# B2B ### API Endpoint To get access token, you need to hit this API endpoint :

Type Value

Service Code 73

HTTP Method POST

Path

Type	Value
Service Code	73
HTTP Method	POST
Path	/authorization/v1/access-token/b2b`

/authorization/v1/access-token/b2b`

### API Request Header to get Token ```json X-SIGNATURE: Pxlv2IIUVdlzdUnbSQqug8YeghmKXJ7Rw5P4xBOOB/tC457UsoZXkO4S1R3oszVcjZDSh38+== X-TIMESTAMP: 2022-10-07T14:18:39+07:00 X-CLIENT-KEY: MCH-0008-1296507211683 Content-Type: application/json ``` #### Request Header Explanation

Parameter	Data Type	Type	Description
X-Signature	`string`	Mandatory	Non-Repudiation & Integrity checking X-Signature : with asymmetric signature algorithm SHA256withRSA (Private_Key, stringToSign) `stringToSign = client_ID + “\|” + X- TIMESTAMP`
X-Timestamp	`string`	Mandatory	Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
X- Client-Key	`string`	Mandatory	Client’s client_id (PJP Name) (given at completion registration process) Merchant to DOKU : client_id merchant `Acquirer to DOKU : client_key given by DOKU` `DOKU to Acquirer : client_key given by acquirer.`
content-type	`string`	Mandatory	String represents indicate the media type of the resource (e.g. application/json, application/pdf)

### API Request Body Here is the sample of request body to Get Token : ````json { "grantType":"client_credentials" } ``` ```` #### Request Body Explanation

Parameter Data Type Type Description

Parameter	Data Type	Type	Description
`grantType`	String	Mandatort	“client_credentials” : The client can request an access token using only its client credentials (or other supported means of authentication) when the client is requesting access to the protected resources under its control (OAuth 2.0: RFC 6749 & 6750)

grantType

String

Mandatort

“client_credentials” : The client can request an access token using only its client credentials (or other supported means of authentication) when the client is requesting access to the protected resources under its control (OAuth 2.0: RFC 6749 & 6750)

### API Response Body #### API Response Header After hitting the above API Request, DOKU will give the response below | Type | Value | | ----------- | ------- | | HTTP Status | 200 | | Result | Success | ```json X-CLIENT-KEY: "MCH-0008-1296507211683", X-TIMESTAMP: "2022-10-07T14:26:50+07:00" ```

Parameter Data Type Type Description

X-Timestamp String Mandatory Client's current local time in YYYY-MM-DDTHH:mm:ssZ format

X-Client-Key

String

Mandatory

Parameter	Data Type	Type	Description
X-Timestamp	String	Mandatory	Client's current local time in YYYY-MM-DDTHH:mm:ssZ format
X-Client-Key	String	Mandatory	Client’s client_id (PJP Name) (given at completion registration process) `Merchant to DOKU : client_id merchant.` `DOKU to Acquirer : client_key given by acquirer.` `Acquirer to DOKU : client_key given by DOKU`

Client’s client_id (PJP Name) (given at completion registration process)

Merchant to DOKU : client_id merchant.

DOKU to Acquirer : client_key given by acquirer.

Acquirer to DOKU : client_key given by DOKU

#### API Response Body ```json { "responseCode": "2007300", "responseMessage": "Successful", "accessToken": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2NjUxMjc3OTEsIm5iZiI6MTY2NTEyNjg5MSwiaXNzIjoiRE9LVSIsImlhdCI6", "tokenType": "Bearer", "expiresIn": 900, "additionalInfo": "" } ```

Parameter	Data Type	Type	Description
`responseCode`	String (6)	Mandatory	Response Code : `HTTP status code + service code + case code`
`responseMessage`	String	Mandatory	Response Description
`accessToken`	String (2048)	Mandatory	A string representing an authorization issued to the client that used to access protected resources.
`tokenType`	String	Mandatory	The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). Token Type Value: “Bearer”: includes the access token. string in the request “Mac”: issuing a Message. Authentication Code (MAC) key together with the access token that is used to sign certain components of the HTTP requests. Reference: OAuth2.0 RFC 6749 & 6750
`expiresIn`	String	Mandatory	Session expiry in seconds : 900 (15 minute )
`additionalInfo`	String	Optional	Additional Information

#### Error Response For several error cases, the response appear would be like below : {% tabs %} {% tab title="X-Timestamp format no valid" %} ```json "responseCode": "4017300", "responseMessage": "Unauthorized. Unknown Client" ``` {% endtab %} {% tab title="Signature not valid" %} ```json "responseCode": "4017300", "responseMessage": "Unauthorized. Signature" ``` {% endtab %} {% tab title="X-Client Key not authorized" %} ````json "responseCode": "4017300", "responseMessage": "Unauthorized. Unknown Client" ``` ```` {% endtab %} {% endtabs %}