Error Database Error Database Error