Integration Guide
This document provides an overview of the SNAP format, which has been introduced as part of the new rules mandated by the Bank Indonesia. As a Payment Provider, understanding the technical aspects of the SNAP format is crucial for implementing compliant payment systems. This overview will help you familiarize yourself with the key concepts and requirements related to the SNAP format.
Background
Bank Indonesia has recently implemented new rules to standardize payment system in Indonesia. The primary objective is to streamline payment processing, enhance security, and improve interoperability among various payment service providers.
Purpose of SNAP format
The SNAP format aims to provide a uniform structure for exchanging payment information between different participants in the payment ecosystem.
Architecture Type of API
The architecture type used is Representational State Transfer (REST) API.
Data Format
The data format used in the request body and response body is JavaScript Object Notation (JSON).
Character Encoding
The standard character encoding used is UTF-8.
Komponen HTTP Method
The HTTP method functions as an identifier for the action to be performed on a resource, using the commonly used HTTP verbs. The HTTP verb used is:
POST Request
GET Request
DELETE Request
PUT Request
For security considerations, the Access Token retrieval utilizes a POST request. For other services, the appropriate HTTP verb is used based on the operation type and accessed resource. The usage of HTTP methods for each service is specified in the general information table within the SNAP technical specification document.
Server Authorization and Authentication Method Components
The standards employed are:
OAuth 2.0 sesuai RFC6749
Bearer token sesuai RFC6750
In granting access to Service Users, the Service Provider conducts authentication to validate Service Users. The means employed are the exchanged credentials during the collaboration setup process, which include client secret and a pair of public/private keys, used in conjunction with specific cryptographic algorithms.
Encryption Standard Components
The encryption model applied to messages involves both asymmetric and symmetric encryption, utilizing a combination of Private Key and Public Key, adhering to the following standards:
Standard Asymmetric Encryption Signature: SHA256withRSA dengan Private Key ( Kpriv ) dan Public Key ( Kpub ) (256 bits)
Standard Symmetric Encryption Signature HMAC_SHA512 (512 bits)
Standard Symmetric Encryption AES-256 dengan client secret sebagai encryption key.
Last updated