QR Code SNAP
QR Code SNAP is Brick's SNAP-standard QRIS integration flow. Use QR Code SNAP when your integration must create and query QR Code transactions using SNAP B2B authentication, request signing, and SNAP-specific headers.
This flow is separate from the general Brick public access token flow. Start by generating a SNAP access token, then use that bearer token with the QR Code SNAP create and status APIs.
SNAP Overview
The Standar Nasional Open API Pembayaran (SNAP) is a national standard for open payment APIs established by Bank Indonesia. This standard aims to foster a healthy, competitive, and innovative payment system industry while ensuring integration, interconnection, and interoperability of payment infrastructure. It also promotes secure and reliable payment systems through well-defined security, technical, and data standards. SNAP enables consistent market practices that are efficient, fair, and in line with global payment system advancements.
SNAP was formalized through Bank Indonesia Governor's Decree No. 23/10/KEP.GBI/2021 on August 16, 2021, requiring gradual adoption by all payment providers. Key components include governance guidelines for maintaining API connectivity and technical specifications that enhance the reliability and security of financial transactions.
How to Obtain Your SNAP Public Key
Follow these steps to generate your SNAP public key:
- Generate a private key:
Use the command:Code - Generate a public key:
Use the command:
Note: The -in naming (eg. rsa_private_key.pem) specifies the same file title as the private key generated in the previous step, ensuring consistency.Code - Send your public key:
Share the generated public key file (rsa_public_key.pem) with the Brick team. Brick team will set your SNAP public key and once the public key is set, client can start to do SNAP-based API transactions.
X-Signature Guidance
The X-SIGNATURE is an asymmetric signature using the SHA256withRSA algorithm. It is used to secure SNAP API requests.
| Action | Generated by | stringToSign format |
|---|---|---|
| Get Access Token | SHA256withRSA(Private_Key, stringToSign) | clientID + "|" + X-TIMESTAMP |
| Generate Dynamic QR Code | SHA256withRSA(Private_Key, stringToSign) | HTTPMethod + ":" + EndpointUrl + ":" + Lowercase(HexEncode(SHA-256(minify(RequestBody)))) + ":" + TimeStamp |
| Status for Dynamic QR Code | SHA256withRSA(Private_Key, stringToSign) | HTTPMethod + ":" + EndpointUrl + ":" + Lowercase(HexEncode(SHA-256(minify(RequestBody)))) + ":" + TimeStamp |