Skip to main content
POST
/
api
/
v1.1
/
access-token
/
b2b
Access Token v1.1
curl --request POST \
  --url https://sandbox-payment-b2b.singapay.id/api/v1.1/access-token/b2b \
  --header 'Content-Type: application/json' \
  --header 'X-CLIENT-ID: <x-client-id>' \
  --header 'X-PARTNER-ID: <api-key>' \
  --header 'X-Signature: <x-signature>' \
  --data '
{
  "grant_type": "client_credentials"
}
'
{
  "status": 200,
  "success": true,
  "data": {
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
    "token_type": "Bearer",
    "expires_in": "216000"
  }
}

Authorizations

X-PARTNER-ID
string
header
required

Merchant API key (Credential.api_key). Required on every request.

Headers

X-PARTNER-ID
string
required

Merchant API key that identifies the partner. Used together with X-CLIENT-ID to resolve the merchant credentials.

Example:

"a1b2c3d4-5678-90ab-cdef-1234567890ab"

X-CLIENT-ID
string
required

Merchant client identifier (client_id) issued to the merchant during onboarding.

Example:

"SGP-CLIENT-001"

X-Signature
string
required

Lowercase hexadecimal HMAC-SHA512 digest of {client_id}_{client_secret}_{YYYYMMDD} signed with the merchant client_secret. Valid only for the current server date (Ymd).

Example:

"c8f1d3e2a4b6...0f9e8d7c6b5a4938271605f4e3d2c1b0a9f8e7d6c5b4a3928170f6e5d4c3b2a1"

Body

application/json

Request body for the OAuth 2.0 client credentials grant. The only supported value for grant_type is client_credentials; any other value is rejected with HTTP 422.

grant_type
enum<string>
required

The OAuth grant type. Must be the literal string client_credentials.

Available options:
client_credentials
Example:

"client_credentials"

Response

Authentication succeeded. The response data contains the issued JWT and its metadata (OAuthAccessTokenResponseData).

Standard success envelope returned by the security endpoints. Wraps the issued token payload in the Flugger responder format (status, success, data).

status
integer

HTTP status code of the response.

Example:

200

success
boolean

Indicates whether the request was processed successfully. Always true for a 200 response.

Example:

true

data
object

The access token payload.