Skip to content
StraventaDocs
API Reference

SNAP-BI Gateway API

Bank Indonesia SNAP (Standar Nasional Open API Pembayaran) partner gateway

The SNAP-BI Gateway is the external partner-facing API that implements Bank Indonesia's SNAP standard (PBI No.23/6/PBI/2021). It validates BI-standard request signatures, enforces replay protection and clock-skew, and forwards requests to the appropriate downstream service.

Base URLs

The SNAP-BI gateway is served via the REST aggregator under the /v1.0/ path prefix.

EnvironmentBase URL
Sandbox (505pay.link)https://sandbox.505pay.link/v1.0
Production (505pay.link)https://api.505pay.link/v1.0
Sandbox (straventa.com)https://sandbox.straventa.com/v1.0
Production (straventa.com)https://api.straventa.com/v1.0

The OpenAPI specification is served at <base-url>/openapi.json.

Authentication model

SNAP-BI uses two distinct authentication paths:

Asymmetric (B2B access token) : RSA-SHA256 PKCS#1v1.5 signature over clientKey + "|" + X-TIMESTAMP. : Returns a short-lived Bearer access token (1 hour).

Symmetric (transaction endpoints) : HMAC-SHA512 signature over METHOD + "|" + PATH + "|" + accessToken + "|" + sha256hex(body) + "|" + X-TIMESTAMP. : Requires a valid Bearer token from the B2B endpoint.

Both paths verify X-TIMESTAMP within ±300 seconds of the server clock (SNAP requirement).

Replay protection

Every transaction request must carry a unique X-EXTERNAL-ID per partner per UTC day. Duplicate IDs return 409 with response code 409{svc}00.

Endpoints

MethodPathSvc CodeDownstream
POST/v1.0/access-token/b2b73auth-service
POST/v1.0/transfer-va/inquiry27payments-service
POST/v1.0/transfer-va/payment27payments-service
POST/v1.0/transfer-va/status27payments-service
POST/v1.0/transfer-credit/{route}25payments-service
POST/v1.0/balance-inquiry24payments-service
POST/v1.0/transaction-status-inquiry60recon-service
POST/v1.0/transaction-history-list50recon-service
POST/v1.0/qr/qr-mpm-generate47payments-service
POST/v1.0/qr/qr-mpm-notify-payment47payments-service

Response codes

SNAP response codes follow the format <http-prefix><service-code><sub-code> (7 digits).

CodeHTTPMeaning
200{svc}00200Successful
400{svc}02400Invalid X-TIMESTAMP
401{svc}00401Unauthorized (invalid signature)
403{svc}00403Forbidden (insufficient scope)
404{svc}01404Resource not found
409{svc}00409Duplicate X-EXTERNAL-ID
500{svc}00500Internal server error
504{svc}04504Downstream timeout

Error envelopes contain only responseCode and responseMessage — no internal error details are ever returned to partners (BI compliance requirement §AC9.2).

Partner registration

Partners are registered via the 505pay admin console. Contact your 505pay integration contact to obtain your X-CLIENT-KEY, RSA keypair, and HMAC secret.

For operator onboarding steps, see the snap-gateway-service runbook.


Endpoint reference

Authentication (B2B access token)

RSA-SHA256 asymmetric signature exchange to obtain a short-lived Bearer token.

Virtual Account (Transfer VA)

SNAP-BI Virtual Account inquiry, payment, and status endpoints.

Transfer credit

SNAP-BI credit transfer initiation.

QRIS

QR code generation and payment notification for Merchant-Presented Mode.

Inquiry & history

Balance inquiry, transaction status, and transaction history.

Health & metadata

Liveness/readiness probes, OpenAPI spec, and JWKS.

Was this page helpful?

On this page