Explore the New API Documentation!

Whats difference ?

Go to the New Documentation
Skip to main content

SNAP Overview

This document provides an overview of the SNAP format, which has been introduced as part of the new rules mandated by the Bank Indonesia. As a Payment Provider, understanding the technical aspects of the SNAP format is crucial for implementing compliant payment systems. This overview will help you familiarize yourself with the key concepts and requirements related to the SNAP format.

Background

Bank Indonesia has recently implemented new rules to standardize payment system in Indonesia. The primary objective is to streamline payment processing, enhance security, and improve interoperability among various payment service providers.

Purpose of SNAP format

The SNAP format aims to provide a uniform structure for exchanging payment information between different participants in the payment ecosystem.

Architecture Type of API

The architecture type used is Representational State Transfer (REST) API.

Data Format

The data format used in the request body and response body is JavaScript Object Notation (JSON).

Character Encoding

The standard character encoding used is UTF-8.

Komponen HTTP Method

The HTTP method functions as an identifier for the action to be performed on a resource, using the commonly used HTTP verbs. The HTTP verb used is:

  1. POST Request
  2. GET Request
  3. DELETE Request
  4. PUT Request

For security considerations, the Access Token retrieval utilizes a POST request. For other services, the appropriate HTTP verb is used based on the operation type and accessed resource. The usage of HTTP methods for each service is specified in the general information table within the SNAP technical specification document.

Server Authorization and Authentication Method Components

The standards employed are:

  1. OAuth 2.0 sesuai RFC6749
  2. Bearer token sesuai RFC6750

In granting access to Service Users, the Service Provider conducts authentication to validate Service Users. The means employed are the exchanged credentials during the collaboration setup process, which include client secret and a pair of public/private keys, used in conjunction with specific cryptographic algorithms.

Encryption Standard Components

The encryption model applied to messages involves both asymmetric and symmetric encryption, utilizing a combination of Private Key and Public Key, adhering to the following standards:

  1. Standard Asymmetric Encryption Signature: SHA256withRSA dengan Private Key ( Kpriv ) dan Public Key ( Kpub ) (256 bits)
  2. Standard Symmetric Encryption Signature HMAC_SHA512 (512 bits)
  3. Standard Symmetric Encryption AES-256 dengan client secret sebagai encryption key.