1. Authentication
BNC follows the SNAP standard:
ASYMMETRIC WITH ACCESS TOKEN (SHA256WITHRSA)
1.1 Asymmetric Key Generation
BNC will apply the key generation rules.
1.2 Digital Signature Generation
The below are steps of digital signature generation (X-Signature):
Encrypt stringToSign
a. Get Token
o Compose the stringToSign
▪ stringToSign = <X-CLIENT-KEY> + "|" + <X-TIMESTAMP>
o Encrypt stringToSign
▪ SHA256withRSA(clientSecret, stringToSign)
b. Transaction
o Compose the stringToSign
▪ HTTPMethod+ ”:” + EndPointURL> + “:“ + LowerCase(HexEncode(SHA256(Minify(<requestBody>)))) + “:“ + <X-TIMESTAMP>
o Encrypt stringToSign
▪ SHA256withRSA(clientSecret, stringToSign)
The signature string is generated from string to sign above by applying SHA-256 using a private key, and then encode the result to base64.
Put the signature string into HTTP header “X-SIGNATURE“.
1.3 Digital Signature Validation
The below are steps of digital signature validation:
Take the signature from HTTP header “X-SIGNATURE“.
Decrypt the signature using public key which is pair with private key that used to generate the signature.
Verify the correctness of the signature based on SHA-256 signing against the string to sign.
If the verification is correct, then consume the message.
1.4 Get Access Token Flow
SNAP Test Env URL: https://perf-openbanking.bankneo.co.id/open/bi/v1.0/get/token
SNAP Prod Env URL: https://openbanking.bankneo.co.id/open/bi/v1.0/get/token
Request:
Field Name | Must | Type | Length | Instruction |
Header | ||||
Content-Type | Y | String | 16 | application/json |
X-TIMESTAMP | Y | String | 25 | Client's current local time in yyyy-MM- ddTHH:mm:ss.SSSTZD format |
X-CLIENT-KEY | Y | String | 32 | Client’s client_id |
X-SIGNATURE | Y | String | 2048 | Asymmetric Signature SHA256withRSA (Private_Key, stringToSign). stringToSign = client_ID + “|” + X-TIMESTAMP |
Body | ||||
grant_type | Y | String | 30 | “client_credentials” : The client can request an access token using only its client credentials (or other supported means of authentication) when the client is requesting access to the protected resources under its control (OAuth 2.0: RFC 6749 & 6750) |
Response:
Field Name | Must | Type | Length | Instruction |
Header | ||||
Content-Type | Y | String | 16 | application/json |
X-TIMESTAMP | Y | String | 25 | Client's current local time in yyyy-MM- ddTHH:mm:ss.SSSTZD format |
X-CLIENT-KEY | Y | String | 32 | Client’s client_id |
Body | ||||
responseCode | Y | int | 2 | Refer to Appendix 3 |
responseMessage | Y | String | 200 | Response description |
accessToken | Y | String | 2048 | A string representing an authorization issued to the client that used to access protected resources |
tokenType | Y | String | 2048 | The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes) Token Type Value: “Bearer”: includes the access token string in the request “Mac”: issuing a Message Authentication Code (MAC) key together with the access token that is used to sign certain components of the HTTP requests Reference: OAuth2.0 RFC 6749 & 6750 |
expiresIn | Y | String | Session expiry in seconds: 900 | |
Get Access Token Request Sample
Content-type: application/json X-TIMESTAMP: 2020-01-01T00:00:00+07:00 X-CLIENT-KEY: 962489e9-de5d-4eb7-92a4-b07d44d64bf4 X-SIGNATURE: 07abc7c30d245c0ecce3ef6c2a9ac76cd9ffaf6d0d090773b429c2b97437dc72047f46d9890abb2d6d8af7594ea19787e79ec80e388e2f6225b449c2e4d82e7df50f37c301424aede785935703c1c70235ba4e59f589f571218ce2dce4c061e598f0f38d1ac57f3feb52cf0c31078e3ceee8d796c53983fe1d38ebd71155aaa613700dc21f5a57941b787f921af7d287e72687d5242eb3063d543d5f5923f76db008cf4f56fb9c618f7f4bc8366ae70d88705617487754563e629119013fa0549e6645b397524b3dd2fa7e7f3fe9faf0fbf77da59f566861a3c510241fd4416ab7d0eba42d998e1178da51d607e0ef866607c458837c762323be53827d86e875 { "grantType":"client_credentials", "additionalInfo":{ } } |
Get Access Token Response Sample
{ "responseCode":"2007300", "responseMessage":"Successful", "accessToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJiZjFmM2Q3ZS1kOTA3LTRkOWItODJlNC02Y2IxZGYxOTBlOWUiLCJjbGllbnRJZCI6IjZhZTk1N2M0LTI4NjMtNDcxMy1hY2NlLWJhMTJkZTYzNmNmYyIsIm5iZiI6MTYxMTQ2ODg1NiwiZXhwIjoxNjExNDY5NzU2LCJpYXQiOjE2MTE0Njg4NTZ9.-7HRhcyEh4y0qsG2H3DRdu0AeYv3MEJHfWRKhRBYcNU", "tokenType":"Bearer", "expiresIn":"900", "additionalInfo":{ } } |