NAV Navbar
cURL Javascript PHP Java

Introduction

BRIAPI sandbox endpoint

https://sandbox.partner.api.bri.co.id

BRIAPI is an Application Programming Interfaces (APIs) that developed by BRI to enables integration between your application and BRI services. BRIAPI enables your company to ease the transaction experience for your customer.

Getting Started

You can start using BRIAPI by following three steps below:

Register

First of all you have to create a BRIAPI account. Click Register on BRIAPI developer portal homepage and input your First Name, Last Name, Username, and Email on the registration form. Read the Terms and Conditions and tick the "I agree with Terms and Conditions" checkbox. Don't forget to validate the CAPTCHA to prove that you are a human. Sorry, robots are not allowed to register. Then click Create new account.

Registration Form

Wait for the activation email to be sent. Follow the link provided to activate your BRIAPI account and set your password.

Setting Password

Congratulations, you are one step closer to start experimenting with BRIAPI.

Create Portal App

You will get the appropriate key and secret to be used on BRIAPI sandbox environment by creating app on our developer portal. After you have login to the portal, open My Apps menu.

Add New App

Then click New App. Fill App Name. Leave Callback URL empty. For this example, we can choose inquiry-sandbox. But you can choose all endpoint if you want or you can always edit your portal app or add new one. Adding a new portal app will create new key and secret, while edit portal app will keep key and secret remain same.

Create App Form

After that, there will be your newly created portal app in your My Apps menu. If your page only showing your portal app title, please click the app's title and it will show the details of your app.

App Detail

The most important thing on that page is the Consumer Key and Consumer Secret. This key and secret will be needed to access our sandbox environment.

Make Your First Request

Finally, you arrive at the final step to start integrating BRIAPI to your application. All endpoints in BRIAPI are REST-based and using JSON format. We recommend Postman to ease your integration to our API. In this guide, you will create a request to our Account Information API.

Before you start, please download the Postman collection and environment. Import the downloaded files into your Postman.

Import Collection Import Environment

Fill id_key with your Consumer Key and secret_key with your Consumer Secret.

Input Key and Secret

After importing and filling your key and secret, you can start making a request to BRIAPI. First of all, hit Get Token request. Every endpoint will check this token to decide whether you are authorized or not.

Input Key and Secret

curl -X POST 'https://sandbox.partner.api.bri.co.id/oauth/client_credential/accesstoken?grant_type=client_credentials' \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -d 'client_id={{KEY}}&client_secret={{SECRET}}'

If you use our Postman collection, you only need to open Get Token request and click Send. You will get information about your BRIAPI account. Most important information is access_token. This token will be used throughout API call. If you're feeling confused right now, don't worry. We will explain more detail about this on Authentication.

Get Token example response:

{
    "refresh_token_expires_in": "0",
    "api_product_list": "[inquiry-sandbox]",
    "api_product_list_json": [
        "inquiry-sandbox"
    ],
    "organization_name": "bri",
    "developer.email": "furkorsan.gantheng@xyz.com",
    "token_type": "BearerToken",
    "issued_at": "1557891212144",
    "client_id": "8E20dpP7KtakFkShw5tQHOFf7FFAU01o",
    "access_token": "R04XSUbnm1GXNmDiXx9ysWMpFWBr",
    "application_name": "317d0b2f-6536-4cac-a5f0-3bc9908815b3",
    "scope": "",
    "expires_in": "179999",
    "refresh_count": "0",
    "status": "approved"
}

We also provide the curl command if you don't like using Postman. Replace {{KEY}} with your Consumer Key and {{SECRET}} with your Consumer Secret. Please omit the {{ and }} sign.

Get Token

curl -X GET 'https://sandbox.partner.api.bri.co.id/v1/inquiry/888801000157508' \
    -H 'Authorization: Bearer {{TOKEN}}' \
    -H 'BRI-SIGNATURE: {{SIGNATURE}}' \
    -H 'BRI-TIMESTAMP: {{TIMESTAMP}}'

You can try calling Account Information after getting success response from Get Token. Insert token you got to the Authorization header. If you use our Postman collection, everything will be done automatically because we added some script to automate it. But, if you are using curl, you have to copy and paste the token manually. We provide for the curl command snippet next to this text. Replace {{TOKEN}} with the token you get from Get Token request you made earlier. Replace {{TIMESTAMP}} with current timestamp in ISO8601 format. Replace {{SIGNATURE}} with signature generated based on the algorithm explained in Signature. Don't forget to omit the {{ and }} sign.

Account Information

You will get success response if you input valid token, signature, and timestamp. Just use our Postman collection if you want to do it the easy way.

Authentication

Mandatory headers in all API calls besides Get Token:

Authorization: Bearer {{TOKEN}}
BRI-Signature: {{SIGNATURE}}
BRI-Timestamp: {{TIMESTAMP}}

BRIAPI uses OAuth 2 to allow access to the API. OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service. Before making request to our API, you have to retrieve token by calling Get Token endpoint.

Besides secured with OAuth 2 token, BRIAPI also generate signature to ensure that the request or response cannot be intercepted and impersonated by unauthorized user. This signature is generated using SHA256-HMAC algorithm.

These request headers must be included in every API calls besides Get Token:

Key Value
Authorization Bearer {{TOKEN}}
BRI-Signature {{SIGNATURE}}
BRI-TIMESTAMP {{TIMESTAMP}}

Token

This endpoint is used to generate token. This token is required for making an API call. Put this token in Authorization header.

curl -X POST 'https://sandbox.partner.api.bri.co.id/oauth/client_credential/accesstoken?grant_type=client_credentials' \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -d 'client_id={{KEY}}&client_secret={{SECRET}}'
<?php
$url ="https://sandbox.partner.api.bri.co.id/oauth/client_credential/accesstoken?grant_type=client_credentials";
$data = "client_id=&client_secret=";
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");  //for updating we have to use PUT method.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch,CURLOPT_POSTFIELDS,$data);
$result = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

$json = json_decode($result, true);
$accesstoken = $json['access_token'];

// $datas = json_encode($result, true);

// echo "<br/> <br/>";
// echo "resssss : ".$result;
// echo "<br/> <br/>";

echo "accesstoken : ".$accesstoken;
echo "<br/> <br/>";
?>

Example response:

{
    "refresh_token_expires_in": "0",
    "api_product_list": "[inquiry-sandbox]",
    "api_product_list_json": [
        "inquiry-sandbox"
    ],
    "organization_name": "bri",
    "developer.email": "furkorsan.gantheng@xyz.com",
    "token_type": "BearerToken",
    "issued_at": "1557891212144",
    "client_id": "8E20dpP7KtakFkShw5tQHOFf7FFAU01o",
    "access_token": "R04XSUbnm1GXNmDiXx9ysWMpFWBr",
    "application_name": "317d0b2f-6536-4cac-a5f0-3bc9908815b3",
    "scope": "",
    "expires_in": "179999",
    "refresh_count": "0",
    "status": "approved"
}

HTTP Request

POST https://sandbox.partner.api.bri.co.id/oauth/client_credential/accesstoken?grant_type=client_credentials

Request Header

Key Value Mandatory
Content-Type application/x-www-form-urlencoded Yes

Request Body

Field Data Type Mandatory Description
client_id string Yes Consumer key
client_secret string Yes Consumer secret

Signature

signature = Base64(SHA256-HMAC(payload))

Example code to generate signature:

Please choose other language tab
// change SECRET to your Consumer Secret value
var secret = "SECRET";
var timestamp = new Date().toISOString();

var payload = 'path=' + requestPath + '&verb=' + httpMethod +
    '&token=Bearer ' + token + '&timestamp=' + timestamp +
    '&body=' + requestBody;

var hmacSignature = CryptoJS.enc.Base64
    .stringify(CryptoJS.HmacSHA256(payload, secret_key);
<?php
// change SECRET to your Consumer Secret value
$secret = "SECRET";
$timestamp = gmdate("Y-m-d\TH:i:s.000\Z");

$payload = "path=$path&verb=$verb&token=Bearer $token&timestamp=$timestamp&body=$body";

$signPayload = hash_hmac('sha256', $payload, $secret, true);
$base64sign = base64_encode($signPayload);
?>
public static void main(String[] args) {
    try {
        String path = "";
        String verb = "";
        String token = "";
        String timestamp = createTimestamp();
        String body = "";
        String key = "";

        String payload = "path=" + path + "&verb=" + verb + "&token=" + token + 
                         "&timestamp=" + timestamp + "&body=" + body;

        messageContext.setVariable("debug-payload", payload);
        messageContext.setVariable("timestamp", timestamp);

        String signatureString = createSignature(payload,key);
        messageContext.setVariable("signature", signatureString);
    } catch (Exception e) {
        e.printStackTrace();
    }
}

String createTimestamp() {
    TimeZone tz = TimeZone.getTimeZone("UTC");
    DateFormat df = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
    df.setTimeZone(tz);

    return df.format(new Date());
}

String createSignature(String payload, String key) throws NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeyException {
    Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
    SecretKeySpec secret_key = new SecretKeySpec(key.getBytes("UTF-8"), "HmacSHA256");
    sha256_HMAC.init(secret_key);

    byte[] signatureByte = sha256_HMAC.doFinal(payload.getBytes("UTF-8"));

    return DatatypeConverter.printBase64Binary(signatureByte);
}

Digital signature ensures reliability and anti-repudiation of data transmitted. Signature is generated by the service requestor, and verified by the service recipient.

The payload data will be signed with SHA256-HMAC algorithm using your Consumer Secret. The signature is formed by the specified payload. The signature value is then encoded with Base64 and filled into API requests header BRI-Signature.

Payload

Payload consists of path, verb, token, timestamp, and body. Example payload:

path=/v1/inquiry/888801000157508&verb=GET&token=Bearer R04XSUbnm1GXNmDiXx9ysWMpFWBr&timestamp=2019-01-02T13:14:15.678Z&body=

Details of each element inside the payload are explained below:

1. Path

The value for path is the URL after hostname and port without the query parameters.

Example:

from

https://sandbox.partner.api.bri.co.id/v1/transfer/internal?noreferral=12345

to

/v1/transfer/internal

2. Verb

HTTP method in uppercase, i.e. GET, POST, PUT, PATCH, and DELETE.

3. Token

Token used in Authorization header.

Example:

Bearer R04XSUbnm1GXNmDiXx9ysWMpFWBr

4. Timestamp

Timestamp at the moment you call the API. The timestamp format must follow ISO8601 format (yyyy-MM-ddTHH:mm:ss.SSSZ). It has to be in the zero UTC offset.

Example:

2019-01-02T13:14:15.678Z

5. Body

Request body sent for the API call. Example:

&body={"hello":"world"}

If there is no request body, such as on GET call, leave it empty. Example:

&body=

Signature Simulation
















Payload :




Signature :

Account Information

This API is used to check your company account information, including account name, balance, and status.

Endpoint

curl -X GET 'https://partner.api.bri.co.id/sandbox/v2/inquiry/888801000157508' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Signature: {{SIGNATURE}}' \
  -H 'BRI-Timestamp: {{TIMESTAMP}}'
<?php
$NoRek = "888801000157508";
$secret = "YOUR SECRET KEY";
$timestamp = gmdate("Y-m-d\TH:i:s.000\Z");
$token = $accesstoken;
$path = "/sandbox/v2/inquiry/".$NoRek;
$verb = "GET";
$body="";

$base64sign = generateSignature($path,$verb,$token,$timestamp,$body,$secret);

$urlGet ="https://partner.api.bri.co.id/sandbox/v2/inquiry/".$NoRek;
$chGet = curl_init();
curl_setopt($chGet,CURLOPT_URL,$urlGet);

$request_headers = array(
                    "Authorization:Bearer " . $token,
                    "BRI-Timestamp:" . $timestamp,
                    "BRI-Signature:" . $base64sign
                );
curl_setopt($chGet, CURLOPT_HTTPHEADER, $request_headers);
curl_setopt($chGet, CURLINFO_HEADER_OUT, true);


// curl_setopt($chGet, CURLOPT_CUSTOMREQUEST, "GET");  //for updating we have to use PUT method.
curl_setopt($chGet, CURLOPT_RETURNTRANSFER, true);

$resultGet = curl_exec($chGet);
$httpCodeGet = curl_getinfo($chGet, CURLINFO_HTTP_CODE);
// $info = curl_getinfo($chGet);
// print_r($info);
curl_close($chGet);

$jsonGet = json_decode($resultGet, true);


echo "<br/> <br/>";
echo "Response Get : ".$resultGet;
echo "<br/> <br/>";
?>

Example response:

{
    "responseCode": "0100",
    "responseDescription": "Inquiry success",
    "errorDescription": "",
    "Data": {
        "sourceAccount": "888801000157508",
        "sourceAccountName": "ALOYSIUS AGUS WARI Z",
        "sourceAccountStatus": "Rekening Aktif",
        "sourceAccountBalace": "49615063835.3",
        "registrationStatus": "Rekening terdaftar an. BRI Application Program Interface"
    }
}

HTTP Request

GET https://partner.api.bri.co.id/sandbox/v2/inquiry/{{ACCOUNT_NUMBER}}

URL Parameters

Parameter Type Max Char Mandatory Description
ACCOUNT_NUMBER Numeric 15 Yes You can use 888801000157508 or 888801000003301 in our sandbox environment

Account Transaction History

This API will show your company account transaction history with maximum one month period each request.

Endpoint

curl -X GET 'https://sandbox.partner.api.bri.co.id/v1/statement/888801000025507/2019-12-25/2019-12-25' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Signature: {{SIGNATURE}}' \
  -H 'BRI-Timestamp: {{TIMESTAMP}}'

Example response:

{
  "status": true,
  "data": [
    {
      "jenis_tran": "A",
      "nomor_rekening": "888801000025507",
      "tanggal_tran": "2019-03-02 17:22:27",
      "posisi_neraca": "Kredit",
      "mutasi_debet": "0.00",
      "mutasi_kredit": "10000000.00",
      "mata_uang": "IDR",
      "ket_tran": "trfSbxTab_23",
      "kode_tran": "8700",
      "nomor_reff": "582",
      "channel_id": "8888891",
      "saldo_awal_mutasi": "0.00",
      "saldo_akhir_mutasi": "10000000.00"
    },
    {
      "jenis_tran": "A",
      "nomor_rekening": "888801000025507",
      "tanggal_tran": "2019-03-21 18:18:43",
      "posisi_neraca": "Kredit",
      "mutasi_debet": "0.00",
      "mutasi_kredit": "100.00",
      "mata_uang": "IDR",
      "ket_tran": "tes",
      "kode_tran": "8700",
      "nomor_reff": "202270",
      "channel_id": "8888891",
      "saldo_awal_mutasi": "10000000.00",
      "saldo_akhir_mutasi": "10000100.00"
    }
  ]
}

HTTP Request

GET https://sandbox.partner.api.bri.co.id/v1/statement/{{ACCOUNT_NUMBER}}/{{START_DATE}}/{{END_DATE}}

URL Parameters

Parameter Type Max Char Mandatory Description
ACCOUNT_NUMBER Numeric 15 Yes You can use 888801000157508 or 888801000003301 in our sandbox environment
START_DATE Date 10 Yes Date format is yyyy-mm-dd
END_DATE Date 10 Yes Date format is yyyy-mm-dd

Fund Transfer

This API enables you to make fund transfer between two BRI account. The source account has to be your company account. Fund transfer can be made between several account type i.e. current account, saving account, or cash card virtual account.

Account Validation

This endpoint is used to validate source and destination account that will be used in transfer. Usually, it is called before making fund tranfer request to ensure the account are correct.

curl -X GET 'https://sandbox.partner.api.bri.co.id/v2/transfer/internal/accounts?sourceAccount=888801000003301&beneficiaryAccount=888801000157508' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Signature: {{SIGNATURE}}' \
  -H 'BRI-Timestamp: {{TIMESTAMP}}'
<?php
$NoRek = "888801000157508";
$secret = "YOUR SECRET KEY";
$timestamp = gmdate("Y-m-d\TH:i:s.000\Z");
$token = $accesstoken;
$path = "/sandbox/v2/inquiry/".$NoRek;
$verb = "GET";
$body="";

$base64sign = generateSignature($path,$verb,$token,$timestamp,$body,$secret);

$urlGet ="https://sandbox.partner.api.bri.co.id/v2/transfer/internal/accounts?sourceAccount=".$NoRek;
$chGet = curl_init();
curl_setopt($chGet,CURLOPT_URL,$urlGet);

$request_headers = array(
                    "Authorization:Bearer " . $token,
                    "BRI-Timestamp:" . $timestamp,
                    "BRI-Signature:" . $base64sign
                );
curl_setopt($chGet, CURLOPT_HTTPHEADER, $request_headers);
curl_setopt($chGet, CURLINFO_HEADER_OUT, true);


// curl_setopt($chGet, CURLOPT_CUSTOMREQUEST, "GET");  //for updating we have to use PUT method.
curl_setopt($chGet, CURLOPT_RETURNTRANSFER, true);

$resultGet = curl_exec($chGet);
$httpCodeGet = curl_getinfo($chGet, CURLINFO_HTTP_CODE);
// $info = curl_getinfo($chGet);
// print_r($info);
curl_close($chGet);

$jsonGet = json_decode($resultGet, true);

echo "<br/> <br/>";
echo "Response Get : ".$resultGet;
echo "<br/> <br/>";
?>

The above command returns JSON structured like this:

{
  "responseCode": "0100",
  "responseDescription": "Inquiry Success",
  "errorDescription": "",
  "Data": { 
        "sourceAccount": "888801000003301",
        "sourceAccountName": "BRIAPI SANDBOX",
        "sourceAccountStatus": "Rekening Aktif",
        "sourceAccountBalace": "258544125122.98",
        "registrationStatus": "Rekening terdaftar an. bri",
        "beneficiaryAccount": "888801000157508",
        "beneficiaryAccountName": "BRIAPI SANDBOX 2",
        "beneficiaryAccountStatus": "Rekening Aktif"
  }
}

HTTP Request

GET https://sandbox.partner.api.bri.co.id/v2/transfer/internal/accounts?sourceaccount={{SOURCE_ACCOUNT}&beneficiaryaccount={{DESTINATION_ACCOUNT}}

Query Parameters

Parameter Type Max Char Mandatory Description
sourceaccount Numeric 15 Yes Source account that will be used in transfer. If the account length is less than 15, add 0 at the beginning
destinationaccount Numeric 15 Yes Destination account that will be used in transfer

Transfer

This endpoint is used to make fund transfer between two accounts. There is maximum total transaction limit and daily limit that will be set by BRI.

curl -X POST 'https://sandbox.partner.api.bri.co.id/v2/transfer/internal' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Signature: {{SIGNATURE}}' \
  -H 'BRI-Timestamp: {{TIMESTAMP}}' \
  -H 'Content-Type: application/json' \
  -d '{
    "NoReferral": "20180212002",
    "sourceAccount": "888801000157508",
    "beneficiaryAccount": "888801000003301",
    "Amount": "1000.00",
    "FeeType": "OUR",
    "transactionDateTime": "12-02-2018 10:18:00",
    "remark": "REMARK TEST"
}'
<?php
$noReff = "12313221";
$sourceAcc = "888801000157508";
$benefAcc = "888801000003301";
$amt="1000.00";
$feeType="OUR";
$trxDateTime="12-02-2019 15:08:00";
$remark="REMARK TEST";


$datas = array('NoReferral' => $noReff ,
 'sourceAccount' => $sourceAcc,
 'beneficiaryAccount' => $benefAcc,
 'Amount' => $amt,
 'FeeType' => $feeType,
 'transactionDateTime' => $trxDateTime,
 'remark' => $remark );

$payload = json_encode($datas, true);

$path = "/sandbox/v2/transfer/internal";
$verb = "POST";
$base64sign = generateSignature($path,$verb,$token,$timestamp,$payload,$secret);

$request_headers = array(
                    "Content-Type:"."application/json",
                    "Authorization:Bearer " . $token,
                    "BRI-Timestamp:" . $timestamp,
                    "BRI-Signature:" . $base64sign,
                );

$urlPost ="https://partner.api.bri.co.id/sandbox/v2/transfer/internal";
$chPost = curl_init();
curl_setopt($chPost, CURLOPT_URL,$urlPost);
curl_setopt($chPost, CURLOPT_HTTPHEADER, $request_headers);
curl_setopt($chPost, CURLOPT_POSTFIELDS, $payload);
curl_setopt($chPost, CURLINFO_HEADER_OUT, true);
curl_setopt($chPost, CURLOPT_RETURNTRANSFER, true);
$resultPost = curl_exec($chPost);
$httpCodePost = curl_getinfo($chPost, CURLINFO_HTTP_CODE);
curl_close($chPost);


$jsonPost = json_decode($resultPost, true);


echo "<br/> <br/>";
echo "Response Post : ".$resultPost;
?>

Example response:

{
  "responseCode": "0200",
  "responseDescription": "Payment Success",
  "errorDescription": "",
  "JournalSeq": "3289331"
}

HTTP Request

POST https://sandbox.partner.api.bri.co.id/v2/transfer/internal

Request Header

Key Value Mandatory
Content-Type application/json Yes

Request Body

Field Data Type Max Char Mandatory Description
NoReferral String 20 Yes Unique reference number from sender
sourceAccount String 15 Yes Source account
beneficiaryAccount String 15 Yes Destination account
Amount String 15 Yes Fund transfer amount, format must be #.##, example 10000.00 for ten thousands
FeeType String - Yes 1. OUR
Fee is charged to the sender (default)
2. BEN
Fee is charged to the recipient
3. SHA|1000
Fee is shared between sender and recipient, with sender is charged Rp 1.000,00 and the recipient will be charged the rest
transactionDateTime String 19 Yes Date and time of the transaction, format: dd-MM-yyyy HH:mm:ss
remark String 40 No Remark/transaction description)

Check Transfer Status

This endpoint is used to check the status of transfer transaction that has been made.

curl -X GET 'https://sandbox.partner.api.bri.co.id/v2/transfer/internal?noreferral=201802120002' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Signature: {{SIGNATURE}}' \
  -H 'BRI-Timestamp: {{TIMESTAMP}}'
<?php
$noRefferal = "201802120002";
$secret = "YOUR SECRET KEY";
$timestamp = gmdate("Y-m-d\TH:i:s.000\Z");
$token = $accesstoken;
$path = "/sandbox/v2/inquiry/".$NoRek;
$verb = "GET";
$body="";

$base64sign = generateSignature($path,$verb,$token,$timestamp,$body,$secret);

$urlGet ="https://sandbox.partner.api.bri.co.id/v2/transfer/internal?noreferral=".$noRefferal;
$chGet = curl_init();
curl_setopt($chGet,CURLOPT_URL,$urlGet);

$request_headers = array(
                    "Authorization:Bearer " . $token,
                    "BRI-Timestamp:" . $timestamp,
                    "BRI-Signature:" . $base64sign
                );
curl_setopt($chGet, CURLOPT_HTTPHEADER, $request_headers);
curl_setopt($chGet, CURLINFO_HEADER_OUT, true);


// curl_setopt($chGet, CURLOPT_CUSTOMREQUEST, "GET");  //for updating we have to use PUT method.
curl_setopt($chGet, CURLOPT_RETURNTRANSFER, true);

$resultGet = curl_exec($chGet);
$httpCodeGet = curl_getinfo($chGet, CURLINFO_HTTP_CODE);
// $info = curl_getinfo($chGet);
// print_r($info);
curl_close($chGet);

$jsonGet = json_decode($resultGet, true);

echo "<br/> <br/>";
echo "Response Get : ".$resultGet;
echo "<br/> <br/>";
?>

Example response:

{
  "responseCode": "0300",
  "responseDescription": "Cek Status sukses",
  "errorDescription": "",
  "Data": {
    "NoReferral": "20181230002",
    "journalSeq": "3289331",
    "internalTransferStatus": "Payment Success",
    "internalTransferErrorMessage": ""
  }
}

HTTP Request

GET https://sandbox.partner.api.bri.co.id/v2/transfer/internal?noreferral={{NO_REFERRAL}}

Query Parameters

Parameter Type Max Char Mandatory Description
noreferral String 20 Yes Unique reference number that was used on the transaction

Response

Field Data Type Mandatory Description
responseCode string Yes Response code
responseDescription string Yes Response code description
errorDescription string Yes Additional response description
NoReferral string Yes Reference number that was sent
journalSeq string Yes Transaction journal seq that was written in BRI system
internalTransferStatus string Yes Transaction status
internalTransferErrorMessage string Yes Transaction status description

General Errors

BRI uses conventional HTTP response codes to indicate the success or failure of an API request. In general: Codes in the 2xx range indicate success. Codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted, a charge failed, etc.). Codes in the 5xx range indicate an error with BRI's servers (these are rare).

Common Response Codes

Code Code Description
0001 Wrong message format
0005 Validasi Sukses
0007 Kode institusi kosong atau tidak valid
0008 Institusi tidak dikenali
0009 Key tidak boleh kosong
0010 IP address tidak diijinkan
0011 Rekening tidak terdaftar di rekening institusi
0012 Key SALAH. Mohon masukkan Key yang BENAR
99 API Service Maintenance
0100 Inquiry Success
0101 Inquiry Failed
0102 Inquiry Timeout
0103 Nomor Rekening asal/tujuan mengandung karakter bukan angka
0104 Data Inquiry ada yang kosong
0105 Nomor Rekening asal/tujuan harus IDR
0106 Nomor Rekening asal/tujuan tidak boleh kosong
0109 ID member/rekening peserta tidak ditemukan
0110 Kode cabang / rekening Institusi tidak ditemukan
0111 Nomor Rekening Tidak Terdaftar
0112 Nomor Refferal Tidak Terdaftar
0200 Payment Success
0201 Payment Failed
0202 Payment Timeout
0204 Data Payment ada yang kosong
0206 Amount mengandung karakter bukan angka
0207 Amount tidak boleh negatif atau 0
0208 Panjang Amount tidak sesuai
0209 Nomor Referral sudah pernah digunakan
0210 Nomor Referral tidak boleh kosong
0211 Remark tidak boleh kosong
0212 Tanggal transaksi tidak sesuai format yang ditentukan
0213 Jenis fee tidak boleh kosong
0300 Cek Status sukses
0304 Data Cek Status ada yang kosong
0307 No Referral tidak ditemukan
0308 Check Status gagal
1100 Cancel Success
1101 Cancel Failed
1102 Cancel Timeout
0900 Request Success
0901 Not a VA
0902 Request Timeout
0903 Not Found
0601 Beneficiary account must be a number
0602 Bank code/beneficiary account must not be empty
0603 Bank code must be a number
0604 Your IP & key has not been registered
0605 This feature cannot be used
0606 Transaction failed during standing mode
0607 Connection lost
0608 Transaction timeout
0609 Beneficiary account not found
0610 Transaction timeout
0611 Duplicate sequence transaction
0612 Debit account number not found
0613 Connection lost
0614 Insufficient balance
0615 Duplicate sequence transaction
0616 Transaction exceeds the limit
0617 Brinets connection is lost
0618 Close account number
0619 Passive account number
0620 Transaction is being processed
0701 Source account/beneficiary account must be a number
0702 Payment data must not be empty
0703 Amount must be a number
0704 Amount must be more than 0
0705 Reference number is already used
0706 Bank code must be a number
0707 Connection lost, didn't get any response. Please try again
0708 Incorrect beneficiary account name

Other Bank Fund Transfer

This API enables you to make fund transfer from BRI account to other bank account. The source account has to be your company account.

Account Validation

This endpoint is used to to validate destination account that will be used in transfer. Usually, it is called before making fund tranfer request to ensure the account are correct.

curl -X GET 'https://sandbox.partner.api.bri.co.id/v2/transfer/external/accounts?bankcode=014&beneficiaryaccount=12345678' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Signature: {{SIGNATURE}}' \
  -H 'BRI-Timestamp: {{TIMESTAMP}}'

Example response:

{
  "responseCode": "0600",
  "responseDescription": "Transaksi Anda Sukses",
  "Name": "DUMMY ACCOUNT"
}

HTTP Request

GET https://sandbox.partner.api.bri.co.id/v2/transfer/external?bankcode={{BANK_CODE}}&beneficiaryaccount={{BENEFICIARY_ACCOUNT}}

Query Parameters

Parameter Type Max Char Mandatory Description
bankcode Numeric 3 Yes Destination bank code
beneficiaryaccount Numeric - Yes Destination bank account number

Transfer

This endpoint is used to make fund transfer from BRI account to other bank account. There is maximum total transaction limit and daily limit that will be set by BRI. The source account cannot be virtual account.

curl -X POST 'https://sandbox.partner.api.bri.co.id/v2/transfer/external' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Signature: {{SIGNATURE}}' \
  -H 'BRI-Timestamp: {{TIMESTAMP}}' \
  -H 'Content-Type: application/json' \
  -d '{
    "noReferral":"20180212006",
    "bankCode":"014",
    "sourceAccount":"888801000003301",
    "beneficiaryAccount":"12345678",
    "beneficiaryAccountName":"DUMMY ACCOUNT",
    "Amount":"10002.00"
}'

Example response:

{
  "responseCode": "0700",
  "responseDescription": "Transaksi Anda Sukses",
  "errorDescription": "",
  "JurnalSeq": "0024473"
}

HTTP Request

POST https://sandbox.partner.api.bri.co.id/v2/transfer/external

Request Header

Key Value Mandatory
Content-Type application/json Yes

Request Body

Field Data Type Max Char Mandatory Description
NoReferral String 20 T Unique reference number from sender
bankCode Numeric 3 T Destination bank code
sourceAccount String 15 T Source account
beneficiaryAccount String 15 T Destination account
beneficiaryAccountName String 40 T Destination account name
Amount String 15 T Fund transfer amount, format must be #.##, example 10000.00 for ten thousands

List Bank Code

This endpoint is used to show bank code list that is available.

curl -X GET 'https://sandbox.partner.api.bri.co.id/v2/transfer/external/accounts' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Signature: {{SIGNATURE}}' \
  -H 'BRI-Timestamp: {{TIMESTAMP}}'

Example response:

{
  "responseCode": "00",
  "responseDescription": "SUCCESS",
  "errorDescription": "",
  "Data": [
    {
        "BankCode": "008",
        "Bankname": "BANK MANDIRI"
    }, {
        "BankCode": "009",
        "Bankname": "BANK BNI"
    }
  ]
}

HTTP Request

GET https://sandbox.partner.api.bri.co.id/v2/transfer/external/accounts

Direct Debit

Introduction

Thanks for considering BRI Direct Debit integration. This is our API specification to perform direct debit against our system.

The BRIAPI is organized around REST. Our API has predictable, and uses HTTP response codes to indicate API errors. We use built-in HTTP features, like HTTP authentication and HTTP verbs, which are understood by off-the-shelf HTTP clients. JSON is returned by all API responses, including errors.

To make the API as explorable as possible, accounts have test mode and live mode API keys. There is no "switch" for changing between modes, just use the appropriate key to perform a live or test transaction. Requests made with test mode credentials never hit the banking networks and incur no cost.

Be sure to contact your PIC to integrate with BRIAPI.

General Errors

BRI uses conventional HTTP response codes to indicate the success or failure of an API request. In general: Codes in the 2xx range indicate success. Codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted, a charge failed, etc.). Codes in the 5xx range indicate an error with BRI's servers (these are rare).

Some 4xx errors that could be handled programmatically (e.g., a card is declined) include an error code that briefly explains the error reported.

HTTP status code summary

HTTP Status Explanation
200 - OK Everything worked as expected.
400 - Bad Request The request was unacceptable, often due to missing a required parameter.
401 - Unauthorized No valid API key provided.
402 - Request Failed The parameters were valid but the request failed.
404 - Not Found The requested resource doesn't exist.
409 - Conflict The request conflicts with another request (perhaps due to using the same idempotent key).
429 - Too Many Requests Too many requests hit the API too quickly. We recommend an exponential backoff of your requests.
500, 502, 503, 504 - Server Errors Something went wrong on BRI's end. (These are rare.)

Common Error Codes

Status HTTP Status Code Code Description
Fail 400 0001 Wrong message format
Fail 400 0002 Missing BRI API Key in HTTP Header
Fail 400 0003 Invalid BRI API Key
Fail 400 0004 Your Public Key hasn't been registered
Fail 400 0005 BRI Public Key hasn't been created
Fail 400 0006 Invalid card token
Fail 400 0007 Missing Timestamp in HTTP Header
Fail 400 0008 Invalid Timestamp
Fail 400 0009 Missing Card Pan
Fail 400 0010 Missing Idempotency Key in HTTP Header
Fail 401 0601 Invalid Token
Fail 401 0602 Invalid Signature
Fail 401 0918 Invalid Passcode
Fail 401 0919 Error Validate OTP Passcode
Fail 401 0920 Expired OTP
Fail 401 0921 Send OTP Failed
Fail 401 0922 Invalid OTP Token

Key Points

Idempotent Requests

The API supports idempotency for safely retrying requests without accidentally performing the same operation twice. For example, if a request to create a charge fails due to a network connection error, you can retry the request with the same idempotency key to guarantee that only a single charge is created.

GET and DELETE requests are idempotent by definition, meaning that the same backend work will occur no matter how many times the same request is issued. You shouldn't send an idempotency key with these verbs because it will have no effect.

To perform an idempotent request, provide an additional Idempotency-Key: <key> header to the request.

How you create unique keys is up to you, but we suggest using V4 UUIDs or another appropriately random string. We'll always send back the same response for requests made with the same key.

Metadata

Updatedable BRI objects—including Payment Charge and Refund-have a metadata parameter. You can use this parameter to attach key-value data to these BRI objects.

Metadata is useful for storing additional, structured information on an object. As an example, you could store your user's full name and corresponding unique identifier from your system on a BRI Customer object. Metadata is not used by BRI—for example, not used to authorize or decline a charge—and won't be seen by your users unless you choose to show it to them.

Some of the objects listed above also support a reason parameter. You can use the reason parameter to annotate a charge—with, for example, a human-readable description like 2 shirts for test@example.com.

Do not store any sensitive information (personally identifiable information, card details, etc.) as metadata or in the reason parameter.

Note: You can specify up to 20 keys, with key names up to 40 characters long and values up to 500 characters long.

Request IDs

Each API request has an associated request identifier. You can find this value in the response headers, under Request-Id. If you need to contact us about a specific request, providing the request identifier will ensure the fastest possible resolution.

Fraudulent Checks

We will do fraudulent check against fraud transaction especially during payment charge and refund.

Preventing replay attacks

A replay attack is when an attacker intercepts a valid payload and its signature, then re-transmits them. To mitigate such attacks, BRI includes a timestamp in the response header header. Because this timestamp is part of the signed payload, it is also verified by the signature, so an attacker cannot change the timestamp without invalidating the signature. If the signature is valid but the timestamp is too old, you can have your application reject the payload.

Our systems have a default tolerance of one minutes between the timestamp and the current time. You can change this tolerance by providing an additional parameter when verifying signatures. We recommend that you use Network Time Protocol (NTP) to ensure that your server’s clock is accurate and synchronizes with the time on BRI’s servers.

BRI generates the timestamp and signature each time we send an event to your endpoint. If BRI retries an event (e.g., your endpoint previously replied with a non-2xx status code), then we generate a new signature and timestamp for the new delivery attempt.

Settlement and Reconciliation

BRI will produce Settlement Report for check transaction everyday. For future information about format please contact BRI Team.

Create Card Token (Binding) OTP

curl -X POST 'https://partner.api.bri.co.id/sandbox/v1/directdebit/tokens' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Timestamp: 2019-05-14T02:25:06.379Z' \
  -H 'Content-Type: application/json' \
  -H 'X-BRI-Signature: {{SIGNATURE}}' \
  -d '{
    "body": {
        "card_pan": "5221843000100021",
        "phone_number": "6285736330909",
        "email":"email"
    }
}'

The above command returns JSON structured like this:

{
    "body": {
        "status": "PENDING_USER_VERIFICATION",
        "token": "TOK_CBF6XTIWO4HKQ3LJ2QPAGW445LORLPF5"
    }
}

The Bind API verifies that the information provided by the customers matches the bank data.

HTTP Request

POST https://partner.api.bri.co.id/sandbox/v1/directdebit/tokens

Request Fields

Field Data type Mandatory Description
card_pan varchar(16) Y card number (4 digits)last number OR (16 digits) if have PCI DSS license
phone_number varchar(15) Y registered phone number on bank account. Example: 6281225088578
email varchar (50) Y User email
exp_date varchar(4) N expired date with format MMYY. Example "1219"
device_id varchar(55) N The device ID used by the user to make a payment
ktp_no varchar(16) N registered national id number on bank account
location JSON N The location when the token firstly binds
metadata JSON N Merchant metadata
otp_bri_status varchar(5) N "YES" or "NO" to use OTP from BRI, default "YES" for first binding"

Location Object

Field Data type Mandatory Description
lat varchar Y (if included) Location Latitude
lon varchar Y (if included) Location Longitude

Metadata Object

You can fill with your preferred internal data.

Response Fields

Field Data type Mandatory Description
lat varchar Y (if included) Location Latitude
lon varchar Y (if included) Location Longitude

Error Code

Error Code

Status HTTP Status Code Description
success 200 0000 binding success
fail 400 0101 card number not found
fail 400 0102 the expired date is incorrect
fail 400 0103 card was expired
fail 400 0104 phone number not registered
fail 400 0105 card status not activated
fail 400 0106 binding failed
fail 400 0107 Phone number is invalid
fail 400 0108 National Id Number not matched
fail 400 0109 Your card is blocked or disabled
fail 400 0110 Your card is already registered
fail 400 0405 account is frozen
fail 400 0406 account is closed
fail 400 0411 Passive account

Create Card Token (Binding) OTP Verify

curl -X PATCH 'https://partner.api.bri.co.id/sandbox/v1/directdebit/tokens' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Timestamp: 2019-05-14T02:25:06.379Z' \
  -H 'Content-Type: application/json' \
  -H 'X-BRI-Signature: {{SIGNATURE}}' \
  -d '{
    "body":{
        "registration_token": "TOK_TKNCPPPHUVL3IJVAXZI5GG4WBEC77YZ6::ADVQ",
        "passcode": "545195"
    }
}'

The above command returns JSON structured like this:

{
    "body": {
        "status": "0000",
        "phone_number": "6285641403241",
        "device_id": "09864ADCASA",
        "card_token": "card_.eyJleHAiOjE2ODU0OTExOTksImlhdCI6MTU0MDE5NjUwMCwiaXNzIjoiQmFuayBCUkkgLSBEQ0UiLCJqdGkiOiJhMGM2MjlhNS1hYWI5LTQ5OWMtODg5MS0yNzA1NDg3NGRmYWUiLCJuYmYiOjE1NDAxOTY1MDEsInBhcnRuZXJJZCI6Iu-_vSIsInNlcnZpY2VOYW1lIjoiRERfRVhURVJOQUxfU0VSVklDRSJ9.hceS_BQtzCIyMJCVMMvPWSfTvqIrW9TIL9arAUi95e-P6Kq9bvmQNuGLcfV6GLnQEc07fKF6IbaLLkUquEm2iDfsP1HMLv_crXiF9snwzqzTk5vJqYvLmRGDqhZk-tFw-MwX0NW-op2iyRUhwSTB7rCNVOyfeIGfif7dKpu2PdFT98VUimnsKRWqHjAR7uCVKXweDbfKVpLHpgcR914MvSthqt4a7eHzUxm6o6eqyjQjf_vkQi4Fl_iG98JOVuzVuXft5P50QKcKwAhnrIiGMC-Vd4DZWQ1rMVbx1iSLvGzBrR1xm3wIYYlmyR0pUVlDdGaE04N1Gz_dvcsgx15Ecw",
        "location": {
            "lat": "",
            "lon": ""
        },
        "last4": "1198",
        "email": "test@test.com",
        "metadata": {
            "example1": "example1"
        },
        "card_type": "PVRGLR",
        "limit_transaction": ""
    }
}

The Bind API verifies that the information provided by the customers matches the bank data. This endpoint is used to verify OTP from BRI.

HTTP Request

PATCH https://partner.api.bri.co.id/sandbox/v1/directdebit/tokens

Request Fields

Field Data type Mandatory Description
registration_token varchar(40) Y OTP string code that is to be verified with the passcode obtained by the user
passcode int(6) Y passcode that has been sent to the user

Response Fields

Field Data type Description
phone_number varchar(15) registered phone number on bank account. Example: 6281225088578
last4 varchar(4) Last 4 digit cards
device_id varchar(55) The device ID used by the user to make a payment
card_token Text token for validating your transaction and binding status
email varchar (50) User email
location JSON The location when the token firstly binds
metadata JSON Merchant metadata
card_type varchar(10) There are 6 card_type status: PVRGLR, PVGOLD, PVPLAT, RGLR, GOLD, PLAT

Error Code

Status HTTP Status Code Description
success 200 0000 binding success
fail 400 0603 Expired Card Token
fail 400 0918 Invalid Passcode
fail 400 0919 Error Validate OTP Passcode
fail 400 0920 Expired OTP
fail 400 0921 Send OTP Failed
fail 400 0922 Invalid OTP Token

Delete Card Token (Unbinding)

curl -X DELETE 'https://partner.api.bri.co.id/sandbox/v1/directdebit/tokens' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Timestamp: 2019-05-14T02:25:06.379Z' \
  -H 'Content-Type: application/json' \
  -H 'X-BRI-Signature: {{SIGNATURE}}' \
  -d '{
    "body":{
        "card_token": "card_.eyJleHAiOjE1ODkzNDk2ODgsImlhdCI6MTU1NzcyNzI4OCwiaXNzIjoiQmFuayBCUkkgLSBEQ0UiLCJqdGkiOiJhNTcxZDA3OC0xYmMyLTQ4NGUtOTQ2NC0yOGMzZmE2MWFhNGQiLCJwYXJ0bmVySWQiOiLvv70iLCJzZXJ2aWNlTmFtZSI6IkREX0VYVEVSTkFMX1NFUlZJQ0UifQ.EUOaGaCI6giha7GmRsycxMBrVXQgeF9cHfonXYZcT_3R3ykXw6PFOS9r32fMVP8al2lf26_Q6VIZ3sm71e7Sbd1KoigtGdcTPeJseSMMP190Ful_2DA2cRqhvN1dzJx-6keaG_AzLzo6sWMzuonQuR9tk-o5YMkGzfHJ-ZOS0zWvmN9lWRmvKlZPOBH_8Q430Yu5CeSjIF9ocfQQ6oguk_bXVRCX-4_u8WYISHrsatIeptBAADpQZktLpjBj0gXELwDed0PXQ4TeArcsUvj7d66hG8KPCuhCWa41JWnDxycqlJK_fldsnY0ewofkudSnSJzg5Nh0FILxl83bBPj4Pw"
    }
}'

The above command returns JSON structured like this:

{
    "body": {
        "status": "0000"
    }
}

Unbinding API is used to unbind user accounts

HTTP Request

DELETE https://partner.api.bri.co.id/sandbox/v1/directdebit/tokens

Request Fields

Field Data type Mandatory Description
card_token Text Y token for validating your transaction and binding status

Error Code

Status HTTP Status Code Description
success 200 0000 unbinding was success
fail 400 0201 unbinding was unsuccessful

Retrieve Payment Charges & Refunds

curl -X POST 'https://partner.api.bri.co.id/sandbox/v1/directdebit/charges/inquiry' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Timestamp: 2019-05-14T02:25:06.379Z' \
  -H 'Content-Type: application/json' \
  -H 'X-BRI-Signature: {{SIGNATURE}}' \
  -d '{
        "body" : {
            "payment_id": "657314642873",
            "remarks":"payment directlink",
            "metadata": {
                    "trx_id_pay": "0007654321"
                    }
            }
      }'

The above command returns JSON structured like this:

{
    "body": {
        "status": "0000",
        "amount": "50000.00",
        "currency": "IDR",
        "payment_id": "657314642873",
        "remarks_merchant": "payment directlink",
        "payment_status": "SUCCESS",
        "refund_history": [
            {
                "refund_id": "447343838470",
                "amount": "10000.00",
                "currency": "IDR",
                "reason": "incorrect stuff",
                "date": "2019-08-28T02:28:30.246199Z",
                "status": "SUCCESS",
                "device_id": "lg-lllll",
                "location": {
                    "lat": "",
                    "lon": ""
                },
                "metadata": {
                    "trx_id_ref": "000012345000"
                }
            }
        ],
        "device_id": "lg-lllll",
        "location": {
            "lat": "",
            "lon": ""
        },
        "metadata": {
            "trx_id_pay": "0007654321"
        }
    }
}

Inquiry Payment API is used displays all payment status that has been done.

HTTP Request

POST https://partner.api.bri.co.id/sandbox/v1/directdebit/charges/inquiry

How to query against custom data in payment?

You can also query metadata, in order to do that, please put metadata field on request field.

Request Fields

Field Data type Mandatory Description
payment_id varchar(15) Y payment_id from payment API respone
metadata JSON N Metadata object to be queried
remarks varchar(255) N remarks as payment markers. Example "payment directlink"

Response Fields

Field Data type Description
payment_id varchar(15) payment_id from payment API respone
amount number (2 Decimal Points) The amount of the bill paid by the user. Example 20000.00
currency varchar(3) Three-letter currency ISO code
payment_status varchar there are 2 payment status : SUCCESS, FAILED
remarks varchar(255) remarks as payment markers. Example "payment directlink"
refund_history JSON array refund history

Array Refund history

field Data type Description
refund_id varchar refund_id generated after transaction
amount number (2 Decimal Points) The amount of refund process. Example 20000.00
currency varchar(3) Three-letter ISO code for the currency. Currency used for payment
reason varchar reason refund
refund_date date date refund process ISO-8601 format
status varchar(255) there are 2 refund status : SUCCESS, FAILED

Error Code

Status HTTP Status Code Description
success 200 0000 inquiry payment was success
fail 400 0301 payment_id not found

Create Payment Charge OTP

curl -X POST 'https://partner.api.bri.co.id/sandbox/v1/directdebit/charges' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Timestamp: 2019-05-14T02:25:06.379Z' \
  -H 'Content-Type: application/json' \
  -H 'Idempotency-Key: 0.6434517166433735' \
  -H 'X-BRI-Signature: {{SIGNATURE}}' \
  -d '{
    "body":{
        "card_token":
        "card_.eyJleHAiOjE1ODkzNTA4NDEsImlhdCI6MTU1NzcyODQ0MSwiaXNzIjoiQmFuayBCUkkgLSBEQ0UiLCJqdGkiOiJlM2YzNTQxNC00MTc4LTRlYzgtYmY2Ny03MjI2MzkyNjY3YTciLCJwYXJ0bmVySWQiOiLvv70iLCJzZXJ2aWNlTmFtZSI6IkREX0VYVEVSTkFMX1NFUlZJQ0UifQ.PMuH4Fq9TkacFSQE2nwr-Dr7icRPlOOxYv2_XeoOjzidTm8dRwD9xy1lpvc_JJiUUQ_WFsL-o267BkL4tpnUWNxjA0ggnfsIsJQzZUSKtQYPozi7ZSLgV4VHOMqDJxBAFb-TeuNhN6obQBpsWBc4g3e0iOvEWKvk56AviR9Hs-CIQvqoYUEds8PgOyWCdbCnT76LLBzBWjML6JVXSMbtR-J3nDvE4ykq_ajDkgVeHbgFiTPiBtnsXVskbDGZMma1kVijr5GS4cxdqAq7xzYRnFpbVNHyxUrzVKYrGGgYoHM6K3-zM8wlhfHqssjyO86DyvdmfTF1398ZT-B8uv9zog",
        "amount":"25099.00",
        "currency":"IDR",
        "remarks":"Remakrs Merchant",
        "otp_bri_status": "YES",
        "metadata":{
            "trx_id":"12345687"
        }
    }
}'

The above command returns JSON structured like this:

{
    "body": {
        "charge_token": "CHARGE_M3AVZN3LQSX5Q3YZSUHDLT7UAUMANZAP",
        "status": "PENDING_USER_VERIFICATION"
    }
}

Create charge API is used for payment of direct link transactions based on card number via card_token acquired from binding process (create a card token).

Payments will fail in cases when: 1. Currency of transaction is not supported 2. Payment amount exceeded customer’s credit limit or insufficient funds in bank account (determined by bank) For any of the cases listed above, refund should not take place and funds should not move.

HTTP Request

POST https://partner.api.bri.co.id/sandbox/v1/directdebit/charges

Create charge API is used for payment of direct link transactions based on card number via card_token acquired from binding process (create a card token).

Payments will fail in cases when: 1. Currency of transaction is not supported 2. Payment amount exceeded customer’s credit limit or insufficient funds in bank account (determined by bank) For any of the cases listed above, refund should not take place and funds should not move.

This endpoint is used when using OTP from BRI.

Request Fields

Field Data type Mandatory Description
card_token Text Y token for validating your transaction and binding status
amount number (2 Decimal Points) Y The amount of the bill paid by the user. Example 20000.00
currency varchar(3) Y Three-letter ISO code for the currency. Currency will be used for charge payment
remarks varchar(255) N remarks as payment markers. Example "payment directlink"
device_id varchar(55) N The device ID used by the user to make a payment
location JSON N The charge payment location is performed
metadata JSON N Merchant metadata
otp_bri_status varchar(3) N Merchant metadata
Location Object
Field Data type Mandatory Description
lat varchar Y (if included) Location Latitude
lon varchar Y (if included) Location Longitude

Metadata Object

You can fill with your preferred internal data like this: javascript { ..., "metadata": { "transaction_id": "YOUR_TRANSACTION_IDS", "merchant_id": "YOUR_MERCHANT_IDS", "alipay_version": "" } }

Response Fields

Field Data type Description
status varchar(40) Pending User Verification
charge_token varchar(40) string code for verificaton OTP

Error Code

Status HTTP Status Code Description
success 200 0000 payment success
fail 400 0401 over limit
fail 400 0402 payment currency not supported
fail 400 0403 charge payment failed
fail 400 0404 insufficient balance
fail 400 0405 account is frozen
fail 400 0406 account is closed
fail 400 0109 Your card is blocked or disabled
fail 400 0111 Duplicate Idempotency Key

Create Payment Charge OTP Verify

curl -X POST 'https://partner.api.bri.co.id/sandbox/v1/directdebit/charges/verify' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Timestamp: 2019-05-14T02:25:06.379Z' \
  -H 'Content-Type: application/json' \
  -H 'X-BRI-Signature: {{SIGNATURE}}' \
  -d '{
    "body":{
        "card_token": "card_.eyJleHAiOjE1ODk0MjE0MzcsImlhdCI6MTU1Nzc5OTAzNywiaXNzIjoiQmFuayBCUkkgLSBEQ0UiLCJqdGkiOiIxMGI4M2U2Yy0zMmUxLTQxNDctYjI5My01OTg5YWU3Nzk5NTYiLCJwYXJ0bmVySWQiOiLvv70iLCJzZXJ2aWNlTmFtZSI6IkREX0VYVEVSTkFMX1NFUlZJQ0UifQ.MAdArs3zmCsehnWcwhA5m-fwCUory6oudxVtmMS9dC7bXCnRjq91AwRxBADjWLu2S6Ra_RxRAnHU03_H8QJclvLad9L6P-pqZX_pRKDPOI1Y_i0xVYOfc8ea6B2so1aEuvFoOQNFMbGSsaLz4JO-OuJ6EYfoApTFSMIKOh__jkcxcXqpM1sO3ZlkquXKGpx_zf87boVPNY58KbIPWgzCC-6V2Vxpm4DPGunKkEwVMz4z12vTTbv3Ph9rc1Gf0jRXw8b8wo3k2ZeVGoHwiKbyJ_8J7FTVxkm3funDpcQtPzFzgBMPRgWWtfT7IOZddrVwsFt9FKLUKLHTVyiu5R4ZYw",
        "charge_token":  "CHARGE_XEHK6S4SNTBRSTCFBDB65W3GHQXBEFI4::De5g",
        "passcode":"210074"
    }
}'

The above command returns JSON structured like this:

{
    "body": {
        "status": "0000",
        "payment_id": "175226995569",
        "amount": "20000.00",
        "currency": "IDR",
        "remarks": "payment",
        "device_id": "",
        "payment_status": "SUCCESS",
        "location": {
            "lat": "-6.21462",
            "lon": "106.84513"
        },
        "metadata": {
            "payment_id": "0984645728"
        }
    }
}

HTTP Request

POST https://partner.api.bri.co.id/sandbox/v1/directdebit/charges/verify

Verify charge API is used for verify OTP payment of direct link transactions based on card number via card_token acquired from binding process (create a card token) and OTP send to user.

Request Fields

Field Data type Mandatory Description
card_token Text Y token for validating your transaction and binding status
charge_token varchar(40) Y OTP string code that is to be verified with the passcode obtained by the user
passcode int(6) Y passcode that has been sent to the user

Response Fields

Field Data type Description
payment_id varchar payment id generate after transaction
amount number (2 Decimal Points) The amount of the bill paid by the user. Example 20000.00
currency varchar(3) Three-letter ISO code for the currency. Currency will be used for charge payment
payment_status varchar there are 2 payment status : SUCCESS, FAILED
remarks varchar(15) remarks as payment markers. Example "payment directlink"
device_id varchar(55) The device ID used by the user to make a payment
location JSON The charge payment location is performed
metadata JSON Merchant metadata

Error Code

Status HTTP Status Code Description
success 200 0000 payment success
fail 400 0918 Invalid Passcode
fail 400 0919 Error Validate OTP Passcode
fail 400 0920 Expired OTP
fail 400 0921 Send OTP Failed
fail 400 0922 Invalid OTP Token

Create Payment Refund

curl -X POST 'https://partner.api.bri.co.id/sandbox/v1/directdebit/refunds' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Timestamp: 2019-05-14T02:25:06.379Z' \
  -H 'Content-Type: application/json' \
  -H 'Idempotency-Key: 0.6434517166433735' \
  -H 'X-BRI-Signature: {{SIGNATURE}}' \
  -d '{
  "body": {
    "card_token": "card_.eyJleHAiOjE1ODMzOTM4OTIsImlhdCI6MTU1MTc3MTQ5MiwiaXNzIjoiQmFuayBCUkkgLSBEQ0UiLCJqdGkiOiIyNWQ4MWZmNy04NmY3LTQ5NWItYWUwNi04MTQ1ZGRlMTI1MmMiLCJwYXJ0bmVySWQiOiLvv70iLCJzZXJ2aWNlTmFtZSI6IkREX0VYVEVSTkFMX1NFUlZJQ0UifQ.tVaYUv8VZSbAr6_wQCDCQuGiD_5malWPu33RCTM9l1N0cGHTLO5Czh6SYGxT4tfFLRAesfNB1qBKtPc0SA_bMHkJDsQ8E68KPDpoIEkh33BxHrStrordGy6-De9jDKleHmz1qos4h0ZeYT-vetBjWkhugOZgYQBRJDKT0z7GhRa5MtkK8X4yV2zXypZiDy_AZd7TJH9AvMt5zH6duyfLDtfqf5DmS6gnG5DwbwLPSYm7WlTJ8UTh94kZjdQW-t-UEVHfatNyitayQmZVwRkWwz-TyUABzZWgRluu4Hfsp_jTydYr_yEhv0TE-CFCgP7RmDNJEqpQ2q4DXFtD3i3oOg",
    "amount":"500.00",
    "payment_id": "989453118305",
    "currency": "IDR",
    "reason": "DANAREFUND",
    "metadata": {
            "trx_id": "12345687"
        }
    }
}'

The above command returns JSON structured like this:

{
    "body": {
        "status": "0000",
        "refund_id": "6218763823",
        "payment_id": "89937492374",
        "amount": "20000.00",
        "currency": "IDR",
        "reason": "incorrect stuff",
        "refund_status": "SUCCESS",
        "device_id": "lg-lllll",
        "location": {
            "lat": "-6.21462",
            "lon": "106.84513"
        },
        "metadata": {
            "example1": "example1"
        }
    }
}

API refund is used to make a request for a refund of a previous payment

For refund scenarios, the original payment_id from the bank is required. Refunds will fail in cases when: 1. Bank payment_id provided is not valid 2. Total refund amount (cumulative against the transaction) have exceeded the original transaction amount.

HTTP Request

POST https://partner.api.bri.co.id/sandbox/v1/directdebit/refunds

Request Fields

Field Data type Mandatory Description
card_token Text Y token for validating your transaction and binding status
payment_id varchar(15) Y payment_id from payment API respone
amount number (2 Decimal Points) Y The amount of refund process. Example 20000.00
currency varchar(3) Y currency used for payment
reason text N the reason users do refund
device_id varchar(55) N The device ID used by the user to make a payment
location JSON N The refund location is performed
metadata JSON N Merchant metadata

Location Object

Field Data type Mandatory Description
lat varchar Y (if included) Location Latitude
lon varchar Y (if included) Location Longitude

Response Fields

Field Data type Description
refund_id varchar refund_id generated after transaction
payment_id varchar(15) payment_id from payment API respone
amount number (2 Decimal Points) The amount of refund process. Example 20000.00
fee number (2 Decimal Points) Fees paid for this transaction. Example 10000.00
currency varchar(3) Three-letter ISO code for the currency. Currency used for user refund
reason varchar(15) the reason users do refund
device_id varchar(55) The device ID used by the user to make a payment
location JSON The refund location is performed
metadata JSON Merchant metadata

Error Code

Status HTTP Status Code Description
success 200 0000 refund success
fail 400 0501 refund currency not supported
fail 400 0502 refund amount is greater than paid amount
fail 400 0503 refund payment failed
fail 400 0405 account is frozen
fail 400 0406 account is closed

BRIVA

This API enables you to use our virtual account service (BRIVA).

Create

This endpoint is used to create new virtual account.

curl -X POST 'https://sandbox.partner.api.bri.co.id/v1/briva' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Signature: {{SIGNATURE}}' \
  -H 'BRI-Timestamp: {{TIMESTAMP}}' \
  -H 'Content-Type: application/json' \
  -d '{
    "institutionCode": "J104408",
    "brivaNo": "77777",
    "custCode": "123456789115",
    "nama": "Septri Nur",
    "amount": "1000000",
    "keterangan": "",
    "expiredDate": "2017-09-10 09:57:26"
}'
<?php
$institutionCode = "J104408";
$brivaNo = "77777";
$custCode = "123456789115";
$nama="Septri Nur";
$amount="1000000";
$keterangan="";
$expiredDate="2017-09-10 09:57:26";

$datas = array('institutionCode' => $institutionCode ,
 'brivaNo' => $brivaNo,
 'custCode' => $custCode,
 'nama' => $nama,
 'amount' => $amount,
 'keterangan' => $keterangan,
 'expiredDate' => $expiredDate );

$payload = json_encode($datas, true);

$path = "/v1/briva";
$verb = "POST";
$base64sign = generateSignature($path,$verb,$token,$timestamp,$payload,$secret);

$request_headers = array(
                    "Content-Type:"."application/json",
                    "Authorization:Bearer " . $token,
                    "BRI-Timestamp:" . $timestamp,
                    "BRI-Signature:" . $base64sign,
                );

$urlPost ="https://sandbox.partner.api.bri.co.id/v1/briva";
$chPost = curl_init();
curl_setopt($chPost, CURLOPT_URL,$urlPost);
curl_setopt($chPost, CURLOPT_HTTPHEADER, $request_headers);
curl_setopt($chPost, CURLOPT_POSTFIELDS, $payload);
curl_setopt($chPost, CURLINFO_HEADER_OUT, true);
curl_setopt($chPost, CURLOPT_RETURNTRANSFER, true);
$resultPost = curl_exec($chPost);
$httpCodePost = curl_getinfo($chPost, CURLINFO_HTTP_CODE);
curl_close($chPost);


$jsonPost = json_decode($resultPost, true);


echo "<br/> <br/>";
echo "Response Post : ".$resultPost;
?>

Example response:

{
  "status": true,
  "responseDescription": "Success",
  "responseCode": "00",
  "data": {
    "institutionCode": "J104408",
    "brivaNo": "77777",
    "custCode": "123456789001",
    "nama": "Furkorsan",
    "amount": "1000000",
    "keterangan": "",
    "expiredDate": "2019-09-01 22:28:29"
  }
}

HTTP Request

POST https://sandbox.partner.api.bri.co.id/v1/briva

Query Parameters

Key Value Mandatory
Content-Type application/json Yes

Request Body

Field Data Type Max Char Mandatory Description
institutionCode String Yes This institution code will be given by BRI
brivaNo Numeric 5 Yes BRIVA number unique to your institution
custCode String 13 Yes Customer code generated by you, we recommend to use only 10 digits to enable pay BRIVA from another bank since the other 3 digits are needed for bank code
nama String 40 Yes Customer name for that BRIVA account number
amount Numeric Yes Amount for that BRIVA account
keterangan String Yes
expiredDate DateTime Yes Expiration date for that BRIVA account, format: yyyy-MM-dd HH:mm:ss

Get

This endpoint is used to get virtual account information that has been created.

curl -X GET 'https://sandbox.partner.api.bri.co.id/v1/briva/J104408/77777/123456789001' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Signature: {{SIGNATURE}}' \
  -H 'BRI-Timestamp: {{TIMESTAMP}}'
<?php
$institutionCode = "J104408";
$brivaNo = "77777";
$custCode = "123456789115";

$path = "/v1/briva/".$institutionCode."/".$brivaNo."/".$custCode;
$verb = "GET";
$base64sign = generateSignature($path,$verb,$token,$timestamp,$payload,$secret);

$request_headers = array(
                    "Authorization:Bearer " . $token,
                    "BRI-Timestamp:" . $timestamp,
                    "BRI-Signature:" . $base64sign,
                );

$urlPost ="https://sandbox.partner.api.bri.co.id/v1/briva/".$institutionCode."/".$brivaNo."/".$custCode;
$chPost = curl_init();
curl_setopt($chPost, CURLOPT_URL,$urlPost);
curl_setopt($chPost, CURLOPT_HTTPHEADER, $request_headers);
curl_setopt($chPost, CURLINFO_HEADER_OUT, true);
curl_setopt($chPost, CURLOPT_RETURNTRANSFER, true);
$resultPost = curl_exec($chPost);
$httpCodePost = curl_getinfo($chPost, CURLINFO_HTTP_CODE);
curl_close($chPost);


$jsonPost = json_decode($resultPost, true);


echo "<br/> <br/>";
echo "Response Post : ".$resultPost;
?>

Example response:

{
  "status": true,
  "responseDescription": "Success",
  "responseCode": "00",
  "data": {
    "BrivaNo": "77777",
    "CustCode": "12345678",
    "Nama": "DOREMI",
    "Keterangan": "OJK1",
    "Amount": "0",
    "statusBayar": "N",
    "expiredDate": null,
    "lastUpdate": null
  }
}

HTTP Request

GET https://sandbox.partner.api.bri.co.id/v1/briva/{{INSTITUTION_CODE}}/{{BRIVA_NO}}/{{CUSTOMER_CODE}}

URL Parameters

Field Data Type Max Char Mandatory Description
INSTITUTION_CODE String Yes This institution code will be given by BRI
BRIVA_NO Numeric 5 Yes Briva number unique to your institution
CUSTOMER_CODE String 13 Yes Customer code

Get Status

All BRIVA account have statusBayar or payment status. This endpoint is used to get the payment status from an existing BRIVA account.

curl -X GET 'https://sandbox.partner.api.bri.co.id/v1/briva/status/J104408/77777/123456789001' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Signature: {{SIGNATURE}}' \
  -H 'BRI-Timestamp: {{TIMESTAMP}}'
<?php
$institutionCode = "J104408";
$brivaNo = "77777";
$custCode = "123456789115";

$path = "/v1/briva/status/".$institutionCode."/".$brivaNo."/".$custCode;
$verb = "GET";
$base64sign = generateSignature($path,$verb,$token,$timestamp,$payload,$secret);

$request_headers = array(
                    "Authorization:Bearer " . $token,
                    "BRI-Timestamp:" . $timestamp,
                    "BRI-Signature:" . $base64sign,
                );

$urlPost ="https://sandbox.partner.api.bri.co.id/v1/briva/status/".$institutionCode."/".$brivaNo."/".$custCode;
$chPost = curl_init();
curl_setopt($chPost, CURLOPT_URL,$urlPost);
curl_setopt($chPost, CURLOPT_HTTPHEADER, $request_headers);
curl_setopt($chPost, CURLINFO_HEADER_OUT, true);
curl_setopt($chPost, CURLOPT_RETURNTRANSFER, true);
$resultPost = curl_exec($chPost);
$httpCodePost = curl_getinfo($chPost, CURLINFO_HTTP_CODE);
curl_close($chPost);


$jsonPost = json_decode($resultPost, true);


echo "<br/> <br/>";
echo "Response Post : ".$resultPost;
?>

Example response:

{
  "status": true,
  "responseDescription": "Success",
  "responseCode": "00",
  "data": {
    "statusBayar": "N"
  }
}

HTTP Request

GET https://sandbox.partner.api.bri.co.id/v1/briva/status/{{INSTITUTION_CODE}}/{{BRIVA_NO}}/{{CUSTOMER_CODE}}

URL Parameters

Field Data Type Max Char Mandatory Description
INSTITUTION_CODE String Yes This institution code will be given by BRI
BRIVA_NO Numeric 5 Yes BRIVA number unique to your institution
CUSTOMER_CODE String 13 Yes Customer code

Update Status

This endpoint is used to maintain payment status of an existing BRIVA account.

curl -X PUT 'https://sandbox.partner.api.bri.co.id/v1/briva/status' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Signature: {{SIGNATURE}}' \
  -H 'BRI-Timestamp: {{TIMESTAMP}}' \
  -H 'Content-Type: application/json' \
  -d '{
    "institutionCode": "J104408",
    "brivaNo": "77777",
    "custCode": "123456789001",
    "statusBayar": "N"
}'
<?php
$institutionCode = "J104408";
$brivaNo = "77777";
$custCode = "123456789115";
$statusBayar="N";

$datas = array('institutionCode' => $institutionCode ,
 'brivaNo' => $brivaNo,
 'custCode' => $custCode,
 'statusBayar' => $statusBayar );

$payload = json_encode($datas, true);

$path = "/v1/briva/status";
$verb = "PUT";
$base64sign = generateSignature($path,$verb,$token,$timestamp,$payload,$secret);

$request_headers = array(
                    "Content-Type:"."application/json",
                    "Authorization:Bearer " . $token,
                    "BRI-Timestamp:" . $timestamp,
                    "BRI-Signature:" . $base64sign,
                );

$urlPost ="https://sandbox.partner.api.bri.co.id/v1/briva/status";
$chPost = curl_init();
curl_setopt($chPost, CURLOPT_URL,$urlPost);
curl_setopt($chPost, CURLOPT_HTTPHEADER, $request_headers);
curl_setopt($chPost, CURLOPT_CUSTOMREQUEST, $verb);
curl_setopt($chPost, CURLOPT_POSTFIELDS, $payload);
curl_setopt($chPost, CURLINFO_HEADER_OUT, true);
curl_setopt($chPost, CURLOPT_RETURNTRANSFER, true);
$resultPost = curl_exec($chPost);
$httpCodePost = curl_getinfo($chPost, CURLINFO_HTTP_CODE);
curl_close($chPost);


$jsonPost = json_decode($resultPost, true);


echo "<br/> <br/>";
echo "Response Post : ".$resultPost;
?>

Example response:

{
  "status": true,
  "responseDescription": "Success",
  "responseCode": "00",
  "data": {
    "institutionCode": "J104408",
    "brivaNo": "77777",
    "custCode": "123456789001",
    "statusBayar": "N"
  }
}

HTTP Request

PUT https://sandbox.partner.api.bri.co.id/v1/briva/status

Request Header

Key Value Mandatory
Content-Type application/json Yes

Request Body

Field Data Type Max Char Mandatory Description
institutionCode String Yes This institution code will be given by BRI
brivaNo Numeric 5 Yes BRIVA number unique to your institution
custCode String 13 Yes Customer code
statusBayar string T Payment status, Y means it is already paid and N means it is not already paid

Update

This endpoint is used to update the detail of existing BRIVA account.

curl -X PUT 'https://sandbox.partner.api.bri.co.id/v1/briva' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Signature: {{SIGNATURE}}' \
  -H 'BRI-Timestamp: {{TIMESTAMP}}' \
  -H 'Content-Type: application/json' \
  -d '{
    "institutionCode": "J104408",
    "brivaNo": "77777",
    "custCode": "123456789001",
    "nama": "Furqon Haq",
    "amount": "232323",
    "keterangan": "",
    "expiredDate": "2019-09-10 09:57:26"
}'
<?php
$institutionCode = "J104408";
$brivaNo = "77777";
$custCode = "123456789115";
$nama="Septri Nur";
$amount="1000000";
$keterangan="";
$expiredDate="2017-09-10 09:57:26";

$datas = array('institutionCode' => $institutionCode ,
 'brivaNo' => $brivaNo,
 'custCode' => $custCode,
 'nama' => $nama,
 'amount' => $amount,
 'keterangan' => $keterangan,
 'expiredDate' => $expiredDate );

$payload = json_encode($datas, true);

$path = "/v1/briva";
$verb = "PUT";
$base64sign = generateSignature($path,$verb,$token,$timestamp,$payload,$secret);

$request_headers = array(
                    "Content-Type:"."application/json",
                    "Authorization:Bearer " . $token,
                    "BRI-Timestamp:" . $timestamp,
                    "BRI-Signature:" . $base64sign,
                );

$urlPost ="https://sandbox.partner.api.bri.co.id/v1/briva";
$chPost = curl_init();
curl_setopt($chPost, CURLOPT_URL,$urlPost);
curl_setopt($chPost, CURLOPT_HTTPHEADER, $request_headers);
curl_setopt($chPost, CURLOPT_CUSTOMREQUEST, $verb);
curl_setopt($chPost, CURLOPT_POSTFIELDS, $payload);
curl_setopt($chPost, CURLINFO_HEADER_OUT, true);
curl_setopt($chPost, CURLOPT_RETURNTRANSFER, true);
$resultPost = curl_exec($chPost);
$httpCodePost = curl_getinfo($chPost, CURLINFO_HTTP_CODE);
curl_close($chPost);


$jsonPost = json_decode($resultPost, true);


echo "<br/> <br/>";
echo "Response Post : ".$resultPost;
?>

Example response:

  {
    "status": true,
    "responseDescription": "Success",
    "responseCode": "00",
    "data": {
        "institutionCode": "J104408",
        "brivaNo": "77777",
        "custCode": "123456789001",
        "nama": "Furqon Haq",
        "amount": "232323",
        "keterangan": "",
        "expiredDate": "2017-09-10 09:57:26"
    }
  }

HTTP Request

PUT https://sandbox.partner.api.bri.co.id/v1/briva

Request Header

Key Value Mandatory
Content-Type application/json Yes

Request Body

Field Data Type Max Char Mandatory Description
institutionCode String Yes This institution code will be given by BRI
brivaNo Numeric 5 Yes BRIVA number unique to your institution
custCode String 13 Yes Customer code
nama String 40 Yes Customer name for that BRIVA account number
amount Numeric Yes Amount for that BRIVA account
keterangan String Yes
expiredDate DateTime Yes Expiration date for that BRIVA account, format: yyyy-MM-dd HH:mm:ss

Delete

This endpoint is used to delete existing BRIVA account

curl -X DELETE 'https://sandbox.partner.api.bri.co.id/v1/briva' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Signature: {{SIGNATURE}}' \
  -H 'BRI-Timestamp: {{TIMESTAMP}}' \
  -d 'institutionCode=J104408&brivaNo=77777&custCode=123456789001'
<?php
$institutionCode = "J104408";
$brivaNo = "77777";
$custCode = "123456789115";

$payload = "institutionCode=".$institutionCode."&brivaNo=".$brivaNo."&custCode=".$custCode;

$path = "/v1/briva";
$verb = "DELETE";
$base64sign = generateSignature($path,$verb,$token,$timestamp,$payload,$secret);

$request_headers = array(
                    "Content-Type:"."application/json",
                    "Authorization:Bearer " . $token,
                    "BRI-Timestamp:" . $timestamp,
                    "BRI-Signature:" . $base64sign,
                );

$urlPost ="https://sandbox.partner.api.bri.co.id/v1/briva";
$chPost = curl_init();
curl_setopt($chPost, CURLOPT_URL,$urlPost);
curl_setopt($chPost, CURLOPT_HTTPHEADER, $request_headers);
curl_setopt($chPost, CURLOPT_POSTFIELDS, $payload);
curl_setopt($chPost, CURLINFO_HEADER_OUT, true);
curl_setopt($chPost, CURLOPT_RETURNTRANSFER, true);
$resultPost = curl_exec($chPost);
$httpCodePost = curl_getinfo($chPost, CURLINFO_HTTP_CODE);
curl_close($chPost);


$jsonPost = json_decode($resultPost, true);


echo "<br/> <br/>";
echo "Response Post : ".$resultPost;
?>

Example response:

{
  "status": true,
  "responseDescription": "Success",
  "responseCode": "00",
  "data": {
    "institutionCode": "J104408",
    "brivaNo": "77777",
    "custCode": "123456789001"
  }
}

HTTP Request

DELETE https://sandbox.partner.api.bri.co.id/v1/briva

Request Body

Field Data Type Max Char Mandatory Description
institutionCode String Yes This institution code will be given by BRI
brivaNo Numeric 5 Yes BRIVA number unique to your institution
custCode String 13 Yes Customer code

Get Report

This endpoint is used to get all BRIVA account transaction history registered in your BRIVA number.

curl -X GET 'https://sandbox.partner.api.bri.co.id/v1/briva/report/J104408/77777/20190510/20190510' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Signature: {{SIGNATURE}}' \
  -H 'BRI-Timestamp: {{TIMESTAMP}}'
<?php
$institutionCode = "J104408";
$brivaNo = "77777";
$startDate = "20190510";
$endDate = "20190510";

$path = "/v1/briva/report/".$institutionCode."/".$brivaNo."/".$startDate."/".$endDate;
$verb = "GET";
$base64sign = generateSignature($path,$verb,$token,$timestamp,$payload,$secret);

$request_headers = array(
                    "Authorization:Bearer " . $token,
                    "BRI-Timestamp:" . $timestamp,
                    "BRI-Signature:" . $base64sign,
                );

$urlPost ="https://sandbox.partner.api.bri.co.id/v1/briva/report/".$institutionCode."/".$brivaNo."/".$startDate."/".$endDate;
$chPost = curl_init();
curl_setopt($chPost, CURLOPT_URL,$urlPost);
curl_setopt($chPost, CURLOPT_HTTPHEADER, $request_headers);
curl_setopt($chPost, CURLINFO_HEADER_OUT, true);
curl_setopt($chPost, CURLOPT_RETURNTRANSFER, true);
$resultPost = curl_exec($chPost);
$httpCodePost = curl_getinfo($chPost, CURLINFO_HTTP_CODE);
curl_close($chPost);


$jsonPost = json_decode($resultPost, true);


echo "<br/> <br/>";
echo "Response Post : ".$resultPost;
?>

Example response:

{
  "status": true,
  "responseDescription": "Success",
  "responseCode": "00",
  "data": [
    {
        "brivaNo": "77777",
        "custCode": "006224217245",
        "nama": "AULIA RIFQA PRATIWI",
        "keterangan": "",
        "amount": "5000000.00",
        "paymentDate": "2019-05-10 10:05:52.000",
        "tellerid": "8879965",
        "no_rek": "39101000322990"
    },
    {
        "brivaNo": "77777",
        "custCode": "5042301900012",
        "nama": "SUMARI",
        "keterangan": "",
        "amount": "160000.00",
        "paymentDate": "2019-05-10 10:05:31.000",
        "tellerid": "1104447",
        "no_rek": "39101000322990"
    }
  ]
}

HTTP Request

GET https://sandbox.partner.api.bri.co.id/v1/briva/report/{{INSTITUTION_CODE}}/{{BRIVA_NO}}/{{START_DATE}}/{{END_DATE}}

URL Parameters

Field Data Type Max Char Mandatory Description
INSTITUTION_CODE String Yes This institution code will be given by BRI
BRIVA_NO Numeric 5 Yes BRIVA number unique to your institution
START_DATE Date 8 Yes Start date, format: yyyyMMdd
END_DATE Date 8 Yes End date, format: yyyyMMdd

Get Report Time

This endpoint is used to get all BRIVA account transaction history registered by time in your BRIVA number.

curl -X GET 'https://sandbox.partner.api.bri.co.id/v1/briva/report_time/J104408/77777/2019-05-10/10:30/2019-05-10/10:30' \
  -H 'Authorization: Bearer {{TOKEN}}' \
  -H 'BRI-Signature: {{SIGNATURE}}' \
  -H 'BRI-Timestamp: {{TIMESTAMP}}'
<?php
$institutionCode = "J104408";
$brivaNo = "77777";
$startDate = "2019-05-10";
$endDate = "2019-05-10";
$startTime = "10:30";
$endTime = "10:30";

$path = "/v1/briva/report_time/".$institutionCode."/".$brivaNo."/".$startDate."/".$startTime."/".$endDate."/".$endTime;
$verb = "GET";
$base64sign = generateSignature($path,$verb,$token,$timestamp,$payload,$secret);

$request_headers = array(
                    "Authorization:Bearer " . $token,
                    "BRI-Timestamp:" . $timestamp,
                    "BRI-Signature:" . $base64sign,
                );

$urlPost ="https://sandbox.partner.api.bri.co.id/v1/briva/report_time/".$institutionCode."/".$brivaNo."/".$startDate."/".$startTime."/".$endDate."/".$endTime;
$chPost = curl_init();
curl_setopt($chPost, CURLOPT_URL,$urlPost);
curl_setopt($chPost, CURLOPT_HTTPHEADER, $request_headers);
curl_setopt($chPost, CURLINFO_HEADER_OUT, true);
curl_setopt($chPost, CURLOPT_RETURNTRANSFER, true);
$resultPost = curl_exec($chPost);
$httpCodePost = curl_getinfo($chPost, CURLINFO_HTTP_CODE);
curl_close($chPost);


$jsonPost = json_decode($resultPost, true);


echo "<br/> <br/>";
echo "Response Post : ".$resultPost;
?>

Example response:

{
  "status": true,
  "responseDescription": "Success",
  "responseCode": "00",
  "data": [
    {
        "brivaNo": "77777",
        "custCode": "006224217245",
        "nama": "AULIA RIFQA PRATIWI",
        "keterangan": "",
        "amount": "5000000.00",
        "paymentDate": "2019-05-10 10:05:52.000",
        "tellerid": "8879965",
        "no_rek": "39101000322990"
    },
    {
        "brivaNo": "77777",
        "custCode": "5042301900012",
        "nama": "SUMARI",
        "keterangan": "",
        "amount": "160000.00",
        "paymentDate": "2019-05-10 10:05:31.000",
        "tellerid": "1104447",
        "no_rek": "39101000322990"
    }
  ]
}

HTTP Request

GET https://sandbox.partner.api.bri.co.id/v1/briva/report_time/{{INSTITUTION_CODE}}/{{BRIVA_NO}}/{{START_DATE}}/{{START_TIME}}/{{END_DATE}}/{{END_TIME}}

URL Parameters

Field Data Type Max Char Mandatory Description
INSTITUTION_CODE String Yes This institution code will be given by BRI
BRIVA_NO Numeric 5 Yes BRIVA number unique to your institution
START_DATE Date 8 Yes Start date, format: yyyy-MM-dd
START_TIME Date 4 Yes Start date, format: HH:MM
END_DATE Date 8 Yes End date, format: yyyy-MM-dd
END_TIME Date 4 Yes End date, format: HH:MM

Payment Simulation

This simulation is used to simulate payment for BRIVA. First, you have to check BRIVA number its already paid or not. Then Input corporate code and customer code. Click "Check" button. It will show the data with Customer Name, Payment Status, Amount, etc. Input amount to pay and select payment channel. Payment will success if the amount to pay is equal to BRIVA amount and payment status is not already paid.

Nomor BRIVA :









Nama Customer :



Status Bayar :



Keterangan :



Jumlah Tagihan (Rp) :



Jumlah yg dibayarkan (Rp) :



Jenis Channel :







{{ paymentResult }}
(Click to Close)



Error Codes

Code Code Description
01 Nomor Briva tidak boleh kosong
02 Customer Code tidak boleh kosong
03 Institution Code tidak boleh kosong
05 Institution Code tidak diijinkan mengakses nomor Briva
10 Nama tidak boleh kosong
11 Amount tidak boleh kosong
13 Data customer sudah ada
14 Data customer tidak ditemukan
15 Gagal menyimpan data Customer
16 Gagal update data Briva
17 Gagal delete data Briva
20 Gagal update status bayar
21 Gagal mendapatkan data status bayar
30 Gagal mendapatkan data Briva
40 Gagal memproses request report Briva
99 General Error

BRIZZI

Introduction

BRIZZI API enables you to make a top up to BRIZZI card. BRIZZI consists of API and SDK. BRIZZI API endpoint is used in top up function. BRIZZI SDK is used for reading and writing to BRIZZI card, such as card balance inquiry, card transaction history, and update balance to card. Our SDK is only work for Android-based device.

Validate Card Number

This endpoint is used to validate whether the customer insert valid BRIZZI card number or not before doing top up.

curl -X POST 'https://sandbox.partner.api.bri.co.id/v1/brizzi/topup/checknum' \
    -H 'Authorization: Bearer {{TOKEN}}' \
    -H 'BRI-Signature: {{SIGNATURE}}' \
    -H 'BRI-Timestamp: {{TIMESTAMP}}' \
    -H 'Content-Type: application/json' \
    -d '{
        "username": "ucon123", 
        "card_number": "5123456789012345"
    }'

Example response:

{
    "status": {
        "code": "00",
        "desc": "SUCCESS"
    }
}

HTTP Request

POST https://sandbox.partner.api.bri.co.id/v1/brizzi/topup/checknum

Request Body

Field Data Type Max Char Mandatory Description
username String - Yes Username used on third party application
card_number Numeric 16 Yes Brizzi card number that will be topped up

Response Body

Field Data Type Max Char Mandatory Description
status
code String 2 Yes Response status code
desc String - Yes Response status description

Top Up

This endpoint is used to do top up Brizzi. Brizzi balance will be stored and updated on Brizzi backend. Update balance to card can be done using method Update Pending Balance through SDK.

curl -X POST 'https://sandbox.partner.api.bri.co.id/v1/brizzi/topup' \
    -H 'Authorization: Bearer {{TOKEN}}' \
    -H 'BRI-Signature: {{SIGNATURE}}' \
    -H 'BRI-Timestamp: {{TIMESTAMP}}' \
    -H 'Content-Type: application/json' \
    -d '{
        "username": "ucon123",
        "card_number": "5123456789012345",
        "amount": "100000",
        "reff_number": "100001"
    }

Example response:

{
    "status": {
        "code": "00",
        "desc": "SUCCESS"
    },
    "brizzi": {
        "amount": "100000",
        "pending_balance": "150000",
        "reff_number": "100001"
    }
}

HTTP Request

POST https://sandbox.partner.api.bri.co.id/v1/brizzi/topup

Request Body

Field Data Type Max Char Mandatory Description
username String - Yes Username used on third party application (used for reconciliation)
card_number Numeric 16 Yes Brizzi card number that will be topped up
amount Numeric 7 Yes Top up amount
reff_number String 30 Yes Reference number used for reconciliation

Response Body

Field Data Type Max Char Mandatory Description
status
code String 2 Yes Response status code
desc String - Yes Response status description
brizzi
amount Numeric 7 Yes Top up amount
pending_balance Numeric 7 Yes Pending balance stored in
reff_number String 30 Yes Reference number used for reconciliation

Check Top Up Status

This endpoint is used to do check Top Up status that has been done before. Usually it is called when you make Top Up request, but you didn't receive any response from our API.

curl -X POST 'https://sandbox.partner.api.bri.co.id/v1/brizzi/topup/checktrx' \
    -H 'Authorization: Bearer {{TOKEN}}' \
    -H 'BRI-Signature: {{SIGNATURE}}' \
    -H 'BRI-Timestamp: {{TIMESTAMP}}' \
    -H 'Content-Type: application/json' \
    -d '{
        "username": "ucon123",
        "card_number": "5123456789012345",
        "amount": "100000",
        "reff_number": "100001"
    }

Example response:

{
    "status": {
        "code": "00",
        "desc": "SUCCESS"
    },
    "brizzi": {
        "jenis_trx": "Top Up Pending"
    }
}

HTTP Request

POST https://sandbox.partner.api.bri.co.id/v1/brizzi/topup/checktrx

Request Body

Field Data Type Max Char Mandatory Description
username String - Yes Username used on third party application (used for reconciliation)
card_number Numeric 16 Yes Brizzi card number that will be topped up
amount Numeric 7 Yes Top up amount
reff_number String 30 Yes Reference number used for reconciliation

Response Body

Field Data Type Max Char Mandatory Description
status
code String 2 Yes Response status code
desc String - Yes Response status description
brizzi
jenis_trx String - Yes Transaction type

Error Codes

Code Code Description
51 Saldo Tidak Cukup
53 Rekening Tidak ditemukan
54 KARTU EXPIRED
62 KARTU TIDAK AKTIF
93 Duplicate Reff Number
94 Trx doesn't Exists
99 ERROR DLL
NF KARTU TIDAK TERDAFTAR
NV INVALID NUMERIC VALUE
OT MELEBIHI LIMIT TOPUP
OV MELEBIHI LIMIT KARTU
Q1 KONEKSI TERPUTUS
Q4 KONEKSI TIME OUT

Foreign Exchange

Currency Rate

This endpoint is used to get the telegraphic transfer currency rate at the moment the endpoint being called.

curl -X GET 'https://sandbox.partner.api.bri.co.id/v1/valas/getrate/USD/IDR' \
    -H 'Authorization: Bearer {{TOKEN}}' \
    -H 'BRI-Signature: {{SIGNATURE}}' \
    -H 'BRI-Timestamp: {{TIMESTAMP}}'

Example response:

{
    "status": true,
    "responseDescription": "Success",
    "responseCode": "001",
    "data": {
        "dealt_currency": "USD",
        "counter_currency": "IDR",
        "TT_buy": "14315.0000",
        "TT_sell": "14465.0000",
        "last_update": "5/16/2019 11:31:20 AM"
    }
}

HTTP Request

GET https://sandbox.partner.api.bri.co.id/v1/valas/getrate/{{DEALT_CURRENCY}}/{{COUNTER_CURRENCY}}

URL Parameters

Parameter Type Mandatory Description
dealt_currency String Yes ISO 4217 currency code (eg. USD, EUR, GBP)
counter_currency String Yes ISO 4217 currency code (IDR)

Forex Transaction

This endpoint is used to initiate forex transaction. This endpoint will return deal_number which needed to be brought to BRI branch to make the transaction.

curl -X POST 'https://sandbox.partner.api.bri.co.id/v1/valas/insert' \
    -H 'Authorization: Bearer {{TOKEN}}' \
    -H 'BRI-Signature: {{SIGNATURE}}' \
    -H 'BRI-Timestamp: {{TIMESTAMP}}' \
    -H 'Content-Type: application/json' \
    -d '{
    "counter_currency":"IDR",
    "dealt_currency":"USD",
    "dealt_amount":"4",
    "npwp":"111",
    "deal_type":"sell"
}'

Example response:

{
  "status": true,
  "responseCode": "001",
  "responseDescription": "Transaction Successful",
  "data": {
    "deal_number": "A0908444",
    "value_date": "9/20/2018",
    "deal_date": "9/20/2018",
    "rate": "13365.0000",
    "dealt_amount": "4",
    "dealt_currency": "USD",
    "counter_amount": "53460.0000",
    "expired_transaction": "2018-09-20T16:00:00"
  }
}

HTTP Request

POST https://sandbox.partner.api.bri.co.id/v1/transfer

Request Header

Key Value Mandatory
Content-Type application/json Yes

Request Body

Field Data Type Mandatory Description
counter_currency string Yes -
dealt_currency string Yes -
dealt_amount string Yes -
npwp string Yes -
deal_type string Yes buy or sell

Location

E-Channel

This endpoint is used to get BRI e-channel location.

curl -X GET "https://sandbox.partner.api.bri.co.id/v1/location/near/ATM/1/-6.30274/106.82163" \
    -H 'Authorization: Bearer {{TOKEN}}' \
    -H 'BRI-Signature: {{SIGNATURE}}' \
    -H 'BRI-Timestamp: {{TIMESTAMP}}'

Example response:

{
    "status": true,
    "responseDescription": "Successfully get near location of branches",
    "responseCode": 200,
    "data": [
        {
            "tid": "60082",
            "propinsi": "31",
            "kotakab": "74",
            "kecamatan": "04",
            "keldes": "1004",
            "last_update": "2018-06-13 13:14:24",
            "alamat": "Ragunan",
            "lokasi": "GTI RAGUNAN",
            "latitude": "-6.302728",
            "longitude": "106.8216047",
            "hari_operasional": "",
            "jam_operasional": "",
            "kodepos": ""
        },
        {
            "tid": "52031",
            "propinsi": "31",
            "kotakab": "74",
            "kecamatan": "04",
            "keldes": "1004",
            "last_update": "2018-06-13 12:26:36",
            "alamat": "Pusdiklat BRI Ragunan",
            "lokasi": "Ragunan",
            "latitude": "-6.3026571",
            "longitude": "106.8215477",
            "hari_operasional": "",
            "jam_operasional": "",
            "kodepos": ""
        }
    ]
}

HTTP Request

GET https://sandbox.partner.api.bri.co.id/v1/location/near/{{ECHANNEL_TYPE}}/{{MAX_DISTANCE}}/{{LATITUDE}}/{{LONGITUDE}}

URL Parameters

Parameter Type Mandatory Description
ECHANNEL_TYPE path Yes edc, atm, or crm
MAX_DISTANCE path Yes distance in kilometer (max 10 km)
LATITUDE path Yes -
LONGITUDE path Yes -

Branch

This endpoint is used to get BRI branch location.

curl -X GET "https://sandbox.partner.api.bri.co.id/v1/location/near/branch/1/-6.30274/106.82163" \
    -H 'Authorization: Bearer {{TOKEN}}' \
    -H 'BRI-Signature: {{SIGNATURE}}' \
    -H 'BRI-Timestamp: {{TIMESTAMP}}'

Example response:

{
  "status": true,
  "responseDescription": "Successfully get near location of branches",
  "responseCode": 200,
  "data": [
    {
      "id": "6755",
      "kanwil": "JAKARTA 2",
      "unit_kerja": "RAGUNAN",
      "unit_induk": null,
      "kanca_induk": "JAKARTA TB SIMATUPANG",
      "jenis_uker": "KK",
      "kode_uker": "1428",
      "dati2": "DKI Jakarta",
      "dati1": "Wil. Kota Jakarta Selatan",
      "alamat": "Komplek Pertokoan KSU Sejati Mulia, Jl. Ragunan B1, Pasar Minggu, Jakarta Selatan",
      "no_telp": "(021) 93742106",
      "no_fax": "(021) 7823181",
      "koordinat": "S6.30274 E106.82163",
      "latitude": "-6.30274",
      "longitude": "106.82163"
    },
    {
      "id": "6749",
      "kanwil": "JAKARTA 2",
      "unit_kerja": "KEMENTERIAN PERTANIAN",
      "unit_induk": null,
      "kanca_induk": "JAKARTA PASAR MINGGU",
      "jenis_uker": "KK",
      "kode_uker": "1237",
      "dati2": "DKI Jakarta",
      "dati1": "Wil. Kota Jakarta Selatan",
      "alamat": "Kanpus Dept Pertanian, Gedung F lt 1, Jl Harsono RM No 3, Ragunan, Jaksel",
      "no_telp": "(021) 78836105",
      "no_fax": "(021) 78835578",
      "koordinat": "S6.29610 E106.82258",
      "latitude": "-6.2961",
      "longitude": "106.82258"
    }
  ]
}

HTTP Request

GET https://sandbox.partner.api.bri.co.id/v1/location/near/branch/{{MAX_DISTANCE}}/{{LATITUDE}}/{{LONGITUDE}}

Query Parameters

Parameter Type Mandatory Description
MAX_DISTANCE path Yes distance in kilometer (max 10 km)
LATITUDE path Yes -
LONGITUDE path Yes -