NAV
HTTP cURL

Introduction

Overview of BCA Sandbox APIs:

Method Endpoint Usage
POST /api/oauth/token Get Access Token
GET /banking/v4/corporates/{CorporateID}/ accounts/{AccountNumber1},{AccountNumber2} ,…,{AccountNumber20} Get balance inquiry of maximum 20 account
GET /banking/v4/corporates/{CorporateID}/ accounts/{AccountNumber}/statements Get account statements of an account
POST /banking/corporates/transfers Fund Transfer to another BCA account
GET /banking/general/corporates/{CorporateID}/ accounts/{AccountNumber}/validation Validate account number by certain value
POST /ewallet/customers User registration
GET /ewallet/customers/{CompanyCode}/{PrimaryID} User Inquiry
PUT /ewallet/customers/{CompanyCode}/{PrimaryID} User Update
POST /ewallet/topup Top Up
GET /ewallet/topup/{CompanyCode}/{PrimaryID} Inquiry Top Up
GET /ewallet/transactions/{CompanyCode}/{PrimaryID} Transaction Inquiry
POST /ewallet/otp/generate/{TransactionType} Generate OTP
POST /ewallet/transfers Transfer Company Account
GET /ewallet/transfers/{CompanyCode}/{PrimaryID} Inquiry Transfer Company Account
POST /fire/accounts/balance Get FI’s balance information
POST /fire/accounts Get beneficiary account’s information
POST /fire/transactions Get status of a transaction
POST /fire/transactions/to-account Transfer funds directly to beneficiary account
GET /general/rate/forex Foreign Exchange Rate
GET /general/rate/deposit Deposit Rate
GET /general/info-bca/atm Nearest ATM Locator

Authorization

OAuth2.0

BCA APIs is using OAuth 2.0 as the authorization framework. To get the access token, you need to be authorized by client_id and client_secret. To learn more about the OAuth 2.0 authorization framework, you can read the RFC6749 Documentation.

Access Token

access_token is an opaque string token that identify the user of the API. This token is required each time an application call API. There are several way to obtain an access_token, which will be described bellow.

Obtaining Access Token

Access token can be obtained in many way, depend on the grant_type of the application. To access all the services in this sandbox, you will need the access token with grant_type = client_credentials.

Client Credentials Grant

client_credentials grant will provide application access to API without requiring any user credential. Any call requested using access_token obtained using this method are made on behalf of the application instead of the user.

This grant type is designed to be used by server to server call. In order to obtain access_token a request must be made with following specification

POST /api/oauth/token

Access Token Request:

POST /api/oauth/token HTTP/1.1
Host: https://api.finhacks.id
Authorization: Basic Base64(client_id:client_secret)
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
curl https://api.finhacks.id/api/oauth/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Authorization: Basic jk5ZTkyYzgtYzAzNC00YmNhLWE0OTAtYWM4NGI0YTZiMjQxOjNmYWIwNGI1LWM4ODctNGZmMi05OGNkLTE1YjJmYTcyNzA1NA==" \
-d "grant_type=client_credentials"

Sample Response:

{
    "access_token":"2YotnFZFEjr1zCsicMWpAA",
    "token_type":"Bearer",
    "expires_in":3600,
    "scope":"resource.WRITE resource.READ"
}

Request

Setting Value
HTTP Method POST
Path /api/oauth/token
Host https://api.finhacks.id

Request Headers

Name Format Mandatory
Authorization Basic base64(client_id:client_secret) Yes
Content-Type application/x-www-form-urlencoded Yes

Payload

Field Data Type Mandatory Description
grant_type String Yes value = client_credentials

Result of the request will contains following information:

Response

Field DataType Description
access_token String your access_token
token_type String default is Bearer
expires_in String access_token validity, in seconds
scope String application scope/permission granted to application

Signature

Signature is used by BCA to verify that your request is not altered by attackers.

The outline of the HMAC validation process is as follows:

  1. Retrieve Timestamp from HTTP Header (X-BCA-Timestamp)
  2. Retrieve the API Key form HTTP Header (X-BCA-Key)
  3. Lookup the API Secret corresponding to the received key in internal store
  4. Retrieve client HMAC from HTTP Header lowercase hexadecimal format (X-BCA-Signature)
  5. Calculate HMAC using the API Secret as the HMAC secret key
  6. Compare client HMAC with calculated HMAC

Signature mismatch error

{
    "ErrorCode" : "...",
    "ErrorMessage" : {
        "Indonesian": "HMAC tidak cocok",
        "English": "HMAC mismatch"
    }
}

If HMAC hash comparison is invalid API Gateway will return a HTTP 400 error code together with the following error message on JSON format:

POST Example:

Data :
- Method : POST
- Relative URL : /banking/corporates/transfers
- Access token : lIWOt2p29grUo59bedBUrBY3pnzqQX544LzYPohcGHOuwn8AUEdUKS
- Request body :
{ 
    "CorporateID" : "BCAAPI2016",
    "SourceAccountNumber" : "0201245680",
    "TransactionID" : "00000001",
    "TransactionDate" : "2016-01-30",
    "ReferenceID" : "12345/PO/2016",
    "CurrencyCode" : "IDR",
    "Amount" : "100000.00",
    "BeneficiaryAccountNumber" : "0201245681",
    "Remark1" : "Transfer Test",
    "Remark2" : "Online Transfer"
}
- Timestamp : 2016-02-03T10:00:00.000+07:00
- API Secret : 22a2d25e-765d-41e1-8d29-da68dcb5698b

- Signature : 69ad66589ade078a30922a0848725cf153aecfcca82eba94e3270285b4a9c604

GET Example:

Data:
- Method : GET
- Relative URL : /banking/v4/corporates/BCAAPI2016/accounts/0201245680/statements?StartDate=2016-09-01&EndDate=2016-09-01
- Access token : lIWOt2p29grUo59bedBUrBY3pnzqQX544LzYPohcGHOuwn8AUEdUKS
- Request body : 
- Timestamp : 2016-02-03T10:00:00.000+07:00
- API Secret : 22a2d25e-765d-41e1-8d29-da68dcb5698b

- Signature : 3ac124303746d222387d4398dddf33201a384aa22137aa08f4d9843c6f467a48

Generate Signature

SHA-256 HMAC is used to generate the signature with your API secret as the key.

Signature = HMAC-SHA256(apiSecret, StringToSign)

The StringToSign will be a colon-separated list derived from some request data as below:

StringToSign = HTTPMethod+":"+RelativeUrl+":"+AccessToken+":"+Lowercase(HexEncode(SHA-256(RequestBody)))+":"+Timestamp

‘HexEncode’ are optional to use, use it if the SHA-256 returns a binary stream.

Details about the data used to derived The StringToSign is explained in the next sections.

HTTP Method

Relative URL

Full URL Relative URL
https://example.com/api/v4/sample?param1=value1&param2=value2 /api/v4/sample?param1=value1&param2=value2
https://example.com or https://example.com/ /
  1. Do not URI-encode forward slash ( / ) if it was used as path component.
  2. Do not URI-encode question mark ( ? ), equals sign ( = ), and ampersand ( & ) if they were used as query string component: as separator between the path and query string, between query parameter and its value, and between each query parameter and value pairs.
  3. Do not URI-encode these characters: A-Z, a-z, 0-9, hyphen ( - ), underscore ( _ ), period ( . ), and tilde ( ~ ) which are defined as unreserved characters in RFC 3986.
    As for RFC 3986, means that comma ( , ) that appear in the value of query params or path params should be encoded too when generating Signature.
  4. Percent-encode all other characters not meeting the above conditions using the format: %XY, where X and Y are hexadecimal characters (0-9 and uppercase A-F).
    For example, the space character must be encoded as %20 (not using ’+’, as some encoding schemes do) and extended UTF-8 characters must be in the form %XY%ZA%BC. Example :
Relative URL URI encoded
/banking/v4/csample/value1,value2 /banking/v4/csample/value1%2Cvalue2
  1. Sorted by parameter name lexicographically
  2. If there are two or more parameters with the same name, sort them by parameter values. Example :
Relative URL Sorted Relative URL
/api/v4/sample?A-param=value1&Z-param=value2&B-param=value3 /api/v4/sample?A-param=value1&B-param=value3&Z-param=value2

AccessToken

RequestBody

An example request JSON body like below:

{
    "Test1" : "str Val",
    "Test2" : 1
 }

Will look like below after canonicalization has been performed:

{"Test1":"strVal","Test2":1}

Timestamp

The timestamp must be presented in ISO8601 format (yyyy-MM-ddTHH:mm:ss.SSSTZD)

Format Description
yyyy four-digit year
MM two-digit month (01=January, etc.)
dd two-digit day of month (01 through 31)
T literal ’T’ as date and time separator
HH two digits of hour (00 through 23) (am/pm NOT allowed)
mm two digits of minute (00 through 59)
ss two digits of second (00 through 59)
SSS three digits representing millisecond (000 through 999)
TZD time zone designator (+hh:mm or -hh:mm)

Signature How to:

No. Parameter Scenario (Simple request)
A HTTP Method get
B URL /banking/v4/corporates/BCAAPI2016/accounts/0201245680/statements?StartDate=2016-09-01&EndDate=2016-09-01
C Client ID b66925de-d8ec-476e-a170-6cf06c863b78
D Client Secret efc71ced-b0e7-4b47-8270-3c24829764aa
E API Key 34bec438-9911-494c-9e29-d0041f941eec
F API Key Secret 22a2d25e-765d-41e1-8d29-da68dcb5698b
G Access Token lIWOt2p29grUo59bedBUrBY3pnzqQX544LzYPohcGHOuwn8AUEdUKS
H Timestamp 2016-02-03T10:00:00.000+07:00
I Request Body empty
No. Action Result
J Examine HTTP Method
 upper(A)

GET
K Examine URI
 uri_encode(B)
 sort_lexicography(B)

/banking/v4/corporates/BCAAPI2016/accounts/0201245680/statements?StartDate=2016-09-01&EndDate=2016-09-01
/banking/v4/corporates/BCAAPI2016/accounts/0201245680/statements?EndDate=2016-09-01&StartDate=2016-09-01
L Examine Requst Body
 canonicalized(I)
 sha256(canonicalized(I))
 lower(sha256(canonicalized(I)))

“”
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
M Examine Timestamp
 to_char(H, 'YYYY-MM-DDThh:mm:ss.sssTZD’)

2016-02-03T10:00:00.000+07:00
N Construct String to Sign
 J +“:”+ K +“:”+ G +“:”+ L + “:” + M

GET:/banking/v4/corporates/BCAAPI2016/accounts/0201245680/statements?EndDate=2016-09-01&StartDate=2016-09-01:lIWOt2p29grUo59bedBUrBY3pnzqQX544LzYPohcGHOuwn8AUEdUKS:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:2016-02-03T10:00:00.000+07:00
No. Action Result
O Examine Hashing
 HMAC_SHA256(F,N)

3ac124303746d222387d4398dddf33201a384aa22137aa08f4d9843c6f467a48
Part Parameter Value
URI URI to call B
Header Authorization Bearer G
X-BCA-Key E
X-BCA-Signature O
X-BCA-Timestamp H
Body Body empty

Headers

To successfully communicate with BCA Banking API, you must provide the following headers in every API request:

Sample header request:

GET /general/rate/forex HTTP/1.1
Host: https://api.finhacks.id
Authorization: Bearer [access_token]
Content-Type: application/json
Origin: [yourdomain.com]
X-BCA-Key: [api_key]
X-BCA-Timestamp: [timestamp]
X-BCA-Signature: [signature]
curl "https://api.finhacks.id/general/rate/forex" \
-H "Authorization: Bearer [access_token]"\
-H "Content-Type: application/json"\
-H "Origin: [yourdomain.com]"\
-H "X-BCA-Key: [api_key]"\
-H "X-BCA-Timestamp: [timestamp]"\
-H "X-BCA-Signature: [signature]"
Name Type Description
Authorization alphanumeric OAuth2.0 Token Format value: Bearer {access_token}
Content-Type alphanumeric Content of your request body e.g. application/json
Origin url Origin domain e.g. yourdomain.com
X-BCA-Key alphanumeric Your API Key generated by BCA
X-BCA-Timestamp yyyy-MM-ddTHH:mm:ss.SSSTZD (ISO 8601) Timestamp generated by merchant in ISO 8601 e.g. “2017-04-29T09:54:00:234Z”
X-BCA-Signature alphanumeric Signature, please refer to Signature section

API Services

Business Banking

1. Balance Information

Get your KlikBCA Bisnis account balance information with maximum of 20 accounts in a request.

Your Request must contain following information:

GET /banking/v4/corporates/{CorporateID}/accounts/{AccountNumber}

Request:

GET /banking/v4/corporates/BCAAPI2016/accounts/0201245680,0063001004,1111111111 HTTP/1.1
Host: https://api.finhacks.id

Request URI

Field Data Type Mandatory Description
CorporateID String(10) Y Your KlikBCA Bisnis Corporate ID
AccountNumber String(10) Y Account(s) Number

Result of the request will contains following information:

Response:

{           
    "AccountDetailDataSuccess":[{           
        "AccountNumber": "0201245680",          
        "Currency": "IDR",          
        "Balance": "118849999.53",          
        "AvailableBalance": "118849999.53",         
        "FloatAmount": "0.00",          
        "HoldAmount": "0.00",           
        "Plafon": "0.00"            
        },{         
        "AccountNumber": "0063001004",          
        "Currency": "IDR",          
        "Balance": "69942987.27",           
        "AvailableBalance": "69942987.27",          
        "FloatAmount": "0.00",          
        "HoldAmount": "0.00",           
        "Plafon": "0.00"            
        },          
    ],          
    "AccountDetailDataFailed":[{            
        "English": "Invalid AccountNumber",         
        "Indonesian": "AccountNumber Tidak Valid",          
        "AccountNumber": "1111111111"           
        }
    ]
}       

Response

Field DataType Description
AccountDetail Data Success
AccountNumber String(10) Account Number
Currency String(3) Currency of the account (IDR, USD, etc)
Balance String(16) Balance of the account
AvailableBalance String(16) Available balance to be used. Format: Number, 13.2
FloatAmount String(16) Amount of deposit that is not effective yet (due to holiday, etc). Format: Number, 13.2
HoldAmount String(16) Hold amount that cannot be used. Format: Number, 13.2
Plafon String(16) Credit limit of the account. Format: Number, 13.2
AccountDetailDataFailed
English String(100) Error message in English
Indonesian String(100) Error message in Bahasa Indonesia
AccountNumber String(10) Account Number

2. Account Statement

Get your KlikBCA Bisnis account statement for a period up to 31 days.

Your Request must contain following information:

GET /banking/v4/corporates/{CorporateID}/accounts/
{AccountNumber}/statements?StartDate={StartDate}&EndDate={EndDate}

Request:

GET /banking/v4/corporates/BCAAPI2016/accounts/0201245680/statements?StartDate=2016-01-29&EndDate=2016-01-30 HTTP/1.1
Host: https://api.finhacks.id

Request URI & Query Parameters

Field DataType Mandatory Description
CorporateID String(10) Y Your KlikBCA Bisnis CorporateID
AccountNumber String(10) Y Account Number
StartDate String(10) Y Start Date of the account statement that you wants to get. Format: yyyy-MM-dd
EndDate String(10) Y End Date of the account statement that you wants to get. Format: yyyy-MM-dd

Result of the request will contains following information:

Response:

{
  "StartDate": "2016-01-29",
  "EndDate"   : "2016-02-01",
  "Currency" : "IDR",
  "StartBalance" : "1000000.00",
  "Data": [{
    "TransactionDate":"29/01",
    "BranchCode":"0000",
    "TransactionType":"D",
    "TransactionAmount":"9000000.00",
    "TransactionName":"TRSF E-BANKING DB",
    "Trailer":"3001/ACDFT/WS95051 9000000.00TEST REK KORAN DARI GIRO KE TAPRES 4SAMPLE CUST"
    },
    {
    "TransactionDate":"01/02",
    "BranchCode":"0000",
    "TransactionType":"D",
    "TransactionAmount":"10000.00",
    "TransactionName":"BA JASA E-BANKING",
    "Trailer":"3001/TRCHG/WS95051BIAYA TRANSFER SME"
    }
  ]
}

Response

Field DataType Description
StartDate String(10) Start Date of the account statement that you wants to get. Format: yyyy-MM-dd
EndDate String(10) End Date of the account statement that you wants to get. Format: yyyy-MM-dd. If the end date is not a working day, then end date will changed automatically to the next working day.
Currency String(3) Currency of the account (IDR, USD, etc)
StartBalance String(16) Balance of the account at the start date. Format: Number, 13.2
Data
TransactionDate String(5) Date of Transaction: (“dd/MM”): the date of transaction done “PEND”: Pending transaction
BranchCode String(4) Branch Code of the transaction
TransactionType String(1) Type of transaction:
“D”: Debit
“K”: Kredit (Credit)
TransactionAmount String(16) Amount of transaction. Format: Number, 13.2
TransactionName String(32) Name of Transaction
Trailer String(128) The Description of transaction

3. Online Transfer

You can send fund transfer instructions to BCA using this service. The source of fund transfer must be from your corporate’s own deposit account. The recipient may be any deposit account within BCA.

Your Request must contain following information:

POST /banking/corporates/transfers

Request:

POST /banking/corporates/transfers HTTP/1.1
Host: https://api.finhacks.id
{
    "CorporateID" : "BCAAPI2016",
    "SourceAccountNumber" : "0201245680",
    "TransactionID" : "00000001",
    "TransactionDate" : "2016-01-30",
    "ReferenceID" : "12345/PO/2016",
    "CurrencyCode" : "IDR",
    "Amount" : "100000.00",
    "BeneficiaryAccountNumber" : "0201245681",
    "Remark1" : "Transfer Test",
    "Remark2" : "Online Transfer"
}

Payload

Field DataType Mandatory Description
CorporateID String(10) Y Your KlikBCA Bisnis CorporateID
SourceAccountNumber String(10) Y Source of Fund Account Number
TransactionID String(8) Y Transcation ID unique per day (using UTC+07 Time Zone). Format: Number
Must be 8 in length
TransactionDate String(10) Y Transaction date. Format: yyyy-MM-dd
ReferenceID String(30) Y Sender’s transaction reference ID
CurrencyCode String(3) Y Currency Code (For now support only IDR)
Amount String(16) Y Transfer amount. Format: Number, 13.2
BeneficiaryAccountNumber String(10) Y BCA Account number to be credited (Destination)
Remark1 String(18) N Transfer remark for receiver
Remark2 String(18) N Transfer remark for receiver


Result of the request will contains following information:

Response:

{
    "TransactionID" : "00000001",
    "TransactionDate" : "2016-01-30",
    "ReferenceID" : "12345/PO/2016",
    "Status" : "Success"
}

Response

Field DataType Description
TransactionID String(8) Transaction ID unique per day. (Using UTC+07 Time Zone). Format: Number
TransactionDate String(10) Transcation date. Format: yyyy-MM-dd
ReferenceID String(30) Sender’s transaction reference ID
Status String(20) Transfer Status: “Success”

4. Account Name Validation

This service is used to validate the account name. The account number must belong to the specified corporate ID. This service will only return HTTP Code 200 for valid condition (no response payload).

GET /banking/general/corporates/{CorporateID}/accounts/{AccountNumber}/validation?Action={Action}&By={By}&Value={Value}

Request:

GET /banking/general/corporates/BCAAPI2016/accounts/0201245680/validation?Action=validate&By=name&Value=budi%20hutomo HTTP/1.1
Host: https://api.finhacks.id

Request URI & Query Parameters

Field DataType Mandatory Description
CorporateID String(10) Y Your KlikBCA Bisnis CorporateID
AccountNumber String(10) Y Account Number
Action String(20) Y Use “validate”
By String(20) Y Use “name”
Value String(30) Y Account name

E-Wallet

1. User Registration

This service is used to register customer wallet

POST /ewallet/customers

Request:

POST /ewallet/customers HTTP/1.1
Host: https://api.finhacks.id
{
    "CustomerName": "John Doe", 
    "DateOfBirth": "2000-05-20", 
    "PrimaryID": "081234567890", 
    "MobileNumber": "081234567890", 
    "EmailAddress": "user@bca.co.id", 
    "CompanyCode": "80173", 
    "CustomerNumber": "1111111112", 
    "IDNumber": "1234567890123456"
}

Request Payload

Field DataType Mandatory Description
CustomerName String(80) Yes Customer Name
DateOfBirth String(10) Yes Date of Birth (yyyy-MM-dd)
PrimaryID String(80) Yes Unique ID per customer from merchant system (Email or Mobile number or Customer number)
MobileNumber String(16) Yes Mobile number with country code or “0” prefixed, e.g. +6280000000000, 080000000000
EmailAddress String(80) No Email Address.
CompanyCode String(5) Yes Merchant Company Code generated by BCA (Number)
CustomerNumber String(18) Yes Unique number generated by merchant for balance topup using BCA virtual account system
IDNumber String(16) Yes Customer identifier number (KTP)

Response:

{
    "PrimaryID": "081234567890", 
    "CompanyCode": "80173"
}

Response Payload

Field DataType Description
PrimaryID String(80) Unique ID per customer from merchant system (Email or Mobile number or Customer number)
CompanyCode String(5) Merchant Company Code generated by BCA (Number)

2. User Inquiry

This service is used to show customer data and the amount of its balance.

GET /ewallet/customers/{CompanyCode}/{PrimaryID}

Request:

GET /ewallet/customers/80173/081234567890 HTTP/1.1
Host: https://api.finhacks.id

Request URI

Field DataType Mandatory Description
CompanyCode String(5) Yes Merchant Company Code generated by BCA (Number)
PrimaryID String(80) Yes Unique ID per customer from merchant system (Email or Mobile number or Customer number)

Response:

{
    "PrimaryID": "081234567890",
    "CustomerNumber": "10000", 
    "CurrencyCode": "IDR",
    "Balance": "10000.00",
    "CustomerName": "John Doe",
    "DateOfBirth": "2016-02-01",
    "MobileNumber": "081234567890",
    "EmailAddress": "customer@domain.com",
    "IDNumber": "1234567890123456"
}

Response Payload

Field DataType Description
PrimaryID String(80) Unique ID per Customer
CustomerNumber String(80) Unique number generated by merchant for balance topup using BCA virtual account system
CurrencyCode String(3) Currency code, e.g. IDR
Balance String(16) eWallet balance (Number, format:13.2). Maximum balance is decided by Business
CustomerName String(80) Customer Name
DateOfBirth String(10) Date of Birth (yyyy-MM-dd)
MobileNumber String(80) Mobile number with country code or “0” prefixed, e.g. +6280000000000, 080000000000
EmailAddress String(80) Email Address
IDNumber String(16) Customer identifier number (KTP)

3. User Update

This service is used to update customer data

PUT /ewallet/customers/{CompanyCode}/{PrimaryID}

Request:

PUT /ewallet/customers/80173/081234567890 HTTP/1.1
Host: https://api.finhacks.id
{
    "CustomerName": "John Doe", 
    "DateOfBirth": "2016-05-20", 
    "MobileNumber": "081234567890", 
    "EmailAddress": "user@bca.co.id", 
    "WalletStatus": "ACTIVE", 
    "IDNumber": "1234567890123456"
}

Request URI

Field DataType Mandatory Description
CompanyCode String(80) Yes Merchant Company Code generated by BCA (Number)
PrimaryID String(80) Yes Unique ID per customer from merchant system (Email or Mobile number or Customer number).

Request Payload

Field DataType Mandatory Description
CustomerName String(80) No Customer Name
DateOfBirth String(10) No Date of Birth (yyyy-MM-dd)
MobileNumber String(16) No Mobile number with country code or “0” prefixed, e.g +6280000000000, 080000000000
EmailAddress String(80) No Email Address
WalletStatus String(32) No Status wallet (ACTIVE / BLOCKED)
IDNumber String(16) Yes No KTP Customer (mandatory for SubAccount)

Response:

{
    "PrimaryID":"081234567890", 
    "CompanyCode":"80173"
}

Response Payload

Field DataType Description
PrimaryID String(80) Unique ID per customer from merchant system (Email or Mobile number or Customer number
CompanyCode String(5) Merchant Company Code generated by BCA (Number)

4. Top Up

This service is used to add funds to user e-wallet. Through the instruction of the e-wallet issuer

POST /ewallet/topup

Request:

POST /ewallet/topup HTTP/1.1
Host: https://api.finhacks.id
{
    "CompanyCode": "80173",
    "PrimaryID": "081234567890",
    "TransactionID": "TRX123456789012345", 
    "RequestDate": "2016-02-01T13:14:30.000+07:00", 
    "Amount": "10000.00",
    "CurrencyCode": "IDR"
}

Request Payload

Field DataType Mandatory Description
CompanyCode String(5) Yes Merchant Company Code generated by BCA (Number)
PrimaryID String(80) Yes Unique number generated by merchant for balance topup using BCA virtual account system
TransactionID String(18) Yes Transaction ID generated by merchant (must be unique)
RequestDate String(29) Yes Request Date of transaction (yyyy-MM-ddTHH:mm:ss.sssZ)
Amount String(16) Yes Amount of transaction (Number, format:13.2). According to regulation, maximum balance in a wallet is IDR 1000000
CurrencyCode String(3) Yes Currency (IDR)

Response:

{
    "CompanyCode": "80173",
    "TransactionID": "TRX123456789012345", 
    "BCAReferenceID": "11223344556677889900", 
    "TransactionDate": "2016-02-01T13:14:30.000+07:00"
}

Response Payload

Field DataType Description
CompanyCode String(5) Merchant Company Code generated by BCA (Number)
TransactionID String(18) TransactionID generated by merchant
BCAReferenceID String(40) Unique ID for top up transaction generated by BCA
TransactionDate String(29) Date of the transaction (yyyy-MM-ddTHH:mm:ss.sssZ)

5. Inquiry Top Up

This service is used to show top up data

GET /ewallet/topup/{CompanyCode}/{PrimaryID}?
TransactionID={TransactionID}&RequestDate={RequestDate}

Request:

GET /ewallet/topup/80173/081234567890?TransactionID=TRX123456789012345&RequestDate=2016-02-01 HTTP/1.1
Host: https://api.finhacks.id

Request URI

Field DataType Mandatory Description
CompanyCode String(5) Yes Merchant Company Code generated by BCA (Number)
PrimaryID String(80) Yes Unique ID per customer from merchant system (Email or Mobile number or Customer number)

Request Query Parameters

Field DataType Mandatory Description
TransactionID String(18) Yes Transaction ID generated by merchant (must be unique)
RequestDate String(29) Yes Request Date of transaction (yyyy-MM-dd)

Response:

{
    "CompanyCode": "80173",
    "TransactionID": "TRX123456789012345", 
    "BCAReferenceID": "201602010915111234500000009877", 
    "TransactionDate": "2016-02-01T13:14:30.000+07:00"
}

Response Payload

Field DataType Description
CompanyCode String(5) Merchant Company Code generated by BCA (Number)
TransactionID String(18) TransactionID generated by merchant
BCAReferenceID String(40) ReferenceID generated by BCA
TransactionDate String(29) Date of the transaction (yyyy-MM-ddTHH:mm:ss.sssZ)

6. Transaction Inquiry

This service is used to get the transaction list of a e-wallet user until 31 days behind. The maximum total of transactions returned is 10

GET /ewallet/transactions/{CompanyCode}/{PrimaryID}?StartDate={StartDate}&EndDate={EndDate}&LastAccountStatementID={LastAccountStatementID}

Request:

GET /ewallet/transactions/80173/081234567890?StartDate=2016-02-01&EndDate=2016-02-01&LastAccountStatementID=123455 HTTP/1.1
Host: https://api.finhacks.id

Request URI

Field DataType Mandatory Description
CompanyCode String(5) Yes Merchant Company Code generated by BCA (Number)
PrimaryID String(80) Yes Unique ID per customer from merchant system (Email or Mobile number or Customer number)

Request Query Parameters

Field DataType Mandatory Description
StartDate String(10) Yes Start Date of the transaction that you wants to get (yyyy-MM-dd)
EndDate String(10) Yes Start Date of the transaction that you wants to get (yyyy-MM-dd)
LastAccountStatementID String(18) No Last AccountStatement ID provided to get the older transaction history than ‘this’ Transaction ID (every request will display 10 transaction). If you do request for the first time, ignore this field

Response:

{
    "CompanyCode" : "80173",
    "PrimaryID" : "081234567890",
    "TotalTransactions": "2",
    "LastAccountStatementID" : "123455",
    "TransactionDetails":[{
        "TransactionID" : "TR12345",
        "AccountStatementID" : "123457",
        "TransactionDate" : "2016-02-01T13:13:13.000+07:00",
        "TransactionType" : "Payment",
        "Amount" : "5000.50",
        "CurrencyCode" : "IDR",
        "Description" : "Berita 1",
        "CurrentBalance" : "1000000.00"
        },
        {
        "TransactionID":"TR12346",
        "AccountStatementID" : "123456",
        "TransactionDate":"2016-02-01T13:13:14.000+07:00",
        "TransactionType":"Payment",
        "Amount":"7000.50",
        "CurrencyCode":"IDR",
        "Description":"Berita 2",
        "CurrentBalance":"994999.50" 
        }
  ]
}

Response Payload

Field DataType Description
CompanyCode String(5) Merchant Company Code generated by BCA (Number)
PrimaryID String(80) Unique ID per customer from merchant system (Email or Mobile number or Customer number)
TotalTransactions String(3) Total transaction between StartDate and EndDate. Maximum is 10
LastAccountStatementID String(18) Last Account Statemet ID provided to get the older transaction history than ‘this’ Transaction ID (every request will display 10 transaction)
TransactionDetails
TransactionID String(18) Transaction ID generated by merchant
AccountStatementID String(18) Account Statement ID from BCA
TransactionDate String(29) Date of the transaction, (yyyy-MM-ddThh:mm:ss.sssZ)
TransactionType String(50) Type of transaction (Payment, TopUp, etc.)
Amount String(16) Amount of transaction (Number, format:13.2)
CurrencyCode String(3) Currency, e.g. IDR
Description String(100) The description of transaction (if any)
CurrentBalance Number(16) End balance of each transaction

7. Generate OTP

This service is used to generate OTP.

POST /ewallet/otp/generate/cashout
Request:

POST /ewallet/otp/generate/cashout HTTP/1.1
Host: https://api.finhacks.id
{
    "CompanyCode": "80173",
    "CustomerNumber": "8220000835",
    "Amount": "100000.00"
}

Request URI

Field DataType Mandatory Description
TransactionType String(5) Yes Type of transaction (cashout, paymentedc)

Request Payload

Field DataType Mandatory Description
CompanyCode String(5) Yes Merchant Company Code generated by BCA (Number)
CustomerNumber String(18) Yes Unique number generated by merchant for balance topup using BCA virtual account system
Amount String(16) Yes Amount of transaction (Number, format:13.2). According to regulation, maximum balance in a wallet is IDR 1000000

Response:

{
    "CompanyCode": "80173",
    "CustomerNumber": "8220000835",
    "OTPCode": "224136",
    "ExpiredDate": "2016-11-21 11:17:12",
    "Amount": "100000.00"
}

Response Payload

Field DataType Description
CompanyCode String(5) Merchant Company Code generated by BCA (Number)
CustomerNumber String(80) Unique ID per customer from merchant system (Email or Mobile number or Customer number)
OTPCode String(6) Generated OTP
ExpiredDate String(20) Date of OTP expiration (YYYY-MM-DD HH:Mi:SS)
Amount String(16) Amount of transaction (Number, format:13.2). According to regulation, maximum balance in a wallet is IDR 1000000

8. Transfer Company Account

This service is used to transfer from sub account to company account.

POST /ewallet/transfers
Request:

POST /ewallet/transfers HTTP/1.1
Host: https://api.finhacks.id
{
    "CompanyCode": "80173",
    "PrimaryID": "0812345667890",
    "TransactionID": "TRX123456789012345",
    "RequestDate": "2016-02-01T13:14:30.000+07:00",
    "Amount": "10000.00",
    "CurrencyCode": "IDR"
}

Request Payload

Field DataType Mandatory Description
CompanyCode String(5) Yes Merchant Company Code generated by BCA (Number)
PrimaryID String(80) Yes Unique ID per customer from merchant system (Email or Mobile number or Customer number)
TransactionID String(18) Yes Transaction ID generated by merchant (must be unique)
RequestDate String(29) Yes Request Date of transaction (yyyy-MM-ddTHH:mm:ss.sssZ)
Amount String(16) Yes Amount of transaction (Number, format:13.2). According to regulation, maximum balance in a wallet is IDR 1000000
CurrencyCode String(3) Yes Currency (IDR)

Response:

{
    "CompanyCode": "80173",
    "TransactionID": "TRX123456789012345",
    "BCAReferenceID": "11223344556677889900",
    "TransactionDate": "2016-02-01T13:14:30.000+07:00"
}

Response Payload

Field DataType Description
CompanyCode String(5) Merchant Company Code generated by BCA (Number)
TransactionID String(18) TransactionID generated by merchant
BCAReferenceID String(40) Unique ID for top up transaction generated by BCA
TransactionDate String(29) Date of the transaction (yyyy-MM-ddTHH:mm:ss.sssZ)

9. Inquiry Transfer Company Account

This Service is used to inquiry transfer company account.

GET /ewallet/transfers/{CompanyCode}/{PrimaryID}?
TransactionID={TransactionID}&RequestDate={RequestDate}

Request:

GET /ewallet/transfers/80173/081234567890?TransactionID=TRX123456789012345&RequestDate=2016-02-01 HTTP/1.1
Host: https://api.finhacks.id

Request URI

Field DataType Mandatory Description
CompanyCode String(5) Yes Merchant Company Code generated by BCA (Number)
PrimaryID String(80) Yes Unique ID per customer from merchant system (Email or Mobile number or Customer number)

Request Query Parameters

Field Data Type Mandatory Description
TransactionID String(18) Yes Transaction ID generated by merchant (must be unique)
RequestDate String(29) Yes Date of the transaction (yyyy-MM-dd)

Response:

{
    "CompanyCode": "80173",
    "TransactionID": "TRX123456789012345", 
    "BCAReferenceID": "201602010915111234500000009877", 
    "TransactionDate": "2016-02-01T13:14:30.000+07:00"
}

Response Payload

Field DataType Description
CompanyCode String(5) Merchant Company Code generated by BCA (Number)
TransactionID String(18) TransactionID generated by merchant
BCAReferenceID String(40) ReferenceID generated by BCA
TransactionDate String(29) Date of the transaction (yyyy-MM-dd)

Fire

1. TeleTransfer to Account

Provides service transaction “Transaction to BCA’s Account” and also “Transfer to Other Bank”.

Yout request must contain following information:

POST /fire/transactions/to-account
Request:

POST /fire/transactions/to-account HTTP/1.1
Host: https://api.finhacks.id
{
    "Authentication":{
        "CorporateID":"ABNMAE",
        "AccessCode":"z2eWHxbYSLFE72UKugZJ",
        "BranchCode":"ABNMAE01",
        "UserID":"ABAEOPR1",
        "LocalID":"ABAECTR"
    },
    "SenderDetails":{
        "FirstName":"John",
        "LastName":"Doe",
        "DateOfBirth":"",
        "Address1":"HILLS STREET 1",
        "Address2":"",
        "City":"HOLLYWOOD",
        "StateID":"",
        "PostalCode":"",
        "CountryID":"US",
        "Mobile":"",
        "IdentificationType":"",
        "IdentificationNumber":"",
        "AccountNumber":""
    }, "BeneficiaryDetails":{
        "Name":"Sam",
        "DateOfBirth":"",
        "Address1":"",
        "Address2":"",
        "City":"",
        "StateID":"",
        "PostalCode":"",
        "CountryID":"ID",
        "Mobile":"",
        "IdentificationType":"",
        "IdentificationNumber":"",
        "NationalityID":"",
        "Occupation":"",
        "BankCodeType":"BIC",
        "BankCodeValue":"CENAIDJAXXX",
        "BankCountryID":"ID",
        "BankAddress":"",
        "BankCity":"",
        "AccountNumber":"010203040506"
    }, "TransactionDetails":{
        "CurrencyID":"IDR",
        "Amount":"1415001.00",
        "PurposeCode":"011",
        "Description1":"",
        "Description2":"",
        "DetailOfCharges":"SHA",
        "SourceOfFund":"",
        "FormNumber":"RT254 ID1"
    }
}

Payload

Field DataType Mandatory Description
Authentication
CorporateID String(6) Y Agent code used to connect to FIRe system
AccessCode String(20) Y Password that will be read by system for each transaction request
BranchCode String(8) Y FI branch code of API client
UserID String(12) Y User ID
LocalID String(15) Y Branch code from FI sub branch of API client
SenderDetails
FirstName String(35) Y Sender’s first name
lastName String(35) N Sender’s last name
DateOfBirth String(8) N Sender’s date of birth. Format : ddmmyyyy
Address1 String(35) Y Sender’s first address
Address2 String(35) N Sender’s second address
City String(18) Y Sender’s city
StateID String(2) N State ID
PostalCode String(10) N Sender’s postal code
CountryID String(2) Y Sender’s country initial code. Example: Indonesia = ID
Mobile String(20) N Sender’s mobile phone number
IdentificationType String(2) N Sender’s identity type. (PP = Passport, ID = Identity, DR = Dr. License)
IdentificationNumber String(24) N Sender’s identity number
AccountNumber String(34) N Sender’s account number
BeneficiaryDetails
Name String(35) Y Beneficiary’s name
DateOfBirth String(8) N Beneficiary’s date of birth. Format : ddmmyyyy
Address1 String(35) N Beneficiary’s first address
Address2 String(35) N Beneficiary’s second address
City String(35) N Beneficiary’s city
StateID String(2) N Beneficiary’s state ID
PostalCode String(10) N Beneficiary’s postal code
CountryID String(2) Y Beneficiary’s country initial code. Example : Indonesia = ID
Mobile String(20) N Beneficiary’s mobile phone number
IdentificationType String(2) N Beneficiary’s identity type. (PP = Passport, ID = identity, DR = Dr. License)
IdentificationNumber String(24) N Beneficiary’s identity number
NationalityID String(2) N Country initial code of beneficiary’s nationality. Example = Indonesia = ID
Occupation String(30) N Beneficiary occupation
BankCodeType String(3) Y Beneficiary’s SWIFT code type from PY04 table. (BIC, NID, CHP(CHIPS), ABA, NAM(NAME))
BankCodeValue String(23) Y Value of SWIFT Code
BankCountryID String(2) Y Beneficiary bank’s country code
BankAddress String(35) N Beneficiary bank’s address
BankCity String(35) N Beneficiary bank’s city
AccountNumber String(34) Y Beneficiary bank’s account number
TransactionDetails
CurrencyID String(3) Y Transaction currency between FI and FIRe based on contract (setting FI Country in TPS)
Amount String(20) Y Transaction nominal. Format: Number, 17.2
PurposeCode String(3) Y Transaction purpose:
011 EXPORT
012 IMPORT
030 BUSINESS/PRIVATE TRIP
040 EDUCATION
150 WORKER’S REMMITANCE
161 TAX AND FINE
162 GRANT
999 OTHERS
Description1 String(35) N First description
Description2 String(35) N Second description
DetailOfCharges String(3) Y Charges(SHA / OUR)
SourceOfFund String(100) N Source of transaction fund
FormNumber String(16) Y FI Ref (must be unique)


Result of the request will contains following information:

Response:

{
    "BeneficiaryDetails":
    {
        "Name":"Sam",
        "AccountNumber":"010203040506",
        "ServerBeneAccountName":"MARGARETH TACHER BINTI SOLOMON TITU"
    },
    "TransactionDetails":
    {
        "CurrencyID":"IDR",
        "Amount":"1415001.00",
        "PurposeCode":"011",
        "Description1":"",
        "Description2":"",
        "FormNumber":"RT254 ID1",
        "ReferenceNumber":"ABNMAE01000INA16040000198",
        "ReleaseDateTime":"2016-04-26T10:31:55+07:00"
    },
    "StatusTransaction":"0000",
    "StatusMessage":"Success"
}

Response

Field DataType Mandatory Description
StatusTransaction String(4) Y ResponseCode and Sub-ResponseCode of transaction
StatusMessage String(100) Y Description of StatusTransaction
BeneficiaryDetails
Name String(35) N Beneficiary’s name
AccountNumber String(34) N Beneficiary bank’s account number
ServerBeneAccountName String(35) N Name of beneficiary according to application (bank / switcher)
TransactionDetails
CurrencyID String(3) N Transaction currency between FI and FIRe based on contract (setting FI Country in TPS)
Amount String(20) N Transaction nominal. Format: Number 17.2
PurposeCode String(3) Y Transaction purpose:
011 EXPORT
012 IMPORT
030 BUSINESS/PRIVATE TRIP
040 EDUCATION
150 WORKER’S REMMITANCE
161 TAX AND FINE
162 GRANT
999 OTHERS
Description1 String(35) N First Description
Description2 String(35) N Second Description
FormNumber String(16) N FI Ref
ReferenceNumber String(25) N FI Ref
ReleaseDateTime String(24) N Transaction release time. Format : YYYY-MM-DDThh:mm:ssTZD

2. Inquiry Account

Provides service to Inquiry BCA’s Account name or Other Bank Switching’s Account name.

Your request must contain following information:

POST /fire/accounts
Request:

POST /fire/accounts HTTP/1.1
Host: https://api.finhacks.id
{
    "Authentication":{ 
        "CorporateID":"POSTID", 
        "AccessCode":"jSvazuvEnz2mavv1wj6L", 
        "BranchCode":"POSTID01", 
        "UserID":"OPRPOS1", 
        "LocalID":"2370000"
    }, 
    "BeneficiaryDetails":{
        "BankCodeType":"BIC", 
        "BankCodeValue":"CENAIDJAXXX", 
        "AccountNumber":"0106666011"
    } 
}

Payload

Field DataType Mandatory Description
Authentication
CorporateID String(6) Y Agent code used to connect to FIRe system
AccessCode String(20) Y Password that will be read by system for each transaction request
BranchCode String(8) Y FI branch code of API client
UserID String(12) Y User ID
LocalID String(15) Y Branch code from FI sub branch of API client
BeneficiaryDetails
BankCodeType String(3) Y Beneficiary’s SWIFT code type from PY04 table. (BIC, NID, CHP (CHIPS), ABA, NAM(NAME))
BankCodeValue String(23) Y
AccountNumber String(34) Y Beneficiary bank’s account number


Result of the request will contains following information:

Response:

{
    "BeneficiaryDetails":
    {
        "ServerBeneAccountName":"Sam"
    },
    "StatusTransaction":"0000",
    "StatusMessage":"Success"
}

Response

Field DataType Mandatory Description
StatusTransaction String(4) Y ResponseCode and Sub-ResponseCode of transaction
StatusMessage String(100) Y Description of StatusTransaction
BeneficiaryDetails
ServerBeneAccountName String(35) N Name of beneficiary according to application (bank / switcher)

3. Inquiry Account Balance

Provides service to Inquiry balance for Nostro’s Account.

Your request must contain following information:

POST /fire/accounts/balance
Request:

POST /fire/accounts/balance HTTP/1.1
Host: https://api.finhacks.id
{
    "Authentication":{
        "CorporateID":"POSTID", 
        "AccessCode":"jSvazuvEnz2mavv1wj6L", 
        "BranchCode":"POSTID01", 
        "UserID":"OPRPOS1", 
        "LocalID":"40115"

    },
    "FIDetails":{
        "AccountNumber":"0012323008"
    }
}

Payload:

Field DataType Mandatory Description
Authentication
CorporateID String(6) Y Agent code used to connect to FIRe system
AccessCode String(20) Y Password that will be read by system for each transaction request
BranchCode String(8) Y FI branch code of API client
UserID String(12) Y User ID
LocalID String(15) Y Branch code from FI sub branch of API Client
FIDetails
AccountNumber String(34) Y FI sender’s account number that registered in FIRe


Result of the request will contains following information:

Response:

{
    "FIDetails":{
        "CurrencyID": "IDR", 
        "AccountBalance": "205221361254.21"
    },
    "StatusTransaction": "0000",
    "StatusMessage": "Success"
}


Response

Field DataType Mandatory Description
StatusTransaction String(4) Y ResponseCode and Sub-ResponseCode of transaction
StatusMessage String(100) Y Description of StatusTransaction
FIDetails
CurrencyID String(3) Y FI sender’s currenct that registered in FIRe
AccountBalance String(20) Y FI sender’s account balance that registered in FIRe. Format : number(17.2)

4. Inquiry Transaction

Provides service to Inquiry Transaction that has been submitted before.

Your request must contain following information:

POST /fire/transactions
Request:

POST /fire/transactions HTTP/1.1
Host: https://api.finhacks.id
{
    "Authentication":{
        "CorporateID":"ABNMAE",
        "AccessCode":"z2eWHxbYSLFE72UKugZJ",
        "BranchCode":"ABNMAE01",
        "UserID":"ABAEOPR1",
        "LocalID":"LOCINQ"
    },
    "TransactionDetails":{
        "InquiryBy":"F",
        "InquiryValue":"CT17 IDR3A"
    }
}

Payload:

Field DataType Mandatory Description
Authentication
CorporateID String(6) Y Agent code used to connect to FIRe system
AccessCode String(20) Y Password that will be read by system for each transaction request
BranchCode String(8) Y FI branch code of API client
UserID String(12) Y User ID
LocalID String(15) Y Branch code from FI sub branch of API client
TransactionDetails
InquiryBy String(1) Y N : PIN NON
F : Form Number
B : BCARef Number
InquiryValue String(35) Y Value for PIN NON/Form Number/ BCARef Number


Result of the request will contains following information:

Response:

{
    "SenderDetails":
    {
        "FirstName":"John",
        "LastName":"Doe"
    },
    "BeneficiaryDetails":
    {
        "Name":"Dave",
        "BankCodeType":"BIC",
        "BankCodeValue":"CENAIDJAXXX",
        "AccountNumber":"0012323008"
    },
    "TransactionDetails":
    {
        "AmountPaid":"2110000.00",
        "CurrencyID":"IDR",
        "ReleaseDateTime":"2016-01-13T02:37:02+07:00",
        "LocalID":"EBNMEECT",
        "FormNumber":"CT17 IDR3A",
        "ReferenceNumber":"ABNMAE01000NON16010000120",
        "PIN":"0247986327",
        "Description1":"DNP1.3",
        "Description2":""
    },
    "StatusTransaction":"0003",
    "StatusMessage":"Ready to Encash"
}

Response

Field DataType Mandatory Description
StatusTransaction String(4) Y ResponseCode and Sub-ResponseCode of transction
StatusMessage String(100) Y Description of StatusTransaction
SenderDetails
FirstName String(35) N Sender’s first name
LastName String(35) N Sender’s last name
BeneficiaryDetails
Name String(35) N Beneficiary’s name
BankCodeType String(3) N Beneficiary’s SWIFT code type from PY04 table. (BIC, NID, CHP(CHIPS), ABA, NAM(NAME))
BankCodeValue String(23) N Value for SWIFT code type
AccountNumber String(34) N Beneficiary bank’s account number
TransactionDetails
AmountPaid String(20) N Transaction value.
Format: Number(17.2)
CurrencyID String(3) N Currency code
ReleaseDateTime String(24) N Transaction request time by FI
LocalID String(15) N Local ID of Last Processed Non-Inquiry Transaction
FormNumber String(16) N FI Ref
ReferenceNumber String(25) N Ref number FI/BCA
PIN String(35) N Personal Identification Number for encashment
Description1 String(35) N First Description
Description2 String(35) N Second description

Status Transaction

Here is the list of Status Transaction codes that can be returned in success response.

HTTP Code StatusTransaction StatusMessage
200 0000 Success
200 0001 Credited to Beneficiary account
200 0002 Send to other bank
200 0004 Pending by system

General Information

1. Foreign Exchange Rate

Get information about Foreign Exchange Rate for applicable currencies in BCA. The exchange rate are divide into four types eRate, TT(Telegrafic Transfer), TC (Travellers Cheque) and BN (Bank Notes).

GET /general/rate/forex?CurrencyCode={CurrencyCode}&RateType={RateType}

Request:

GET /general/rate/forex?CurrencyCode=USD,JPY,XXX&RateType=erate,tt,yy HTTP/1.1
Host: https://api.finhacks.id
curl "https://api.finhacks.id/general/rate/forex?CurrencyCode=USD,JPY,XXX&RateType=erate,tt,yy" \ 
-H "Authorization: Bearer [access_token]"\
-H "Content-Type: application/json"\
-H "Origin: [yourdomain.com]"\
-H "X-BCA-Key: [api_key]"\
-H "X-BCA-Timestamp: [timestamp]"\
-H "X-BCA-Signature: [signature]"

Query Parameters:

Field DataType Mandatory Description
CurrencyCode String N The Know currency code. For multiple currencies use comma separated.

Following are the known foreign currency in BCA.

AUD - Australia Dollar
BND - Bruneian Dollar
CAD - Canadian Dollar
CHF - Francs
CNY - China Yuan
DKK - Danish Krone
EUR - Euro
GBP - Great Britain Poundsterling
HKD - Hongkong Dollar
JPY - Japan Yen
KRW - Korea Won
NOK - Norwegian Krone
NZD - New Zealand Dollar
PHP - Phillipine Peso
SAR - Saudi Riyal
SEK - Swedish Krona
SGD - Singapore Dollar
THB - Thailand Baht
TWD - Taiwan Dollar
USD - US Dollar


If the field was left empty, it will considered as “all know currencies”.
RateType String Y The type for the desired rate.
eRate (electronic Rate)
TT (Telegrafic Transfer)
TC (Travellers Cheque)
BN (Bank Notes)


If the field was left empty, it will considered as “all rate type”.

Response:

{
    "Currencies": 
    [{
            "CurrencyCode":"USD",
            "RateDetail":
            [{
                "RateType":"erate",
                "Buy":"17000.00",
                "sell":"17500.00",
                "LastUpdate":"2015-09-04T19:45:44.143+07.00"
            },{
                "RateType":"tt",
                "Buy":"12000.00",
                "sell":"12300.00",
                "LastUpdate":"2015-08-26T19:10:31.001+07.00"
            }]
        },{
            "CurrencyCode":"JPY",
            "RateDetail":
            [{
                "RateType":"erate",
                "Buy":"121.00",
                "sell":"122.00",
                "LastUpdate":"2015-09-04T19:45:44.587+07.00"
            },{
                "RateType":"tt",
                "Buy":"-",
                "sell":"-",
                "LastUpdate":"-"
            }]
        }
    ],
    "InvalidRateType":"yy",
    "InvalidCurrencyCode":"xxx"
}

Result of the request will contains following information:

Response

Field DataType Description
InvalidRateType String If the request contains valid and invalid rate types in single request, the invalid rate will be list down in this field.
InvalidCurrencyCode String If the request contains valid and invalid currency code in single request, the invalid currency code will be list down in this field.
Currencies
CurrencyCode String(3) The currency code.
e.g. IDR, USD, JPY
RateDetail
RateType String(5) Must be among erate, tt, tc, bn.
Buy String(13) In format 6.6.
When the currency has no value for this field, it will be set to "-".
Sell String(13) In format 6.6.
When the currency has no value for this field, it will be set to "-".
LastUpdate String(19) In format YYYY-MM-DDTHH24:Mi:SS.SSSZ.
When the currency has no value for this type, it will be set to "-".






2. Deposit Rate

GET /general/rate/deposit

Request:

GET /general/rate/deposit HTTP/1.1
Host: https://api.finhacks.id
curl "https://api.finhacks.id/general/rate/deposit" \
-H "Authorization: Bearer [access_token]"\
-H "Content-Type: application/json"\
-H "Origin: [yourdomain.com]"\
-H "X-BCA-Key: [api_key]"\
-H "X-BCA-Timestamp: [timestamp]"\
-H "X-BCA-Signature: [signature]"

Response:

{
    "Date": 2016-06-09,
    "Description1": "SUKU BUNGA BCA DEP RP BERLAKU MULAI 24 APRIL 2009",
    "Description2": "SUKU BUNGA BCA DEP USD BERLAKU MULAI 1 APRIL 2009",
    "Description3": "TGKT BUNGA YG WAJAR YG DIJAMIN LPS UTK PERIODE 15 APR 2009 S/D 14 MEI 2009",
    "OutputData": [{
        "ProductCode": "014",
        "ProductName": ">= RP 25 MILYAR",
        "Month01": "6,25",
        "Month03": "6,25",
        "Month06": "6,25",
        "Month12": "6,25"
    },
    {
        "ProductCode": "016",
        "ProductName": "<= USD 200.000",
        "Month01": "0,20",
        "Month03": "0,20",
        "Month06": "0,20",
        "Month12": "0,35"
    },
    {
        "ProductCode": "017",
        "ProductName": ">  USD 200.000",
        "Month01": "0,40",
        "Month03": "0,40",
        "Month06": "0,40",
        "Month12": "0,40"
    }
    ]
}

This service offer real-time deposit rate for BCA products.

Response

Field DataType Description
Date String(9) six-digit last update date yyyy-MM-dd (ISO8601)
Description1 String(100) Description 1
Description2 String(100) Description 2
Description3 String(100) Description 3
OutputData
ProductCode String(3) Product code for deposit rate
ProductName String(20) Product name of deposit rate
Month01 String(4) Deposit rate for one month
Month03 String(4) Deposit rate for three month
Month06 String(4) Deposit rate for six month
Month12 String(4) Deposit rate for one year

















3. Nearest ATM Locator

This service offer location of nearest BCA’s ATM Locator based current location.

GET /general/info-bca/atm
Request:

GET /general/info-bca/atm?SearchBy=Distance&Latitude=-6.19548498&Longitude
=106.8214047&Count=3&Radius=2000 HTTP/1.1
Host: https://api.finhacks.id
curl "https://api.finhacks.id/general/info-bca/atm?SearchBy=Distance&Latitude=-6.1900718&Longitude=106.797190&Count=3&Radius=20" \
-H "Authorization: Bearer [access_token]"\
-H "Content-Type: application/json"\
-H "Origin: [yourdomain.com]"\
-H "X-BCA-Key: [api_key]"\
-H "X-BCA-Timestamp: [timestamp]"\
-H "X-BCA-Signature: [signature]"

Query String Parameters

Field DataType Mandatory Description
SearchBy String(8) Y Use “Distance”
Latitude String(12) Y Current location’s latitude
Longitude String(12) Y Current location’s longitude
Count String(2) N Number of ATMs want to be displayed.Max 20, if not entered, will show 10 ATMs
Radius String(5) Y Set maximum distance range to find the closest ATM in meter

Response:

{
    "ErrorSchema": {
        "ErrorCode": "ESB-00-000",
        "ErrorMessage": {
            "Indonesian": "Berhasil",
            "English": "Success"
        }
    },
    "OutputSchema": {
        "ATMDetails": [
            {
                "Type": "ANT",
                "Address": "Grand Indonesia Lt.3 Jl. MH Thamrin, Jakarta",
                "City": "Jakarta Pusat",
                "Country": "INDONESIA",
                "Latitude": "-6.1954849",
                "Longitude": "-6.1954849",
                "Distance": "0.008895594077501984"
            },
            {
                "Type": "ANT",
                "Address": "Jl. MH Thamrin Kav 28-30 Jakarta",
                "City": "Jakarta Pusat",
                "Country": "INDONESIA",
                "Latitude": "-6.1960534",
                "Longitude": "-6.1960534",
                "Distance": "68.1441786476008"
            },
            {
                "Type": "ANT",
                "Address": "Grand Indonesia Lt.3 Jl. MH Thamrin, Jakarta",
                "City": "Jakarta Pusat",
                "Country": "INDONESIA",
                "Latitude": "-6.1959409",
                "Longitude": "-6.1959409",
                "Distance": "89.3165964794374"
            }
        ]
    }
}

Response

Field DataType Description
ATMDetails
Type String(3) Type of product
Address String(100) Full address detail of product
City String(50) City detail
Country String(50) Country detail
Latitude String(12) Latitude product’s location
Longitude String(12) Longitude product’s location
Distance String(20) Distance estimation in meter

Errors

BCA API uses following error schema:

{
    "ErrorCode" : "Error Code",
    "ErrorMessage" : {
        "Indonesian" : "Pesan error",
        "English" : "Error message"
        }
}

Here is the list of error codes that can be returned:

HTTP Code Error Code Error Message (Indonesian) Error Message (English)
404 ESB-07-271 Tidak ada transaksi No Transaction
400 ESB-07-279 Tanggal awal lebih kecil dari tanggal buka rekening Start date less than account open date
404 ESB-10-004 Transaksi tidak ditemukan Transaction No Found
423 ESB-10-049 Rekening tidak aktif Account number Inactive
500 ESB-10-093 Transaksi tidak dapat diproses Transaction can not be processed
500 ESB-10-094 Transaksi tidak dapat diproses Transaction can not be processed
402 ESB-10-105 Nominal transfer menyebabkan saldo maksimal terlampaui Overlimit cash in transaction
402 ESB-10-106 Saldo tidak cukup Insufficient fund
404 ESB-10-151 Rekening tujuan tidak ditemukan / tidak aktif Recipient account number not found / Inactive
404 ESB-10-158 Rekening sumber tidak ditemukan / tidak aktif Sender account number not found / Inactive
404 ESB-10-364 Data Customer tidak ditemukan/ tidak aktif Customer Data Not Found /Inactive
500 ESB-10-354 Transaksi tidak dapat diproses Transaction can not be processed
404 ESB-10-355 Kode Perusahaan tidak terdaftar Company Code not registered
409 ESB-10-356 Customer sudah terdaftar Customer already registered
400 ESB-10-357 Parameter invalid, Transaksi tidak dapat diproses Invalid Parameter, Transaction can not be processed
400 ESB-10-358 Parameter invalid, Transaksi tidak dapat diproses Invalid Parameter, Transaction can not be processed
400 ESB-10-359 Parameter invalid, Transaksi tidak dapat diproses Invalid Parameter, Transaction can not be processed
400 ESB-10-360 Parameter invalid, Transaksi tidak dapat diproses Invalid Parameter, Transaction can not be processed
404 ESB-10-361 Data Customer tidak ditemukan/ tidak aktif Customer Data Not Found /Inactive
404 ESB-10-362 Wallet Customer tidak tersedia Customer Wallet Not Found
404 ESB-10-363 Wallet Customer tidak tersedia Customer Wallet Not Found
400 ESB-10-365 Parameter invalid, Transaksi tidak dapat diproses Invalid Parameter, Transaction can not be processed
404 ESB-10-366 Tidak ada transaksi No transaction
404 ESB-10-367 Data Customer tidak tersedia Customer unavailable
404 ESB-10-368 Data Customer tidak tersedia Customer unavailable
404 ESB-10-369 Transaksi tidak ditemukan Transaction Not Found
400 ESB-14-001 HMAC tidak cocok HMAC mismatch
400 ESB-14-002 Permintaan tidak valid Invalid request
400 ESB-14-003 Timestamp tidak valid Invalid timestamp
400 ESB-14-004 Parameter input tidak valid Invalid input parameter
503 ESB-14-005 Sistem sedang dalam maintenance System under maintenance
504 ESB-14-006 Timeout, silahkan periksa mutasi rekening Timeout, please check your account statement
504 ESB-14-007 Timeout Timeout
401 ESB-14-008 client_id/client_secret/grant_type tidak valid Invalid client_id/client_secret/grant_type
401 ESB-14-009 Tidak berhak Unauthorized
429 ESB-14-010 Jumlah permintaan melebihi limit Limit request exceeded
404 ESB-14-011 Service tidak ada Service doesn’t exist
401 ESB-14-012 Tidak berhak mengakses service ini Not allowed to access this service
400 ESB-14-015 Content Type tidak valid Invalid Content Type
400 ESB-14-016 Format JSON tidak valid Invalid JSON format
200 ESB-30-002 RateType belum di implementasi RateType not yet implemented
400 ESB-82-001 Field [FieldName] harus diisi Missing mandatory field [FieldName]
400 ESB-82-002 CorporateID tidak valid Invalid CorporateID
400 ESB-82-003 TransactionID tidak unik TransactionID not unique
400 ESB-82-004 TransactionDate tidak valid Invalid TransactionDate
403 ESB-82-006 Nominal transaksi melebihi batas maksimum Max amount of transaction is exceeded
400 ESB-82-007 TransactionDate sebelum hari ini TransactionDate is back date
400 ESB-82-008 Rekening perusahaan tidak valid Invalid Company account
400 ESB-82-009 CurrencyCode tidak valid Invalid CurrencyCode
400 ESB-82-010 Format TransactionID tidak valid Invalid TransactionID format
400 ESB-82-011 Amount tidak valid Invalid amount
400 ESB-82-012 Panjang karakter data input tidak valid Invalid input length
400 ESB-82-013 Tipe data input tidak valid Invalid data type
400 ESB-82-014 AccountNumber tidak valid Invalid AccountNumber
403 ESB-82-015 Min Max Amount Exceeded Min Max Amount Exceeded
403 ESB-82-018 Rekening Dormant Account Dormant
402 ESB-82-019 Saldo tidak cukup Insufficient fund
400 ESB-82-020 Tipe rekening tidak valid Invalid Account Type
403 ESB-82-021 Rekening tidak dapat melakukan transaksi Account cannot do transaction
404 ESB-82-022 Rekening tutup Account Closed
500 ESB-82-023 Transaksi gagal Transaction Failed
504 ESB-82-024 Timeout, silahkan periksa mutasi rekening Timeout, please check your account statement
503 ESB-82-025 Sedang diproses, silahkan periksa mutasi rekening In Progress, please check your account statement
503 ESB-82-026 Lewat batas waktu cut off Cut off time is exceeded
400 ESB-99-009 Field [FieldName] harus diisi Missing mandatory field [FieldName]
400 ESB-99-038 Panjang field (*nama field) tidak valid field (*field name) length not valid
400 ESB-99-039 Isian input Count tidak valid input for field Count not valid
400 ESB-99-040 Tipe isian field [FieldName] tidak valid Input type for field [FieldName] not valid
403 ESB-99-075 KeyID tidak ditemukan KeyID is not found
403 ESB-99-089 Transaksi berhasil sebagian Transaction success partially
400 ESB-99-112 Input String JSON tidak valid Invalid JSON String Input
400 ESB-99-113 Transaksi ditolak Transaction Rejected
400 ESB-99-127 Transaksi tidak ditemukan Transaction not found
400 ESB-99-128 Panjang field [FieldName] melebihi ketentuan Field [FieldName] exceed limit
400 ESB-99-128 Total input [FieldName] melebihi ketentuan Total [FieldName] input exceed limit
400 ESB-99-132 Data tidak ditemukan No Data Found
400 ESB-99-155 Mata uang harus IDR Currency must in IDR
400 ESB-99-156 ChannelType tidak valid ChannelType is not valid
400 ESB-99-156 AccountNumber tidak valid Invalid AccountNumber
400 ESB-99-157 Transaksi ditolak Transaction Rejected
400 ESB-99-158 Tanggal berakhir lebih besar dari tanggal hari ini End date more than today
400 ESB-99-158 Tanggal mulai lebih besar dari tanggal hari ini Start date more than today
400 ESB-99-158 Maksimal mutasi rekening yang dipilih 31 hari yang lalu Maximal account statement 31 days ago
400 ESB-99-158 Tanggal mulai lebih besar dari tanggal berakhir Start date more than end date
400 ESB-99-159 Format No. HP tidak sesuai Invalid mobile number format
401 ESB-99-169 ClientIDAPI tidak sesuai Invalid ClientIDAPI
400 ESB-99-170 CompanyCode tidak sesuai Invalid CompanyCode
403 ESB-99-171 PrimaryID tidak sesuai Invalid PrimaryID
400 ESB-99-172 Parameter invalid, Transaksi tidak dapat diproses Invalid Parameter, Transaction can not be processed
400 ESB-99-173 Tanggal yang diinputkan salah Invalid date format
400 ESB-99-174 Format email tidak sesuai Invalid email format
500 ESB-99-175 Transaksi Anda tidak dapat diproses. Silakan mencoba beberapa saat lagi Your transaction can not be processed. Please try again later
500 ESB-99-176 Transaksi Anda tidak dapat diproses. Silakan mencoba beberapa saat lagi Your transaction can not be processed. Please try again later
500 ESB-99-177 Sistem tidak dapat dipergunakan untuk sementara. Silakan cek mutasi transaksi Anda System unavailable at the moment. Please check your account statement
400 ESB-99-178 Mutasi transaksi dibatasi 31 hari dari hari ini Transaction inquiry is limited to records up to 31 days from today
400 ESB-99-179 Tanggal mulai harus lebih kecil atau sama dengan hari ini Start date must earlier or equal to today
400 ESB-99-180 Tanggal mulai harus lebih kecil atau sama dengan tanggal akhir Start date must earlier or equal to end date
404 ESB-99-181 Transaksi tidak tersedia Transaction not found
403 ESB-99-182 CompanyCode tidak sesuai Invalid CompanyCode
500 ESB-99-183 Transaksi Anda tidak dapat diproses. Silakan mencoba beberapa saat lagi Your transaction can not be processed. Please try again later
400 ESB-99-184 Format PrimaryID tidak sesuai Invalid PrimaryID format
500 ESB-99-185 Transaksi Anda tidak dapat diproses. Silakan mencoba beberapa saat lagi Your transaction can not be processed. Please try again later
500 ESB-99-186 Transaksi Anda tidak dapat diproses. Silakan mencoba beberapa saat lagi Your transaction can not be processed. Please try again later
500 ESB-99-187 Transaksi Anda tidak dapat diproses. Silakan mencoba beberapa saat lagi Your transaction can not be processed. Please try again later
400 ESB-99-188 Parameter invalid, Transaksi tidak dapat diproses Invalid Parameter, Transaction can not be processed
400 ESB-99-197 Nama atau nomor rekening tidak sesuai Account name/number does not match
500 ESB-99-204 Gagal transaksi OTP OTP transaction failed
423 ESB-99-214 Akun terblokir Account has been blocked
400 ESB-99-221 Tanggal tidak sesuai Invalid request date
400 ESB-99-254 Nominal maksimal untuk tarik tunai Rp 1.250.000 Maximum amount for cash out is IDR 1.250.000
400 ESB-99-255 Minimum nominal Rp 1 Minimum amount IDR 1
400 ESB-99-256 Nominal harus kelipatan Rp50.000 Nominal should be a multiple of IDR 50.000
400 ESB-99-257 Parameter tidak sesuai. Transaksi tidak dapat diproses Invalid Parameter. Transaction can not be processed
402 ESB-99-258 Saldo akun tidak cukup Insufficient account balance
429 ESB-99-259 Permintaan OTP sudah mencapai batas maksimum. Silakan mencoba beberapa saat lagi Request for OTP has reached limit. Please try again later
400 ESB-99-299 Sistem tidak tersedia untuk sementara waktu. Silakan cek mutasi transaksi Anda System is unavailable at the moment. Please check your account statement
400 ESB-99-335 Mata uang tidak valid Invalid Currency
400 ESB-99-339 Tipe Kurs tidak valid Invalid RateType
500 ESB-99-999 Sistem sedang tidak tersedia System unavailable

SDKs

Java SDK

Welcome to the BCA API!

Our API is built with REST style in mind so you can easily connect to our API. We use standard HTTP verbs and OAuth2 for Authorization. In addition to OAuth2, we use our own signature algorithm to verify the integrity of your request.

Installation

  1. Require JDK >= 1.7
  2. Copy ‘bca-api-sdk-java.jar’ to your libs folder.
  3. If you use Gradle, add the following line to 'dependencies’ section. If you don’t use Gradle or any dependency management tools, configure your project to add 'bca-api-sdk-java.jar’ external jar.

compile files("libs/bca-api-sdk-java.jar");

Handling Error

try {
    // Using the library to do API request
} catch (ApiRequestException e) {
    System.out.println(e.getBody().getErrorCode());
    System.out.println(e.getBody().getErrorMessage().getEnglish());
    System.out.println(e.getBody().getErrorMessage().getIndonesian());
} catch (OAuth2Exception e) {
    System.out.println(e.getMessage());
} catch (HttpRequestException e) {
    System.out.println(e.getMessage());
} catch (JsonParsingException e) {
    System.out.println(e.getMessage());
} catch (Exception e) {
    // something else
}

ApiRequestException:
the API response with non 2xx http status code
OAuth2Exception:
error during access token request
HttpRequestException:
error when establishing connection
JsonParsing Exception:
error when parsing payload to json

Enable Logging

In Java we use slf4j as logging interface. To activate the logging an implementation of slf4j, e.g. log4j, logback, etc, must be provided.

BCA SDK for JAVA

PHP SDK

Welcome to the BCA API!

Our API is built with REST style in mind so you can easily connect to our API. We use standard HTTP verbs and OAuth2 for Authorization. In addition to OAuth2, we use our own signature algorithm to verify the integrity of your request.

Installation

<?php
try {
// Using the library to do API request
} catch (\Bca\Api\Sdk\Common\Exceptions\ApiRequestException $e) {
echo $e->getBody()->getErrorCode();
echo $e->getBody()->getErrorMessage()->getEnglish();
echo $e->getBody()->getErrorMessage()->getIndonesian();
} catch (\Bca\Api\Sdk\Common\Exceptions\OAuth2Exception $e) {
echo $e->getMessage();
} catch (\Bca\Api\Sdk\Common\Exceptions\HttpRequestException $e) {
echo $e->getMessage();
} catch (\Bca\Api\Sdk\Common\Exceptions\JsonParsingException $e) {
echo $e->getMessage();
} catch (\Exception $e) {
// something else
}
?>
  1. Require PHP >= 5.4
  2. Copy dist/bca-api-sdk-php.phar to your project
  3. Include it in your PHP file

require '/path/to/bca-api-sdk-php.phar;

Handling Error

ApiRequestException:
the API response with non 2xx http status code
OAuth2Exception:
error during access token request
HttpRequestException:
problem with http connection
JsonParsingException:
error when parsing payload to json

Enable Logging

<?php
class MyLogger implements \Bca\Api\Sdk\Common\Utils\Logger\LoggerDriver {
public function log($level, $message, array $context = array()) {
// this is just a sample implementation
$time = date('c');
file_put_contents('/tmp/mylog', "$time : [$level] $message \n", FILE_APPEND);
}
}

// Set logger driver
\Bca\Api\Sdk\Common\Utils\Logger\LoggerFactory::setDriver(new MyLogger());
?>
  1. Create an implementation of \Bca\Api\Sdk\Common\Utils\Logger\LoggerDriver

  2. Set \Bca\Api\Sdk\Common\Utils\Logger\LoggerDriver implementation to \Bca\Api\Sdk\Common\Utils\Logger\LoggerFactory




BCA SDK for PHP