{"info":{"_postman_id":"497b307c-5c4b-48f8-9fae-6690582a452b","name":"PGA API Documentation","description":"<html><head></head><body><h2 id=\"overview\">Overview</h2>\n<p>PG stands for Payment Gateway. It is a service that facilitates online payment transactions between business owners/merchants and their clients/customers. This system bridges the process of creating billings or invoices that customers can use to pay for the merchant's goods or services.<br>Authorization for fund transfers from the customer's bank account/e-wallet to the designated merchant account will be processed through the bank/e-wallet opted by the customer.</p>\n<p>PGA stands for Payment Gateway Aggregator. It is a system/platform that aggregates payment services from various payment service providers and then resells them on a single platform with the addition of a commission fee. The main advantage of using PGA is that merchants do not need to integrate their businesses with multiple PJPs; instead, they simply have to do a single integration with standardized methods and a centralized system of PGA.</p>\n<h2 id=\"how-it-works\">How It Works</h2>\n<p>PG helps merchants to receive, process, and send funds. When a customer creates a billing/invoice transaction, PG encrypts the information and sends it to a financial institution (either a bank or a non-bank PJP). Once the transaction is authorized and approved by the customer, the funds are transferred to the merchant's account in PG.</p>\n<p>PG acts as an intermediary between the business owner and their customers, ensuring smooth and secure transactions. Business owners also avoid having to store customer data on their servers by using PG's services.</p>\n<hr>\n<h3 id=\"terminology\">Terminology</h3>\n<ol>\n<li><p>Payment Gateway = A company providing payment and money transfer services</p>\n</li>\n<li><p>Payment Gateway Aggregator = A centralized platform providing connectivity to payment service providers or payment processing companies to handle both receiving and sending transactions.</p>\n</li>\n<li><p>Vendor/Provider = A company providing payment services</p>\n</li>\n<li><p>Switching = A company providing money transfer services</p>\n</li>\n<li><p>Acceptance/Cash-in = The activity of receiving funds initiated by a customer/client through a payment service provider until they are received by the merchant.</p>\n</li>\n<li><p>Disbursement/Withdrawal/Cash-out = The activity of sending funds initiated by a merchant through a money transfer service provider until they are received by the customer/client.</p>\n</li>\n<li><p>Billing/Invoice = Type of money transfer transaction</p>\n</li>\n</ol>\n<hr>\n<h3 id=\"introduction\">Introduction</h3>\n<p>PGA APIs are structured with resource-oriented URL endpoints, HTTP method verbs for the action type, using JSON encoded content type for the request and responses, and also mandatory signature parameter in payload for security validation.</p>\n<h4 id=\"1-preparation\">1. Preparation</h4>\n<p>To be able to communicate with our <strong>PGA</strong> API, merchant will be provided:</p>\n<ol>\n<li><p><em>merchant_code</em></p>\n</li>\n<li><p><em>merchant_secret</em></p>\n</li>\n</ol>\n<h4 id=\"2-signature\">2. Signature</h4>\n<p>Signature parameter inside payload is one of PGA method to verify that request is valid and not altered by attackers alongside whitelisting merchant IP address.</p>\n<h4 id=\"3-generating-signature\">3. Generating Signature</h4>\n<p>SHA-256 HMAC is used to generate the signature with merchant_secret as the key.</p>\n<h4 id=\"4-api-servers\">4. API Servers</h4>\n<p>PGA have a sandbox API server provided beside the production API server, so you can test your system integration with PGA before going production.</p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>API Server</th>\n<th>Host URL</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Base URL</td>\n<td><a href=\"https://sandbox.sec2pay.com/\">https://sandbox.sec2pay.com/</a></td>\n</tr>\n<tr>\n<td>Development</td>\n<td>To be informed upon production</td>\n</tr>\n</tbody>\n</table>\n</div></body></html>","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"54067835","collectionId":"497b307c-5c4b-48f8-9fae-6690582a452b","publishedId":"2sBXqJJfxj","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"publishDate":"2026-04-30T07:59:55.000Z"},"item":[{"name":"A. Fund Acceptance","item":[{"name":"1. Get Payment Methods","item":[{"name":"/api/payment_methods","event":[{"listen":"prerequest","script":{"id":"80649cc6-6049-4260-8e7c-1a7f62648056","exec":["const merchant_code = pm.environment.get(\"merchant_code\");\r","const merchant_secret = pm.environment.get(\"merchant_secret\");\r","pm.variables.set(\"merchant_code\", merchant_code);\r","pm.variables.set(\"signature\", CryptoJS.HmacSHA256(merchant_code, merchant_secret).toString());\r",""],"type":"text/javascript","packages":{},"requests":{}}}],"id":"412b1636-cbb8-44c8-90ab-c0c4a3d05ae3","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"merchant_code\": \"{{merchant_code}}\",\r\n    \"signature\": \"{{signature}}\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{host}}/api/payment_methods","description":"<p>Retrieves the list of available payment methods for a merchant.</p>\n<h2 id=\"authentication\">Authentication</h2>\n<p>This endpoint uses HMAC-SHA256 signature-based authentication.</p>\n<ul>\n<li><p><strong>Signature pattern:</strong> <code>{merchant_code}</code></p>\n</li>\n<li><p><strong>Formula:</strong> <code>HMAC-SHA256(merchant_secret, merchant_code)</code></p>\n</li>\n</ul>\n<p>The <code>merchant_secret</code> is provided by PGA and is used as the HMAC-SHA256 key. Keep it confidential.</p>\n<h2 id=\"request-body\">Request Body</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Parameter</th>\n<th>Type</th>\n<th>Required</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>merchant_code</code></td>\n<td>String</td>\n<td>Yes</td>\n<td>Unique merchant identifier provided by PGA upon registration. Also used as the signature pattern for this endpoint.</td>\n</tr>\n<tr>\n<td><code>signature</code></td>\n<td>String</td>\n<td>Yes</td>\n<td>Security hash generated using HMAC-SHA256. Formula: <code>HMAC-SHA256(merchant_secret, merchant_code)</code></td>\n</tr>\n</tbody>\n</table>\n</div>","urlObject":{"path":["api","payment_methods"],"host":["{{host}}"],"query":[],"variable":[]}},"response":[{"id":"c7141c1c-92a8-4b49-af22-7f5f1850b0ac","name":"/api/payment_methods","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"merchant_code\": \"{{mid}}\",\r\n    \"signature\": \"{{signature}}\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{host}}/api/payment_methods"},"status":"OK","code":200,"_postman_previewlanguage":"","header":[{"key":"Server","value":"nginx"},{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Connection","value":"keep-alive"},{"key":"Vary","value":"Accept-Encoding"},{"key":"Cache-Control","value":"no-cache, private"},{"key":"Date","value":"Tue, 28 Apr 2026 10:38:33 GMT"},{"key":"Set-Cookie","value":"XSRF-TOKEN=eyJpdiI6IjEvTExJL0pNa0pZc3VCRFFyRTRPV1E9PSIsInZhbHVlIjoiQjk0VmhFSTFVOXhvTVVkUjRENTNOOGlpUmhITnJ4cnNJR1Z0YjNDQVQ4NHV1TnFOYXBiZDk1dkxhMDV4aHpiaXhWOVFreU9aSTkrcHJPOVlLYnF5b21USnR1Sk41RW9LMHdYcSsrV2NPSzJvcjNnQ2ZRKzRZMVVGTDZ0bnZ3RFkiLCJtYWMiOiI0YTZmMTFhYjAzZjdmNzhkYTQ3NTUyMTQ2ZThkZmFhMmQ2MDUwZDc0NjU1YWVmMTNmYTNhZjA4MjkxNTFjNjJiIn0%3D; expires=Tue, 28-Apr-2026 12:38:33 GMT; Max-Age=7200; path=/; samesite=lax"},{"key":"Set-Cookie","value":"HEROIC=eyJpdiI6InNkRWsvSDBrb2ZSL1EzQXFZNU52MVE9PSIsInZhbHVlIjoiYnMxZFFBK3lQYmNYL2VnaXl4T0srMG9wci9JZVJPWHA4MGt3SnRGTmhJcUlEMmVRVkRPdnk1OCthOWphbjk4S2gwWFg2L1N2TDlMWDRuSy9DQXlzSVpwUFJ6UFAzU2RDV3dYQzlBODhkd1RtekJlN1l3R0dBdmxzREI4VXBHaUYiLCJtYWMiOiIzMjUzYjFhOGQ4YjM0NzI3ZWVmODdjMTNmMTk5YzM5ZTY0ZGJlNWRhNDRjNWIxZjUzYWRhYTUxMWNjOGQzZjc0In0%3D; path=/; httponly; samesite=lax"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"no-referrer-when-downgrade"},{"key":"Content-Encoding","value":"gzip"}],"cookie":[{"expires":"Invalid Date","domain":"","path":""}],"responseTime":null,"body":"{\n    \"status\": \"000\",\n    \"data\": [\n        {\n            \"title\": \"Permata Virtual Account\",\n            \"code\": \"PERMATAVA\",\n            \"icon_url\": \"https://i.ibb.co/tJSsvYy/Asset-39.png\",\n            \"icon_url_alt\": null,\n            \"category\": \"Transfer Bank\",\n            \"min_amount\": \"10000.00\",\n            \"max_amount\": \"10000000.00\",\n            \"fee\": 0,\n            \"fee_percentage\": 0,\n            \"fee_charge_to\": \"CUST\",\n            \"how_to_pay\": \"HTML CONTENT ON HOW TO PAY\",\n            \"maintenance_status\": 0,\n            \"status_pm\": 1,\n            \"status_mpm\": 1\n        },\n        {\n            \"title\": \"OVO\",\n            \"code\": \"PAYOVO\",\n            \"icon_url\": \"https://i.ibb.co/L0NsqDD/OV.png\",\n            \"icon_url_alt\": null,\n            \"category\": \"E-Wallet\",\n            \"min_amount\": \"100.00\",\n            \"max_amount\": \"10000000.00\",\n            \"fee\": 0,\n            \"fee_percentage\": 1.5,\n            \"fee_charge_to\": \"CUST\",\n            \"how_to_pay\": \"HTML CONTENT ON HOW TO PAY\",\n            \"maintenance_status\": 0,\n            \"status_pm\": 1,\n            \"status_mpm\": 1\n        },\n        {\n            \"title\": \"QRIS Payment\",\n            \"code\": \"QRS\",\n            \"icon_url\": \"https://i.ibb.co/C1sHN5n/iconQris.png\",\n            \"icon_url_alt\": null,\n            \"category\": \"QRIS Payment\",\n            \"min_amount\": \"500.00\",\n            \"max_amount\": \"5000000.00\",\n            \"fee\": 0,\n            \"fee_percentage\": 0.7,\n            \"fee_charge_to\": \"CUST\",\n            \"how_to_pay\": \"HTML CONTENT ON HOW TO PAY\",\n            \"maintenance_status\": 0,\n            \"status_pm\": 1,\n            \"status_mpm\": 1\n        }\n    ]\n}"}],"_postman_id":"412b1636-cbb8-44c8-90ab-c0c4a3d05ae3"}],"id":"6c6c55ae-5ebc-461c-80d3-0a0058506929","description":"<h5 id=\"a1-get-list-of-payment-methods\">A.1 Get List of Payment Methods</h5>\n<p>API to retrieve all available and assigned payment methods for merchant</p>\n<p><code>SIGNATURE_PATTERN = {merchant_code}</code></p>\n","_postman_id":"6c6c55ae-5ebc-461c-80d3-0a0058506929"},{"name":"2. Generate Billing/Invoice","item":[{"name":"/api/pay/create","event":[{"listen":"prerequest","script":{"id":"5ec6abbf-f030-4436-8842-77878935f54d","exec":["const merchant_code = pm.environment.get(\"merchant_code\");\r","const merchant_secret = pm.environment.get(\"merchant_secret\");\r","const timestamp = new Date().getTime();\r","const rand = _.random(10000, 50000);\r","const invoice_no = \"TEST\" + timestamp;\r","pm.variables.set(\"merchant_code\", merchant_code);\r","pm.variables.set(\"invoice_no\", invoice_no);\r","pm.variables.set(\"amount\", rand);\r","pm.variables.set(\"signature\", CryptoJS.HmacSHA256(merchant_code + \":\" + invoice_no, merchant_secret).toString());\r",""],"type":"text/javascript","packages":{},"requests":{}}}],"id":"a2e1634d-929d-4969-99a4-8cd242c0fbc1","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"merchant_code\": \"{{merchant_code}}\",\r\n    \"invoice_no\": \"{{invoice_no}}\",\r\n    \"description\": \"Test Deposit\",\r\n    \"customer_name\": \"TESTER\",\r\n    \"customer_email\": \"tester@gmail.com\",\r\n    \"customer_phone\": \"081212121314\",\r\n    \"expire_in\": 120,\r\n    \"payment_method_code\": \"QRIS\",\r\n    \"amount\": {{amount}},\r\n    \"signature\": \"{{signature}}\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{host}}/api/pay/create","description":"<p>Generates a billing or invoice for a customer transaction.</p>\n<h2 id=\"authentication\">Authentication</h2>\n<p>This endpoint uses HMAC-SHA256 signature-based authentication.</p>\n<ul>\n<li><p><strong>Signature pattern:</strong> <code>{merchant_code} : {invoice_no}</code></p>\n</li>\n<li><p><strong>Formula:</strong> <code>HMAC-SHA256(merchant_secret, merchant_code + \":\" + invoice_no)</code></p>\n</li>\n</ul>\n<h2 id=\"request-body-parameters\">Request Body Parameters</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Parameter</th>\n<th>Type</th>\n<th>Required</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>merchant_code</code></td>\n<td>String</td>\n<td>Yes</td>\n<td>Unique merchant identifier provided by PGA upon registration.</td>\n</tr>\n<tr>\n<td><code>invoice_no</code></td>\n<td>String</td>\n<td>Yes</td>\n<td>Unique invoice number for the transaction. Used in the signature pattern.</td>\n</tr>\n<tr>\n<td><code>description</code></td>\n<td>String</td>\n<td>Yes</td>\n<td>Short description of the transaction (e.g. <code>\"Test Deposit\"</code>).</td>\n</tr>\n<tr>\n<td><code>customer_name</code></td>\n<td>String</td>\n<td>Yes</td>\n<td>Full name of the customer.</td>\n</tr>\n<tr>\n<td><code>customer_email</code></td>\n<td>String</td>\n<td>Yes</td>\n<td>Email address of the customer.</td>\n</tr>\n<tr>\n<td><code>customer_phone</code></td>\n<td>String</td>\n<td>Yes</td>\n<td>Phone number of the customer.</td>\n</tr>\n<tr>\n<td><code>expire_in</code></td>\n<td>Number</td>\n<td>Yes</td>\n<td>Expiry duration for the invoice in minutes (e.g. <code>120</code>).</td>\n</tr>\n<tr>\n<td><code>payment_method_code</code></td>\n<td>String</td>\n<td>Yes</td>\n<td>Code of the selected payment method (e.g. <code>\"QRIS\"</code>).</td>\n</tr>\n<tr>\n<td><code>amount</code></td>\n<td>Number</td>\n<td>Yes</td>\n<td>Transaction amount in the smallest currency unit.</td>\n</tr>\n<tr>\n<td><code>signature</code></td>\n<td>String</td>\n<td>Yes</td>\n<td>Security hash generated using HMAC-SHA256. Formula: <code>HMAC-SHA256(merchant_secret, merchant_code + \":\" + invoice_no)</code></td>\n</tr>\n</tbody>\n</table>\n</div>","urlObject":{"path":["api","pay","create"],"host":["{{host}}"],"query":[],"variable":[]}},"response":[{"id":"a258ce54-be0b-4714-87c9-b72e112b7ca4","name":"/api/pay/create QRIS","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"merchant_code\": \"{{mid}}\",\r\n    \"invoice_no\": \"{{invoice_no}}\",\r\n    \"description\": \"Test Deposit\",\r\n    \"customer_name\": \"TESTER\",\r\n    \"customer_email\": \"tester@gmail.com\",\r\n    \"customer_phone\": \"081212121314\",\r\n    \"expire_in\": 120,\r\n    \"payment_method_code\": \"QRIS\",\r\n    \"amount\": {{amount}},\r\n    \"signature\": \"{{signature}}\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{host}}/api/pay/create"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Server","value":"nginx"},{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Connection","value":"keep-alive"},{"key":"Vary","value":"Accept-Encoding"},{"key":"Cache-Control","value":"no-cache, private"},{"key":"Date","value":"Tue, 28 Apr 2026 11:06:41 GMT"},{"key":"X-RateLimit-Limit","value":"1000"},{"key":"X-RateLimit-Remaining","value":"999"},{"key":"Set-Cookie","value":"XSRF-TOKEN=eyJpdiI6ImNxNVNNTXh5VGxiSElOOW1admxkQlE9PSIsInZhbHVlIjoiWDREM0JLR2JON0Zka0Q4Sy9wemlyeUpRNGZqNm9rRnpCendMd2M0Zng3b1Z1Uy9uZndaVjlXeVkxczJmbnFIUld4My96WFdoVjVqbTNNd1hpaks4SG1DbDkydzN4V3ZiRjU0UElsVXZsczYvK2lSY1RHY0dPMDQ3MGE2eVd1algiLCJtYWMiOiIyNWMwOTE5MGQzYzA5NTI4MjU0OGU4ZDcwMTBlNDNkZDY5MjFlYWYwZmVkZmE0M2M1NzM0NGY4ZTg0ODQzZjEyIn0%3D; expires=Tue, 28-Apr-2026 13:06:41 GMT; Max-Age=7200; path=/; samesite=lax"},{"key":"Set-Cookie","value":"HEROIC=eyJpdiI6InhkTnBWUlNyRUY0UFpOeEZKN3ZMU1E9PSIsInZhbHVlIjoiWGJoNVhMVVloalB6eGNjd2IvdURYRG9DQlZhVkV3U1lLSURtUkxJWVFXMjdiOFIvS3JVbTZrWXRRaStlRUhtbm04d3NtVjdXRHhSV0VqTHlEenVEN2dkOENSY28zT01lOWgrZjVjNzdvWm5mVFNvZHhtRVpKRFBPQW1uRWVyR1QiLCJtYWMiOiI4ZTMzMGM1ZGFhNmZmZjNiYmFkY2YwNzYzYjY1MTdmMDdmMTlmMjM3NTZlZDAzOWVhNjFiOWE2MDBkNTgyNmQzIn0%3D; path=/; httponly; samesite=lax"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"no-referrer-when-downgrade"},{"key":"Content-Encoding","value":"gzip"}],"cookie":[],"responseTime":null,"body":"{\n    \"status\": \"000\",\n    \"data\": {\n        \"merchant_code\": \"PGASANDBOX\",\n        \"reference_no\": \"260428LUKGQ4CS8TT3MEX7442\",\n        \"invoice_no\": \"TEST1777374400259\",\n        \"customer\": {\n            \"name\": \"TESTER\",\n            \"phone\": \"081212121314\",\n            \"email\": \"tester@gmail.com\"\n        },\n        \"description\": \"Test Deposit\",\n        \"currency\": \"IDR\",\n        \"net_amount\": \"41847.00\",\n        \"surcharge\": \"292.93\",\n        \"surcharge_to\": \"CUST\",\n        \"amount\": \"42139.93\",\n        \"payment_method\": \"QRIS Payment\",\n        \"payment_method_code\": \"qris\",\n        \"pay_code\": \"\",\n        \"pay_qrcode\": \"https://sandbox.sec2pay.com/qrcodes/2026/04/28/chronos_qris_260428LUKGQ4CS8TT3MEX7442.png\",\n        \"qr_string\": null,\n        \"pay_checkout_url\": \"\",\n        \"pay_mobile_deeplink\": \"\",\n        \"paid_status\": 0,\n        \"paid_description\": \"UNPAID\",\n        \"created_at\": \"2026-04-28 18:06:40\",\n        \"expired_at\": \"2026-04-29 18:06:40\"\n    },\n    \"form_url\": \"https://sandbox.sec2pay.com/secure/inv/20260428a51c1235e2ce75f146f4bc2c0ac8eedc\"\n}"},{"id":"3dc31124-1821-4954-afd6-123205027d47","name":"/api/pay/create Virtual Account","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"merchant_code\": \"{{mid}}\",\r\n    \"invoice_no\": \"{{invoice_no}}\",\r\n    \"description\": \"Test Deposit\",\r\n    \"customer_name\": \"TESTER\",\r\n    \"customer_email\": \"tester@gmail.com\",\r\n    \"customer_phone\": \"081212121314\",\r\n    \"expire_in\": 120,\r\n    \"payment_method_code\": \"PERMATA\",\r\n    \"amount\": {{amount}},\r\n    \"signature\": \"{{signature}}\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{host}}/api/pay/create"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Server","value":"nginx"},{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Connection","value":"keep-alive"},{"key":"Vary","value":"Accept-Encoding"},{"key":"Cache-Control","value":"no-cache, private"},{"key":"Date","value":"Tue, 28 Apr 2026 11:31:42 GMT"},{"key":"X-RateLimit-Limit","value":"1000"},{"key":"X-RateLimit-Remaining","value":"999"},{"key":"Set-Cookie","value":"XSRF-TOKEN=eyJpdiI6InlpMlpxdnQwWDZDeklqOEpWN2dXZkE9PSIsInZhbHVlIjoieVNoQnRjUzJhNVVLdlVCTWYvQXRuQnBHYWlNYnlHa240b0xLaTgwSldkMThWZ0ROa3YrVjJUWXg5eWRVendtc0h0R0lnYm9yZFdqRzJJMEZCazFBVWZIbmJDMExWUU5zdHFKN2RnQ2lMdmVuamVoYUUxeXJVMllYTTVkRFRucXEiLCJtYWMiOiI5Y2ExODU2NDk4NzU2MWYxMWRiN2M1M2JmY2Y1YmIzNzIxZWQ3MTIxNjc0NzEyZTE3NzkzODI2ZGRkMTA3YjRmIn0%3D; expires=Tue, 28-Apr-2026 13:31:42 GMT; Max-Age=7200; path=/; samesite=lax"},{"key":"Set-Cookie","value":"HEROIC=eyJpdiI6IndlTGo2Mi9XY1ZYd2FqTURRN2NSNVE9PSIsInZhbHVlIjoib2JCVU9pbG10bXVEQytkbk9xNDdLMHBCTk9WZzdnYWZ1Zy9WUVErcWZyZkZQTkVUQzQ3azZsUkNYenBOVzFZdCs4czAvemo1UnZuU1NpTEs0ZG9SV3lHWm84OUdBZDN4K1NVMCtGZWdLSkRTOExMV0JKVTA0bWg1VkpZSUR6L3oiLCJtYWMiOiJhYzI5YTg5OTkxNTAzMzc1MmM0MGMyMWM4YjU0NDU1YzlmMmE2NzQ0NzU5NWM2NDVjNjVlMWZmNDYxOGY4ODM1In0%3D; path=/; httponly; samesite=lax"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"no-referrer-when-downgrade"},{"key":"Content-Encoding","value":"gzip"}],"cookie":[],"responseTime":null,"body":"{\n    \"status\": \"000\",\n    \"data\": {\n        \"merchant_code\": \"PGASANDBOX\",\n        \"reference_no\": \"260428K50VBS8T98TRKIQ7DUQ\",\n        \"invoice_no\": \"TEST1777375900860\",\n        \"customer\": {\n            \"name\": \"TESTER\",\n            \"phone\": \"081212121314\",\n            \"email\": \"tester@gmail.com\"\n        },\n        \"description\": \"Test Deposit\",\n        \"currency\": \"IDR\",\n        \"net_amount\": \"14986.00\",\n        \"surcharge\": \"3500.00\",\n        \"surcharge_to\": \"CUST\",\n        \"amount\": \"18486.00\",\n        \"payment_method\": \"Permata Virtual Account\",\n        \"payment_method_code\": \"permata\",\n        \"pay_code\": \"507959375001\",\n        \"pay_qrcode\": \"\",\n        \"qr_string\": null,\n        \"pay_checkout_url\": \"\",\n        \"pay_mobile_deeplink\": \"\",\n        \"paid_status\": 0,\n        \"paid_description\": \"UNPAID\",\n        \"created_at\": \"2026-04-28 18:31:40\",\n        \"expired_at\": \"2026-04-29 18:31:40\"\n    },\n    \"form_url\": \"https://sandbox.sec2pay.com/secure/inv/20260428aca525874e9e40ed38d904ec6421c90c\"\n}"},{"id":"7efcf0e9-08b2-4f94-b489-c65fac4f3f84","name":"/api/pay/create E-wallet OVO","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"merchant_code\": \"{{mid}}\",\r\n    \"invoice_no\": \"{{invoice_no}}\",\r\n    \"description\": \"Test Deposit\",\r\n    \"customer_name\": \"TESTER\",\r\n    \"customer_email\": \"tester@gmail.com\",\r\n    \"customer_phone\": \"081212121314\",\r\n    \"expire_in\": 120,\r\n    \"payment_method_code\": \"OVO\",\r\n    \"amount\": {{amount}},\r\n    \"signature\": \"{{signature}}\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{host}}/api/pay/create"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Server","value":"nginx"},{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Connection","value":"keep-alive"},{"key":"Vary","value":"Accept-Encoding"},{"key":"Cache-Control","value":"no-cache, private"},{"key":"Date","value":"Tue, 28 Apr 2026 11:31:59 GMT"},{"key":"X-RateLimit-Limit","value":"1000"},{"key":"X-RateLimit-Remaining","value":"998"},{"key":"Set-Cookie","value":"XSRF-TOKEN=eyJpdiI6Im1TTE1PMXA4U05COUZ2SG9veTJtK2c9PSIsInZhbHVlIjoid0g0dGdRUW5HdHNoamRIRTAweEROK2kwYWVIY0E1aWRRQUJTd3F0bVhObnEvZjMrQ2ZKeUxuQjZnVSttUWUvYUxSL0k2UlA2dmRCcU5BRk9pYW1peG9MZm9vR0hBS05JWnMrRWs1ZlpkVTc0QWtpcXdObm81OW9JQmhsSlA3Ty8iLCJtYWMiOiJmMzkwYTE5MTAwZGU2NTczOTM0YTg5ZDIzY2E4Mzc3ZDk5MjcxMWJlZDQwY2Y3ZWIzODIyN2Y1ZDYzMDg4N2VhIn0%3D; expires=Tue, 28-Apr-2026 13:31:59 GMT; Max-Age=7200; path=/; samesite=lax"},{"key":"Set-Cookie","value":"HEROIC=eyJpdiI6IjRtdzdSVFdJZnVNcHI1M3UzRGJuQXc9PSIsInZhbHVlIjoibWdxUTF1NmFURE8ybE16YlhsME96RDhBQ1RmSk9ERHJkeVplcXlmVFlVMGZHbmFlNmpCMnR5S2hGbHg5Y05ZYUV6VngzMXlpSlRQam90N1BjbDhDTHZHdWsvRVM3dDJBMklxZC9TU21wSndIVHN3UUFOTlkyYmE3eUtCNHJ0S3ciLCJtYWMiOiJjZDMxNzJjYzdjMTYyYjQwODg1ZDQyNzJhYzMxZDkwZGYyMzc3MTU5MDQ1Nzg5MmE4MjY2NWVjMWNjMTkzNzQzIn0%3D; path=/; httponly; samesite=lax"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"no-referrer-when-downgrade"},{"key":"Content-Encoding","value":"gzip"}],"cookie":[],"responseTime":null,"body":"{\n    \"status\": \"000\",\n    \"data\": {\n        \"merchant_code\": \"PGASANDBOX\",\n        \"reference_no\": \"260428G0RP8M4FAOGGB5WFI19\",\n        \"invoice_no\": \"TEST1777375918270\",\n        \"customer\": {\n            \"name\": \"TESTER\",\n            \"phone\": \"081212121314\",\n            \"email\": \"tester@gmail.com\"\n        },\n        \"description\": \"Test Deposit\",\n        \"currency\": \"IDR\",\n        \"net_amount\": \"26929.00\",\n        \"surcharge\": \"842.88\",\n        \"surcharge_to\": \"CUST\",\n        \"amount\": \"27771.88\",\n        \"payment_method\": \"OVO\",\n        \"payment_method_code\": \"ovo\",\n        \"pay_code\": \"\",\n        \"pay_qrcode\": \"\",\n        \"qr_string\": null,\n        \"pay_checkout_url\": \"http://www.smith.biz/soluta-quia-sequi-sunt-ut-itaque.html\",\n        \"pay_mobile_deeplink\": \"\",\n        \"paid_status\": 0,\n        \"paid_description\": \"UNPAID\",\n        \"created_at\": \"2026-04-28 18:31:58\",\n        \"expired_at\": \"2026-04-29 18:31:58\"\n    },\n    \"form_url\": \"https://sandbox.sec2pay.com/secure/inv/20260428fee212cbfaf9c2e2a2c53ef39aa47c56\"\n}"}],"_postman_id":"a2e1634d-929d-4969-99a4-8cd242c0fbc1"}],"id":"f8679acf-9b2f-471a-9abf-fc6fb3f2c94b","description":"<h5 id=\"a2-generate-billing\">A.2 Generate Billing</h5>\n<p>API to generate billing or invoice for customer</p>\n<p><code>SIGNATURE_PATTERN = {merchant_code} : {invoice_no}</code></p>\n","_postman_id":"f8679acf-9b2f-471a-9abf-fc6fb3f2c94b"},{"name":"3. Inquiry Billing","item":[{"name":"/api/pay/check","event":[{"listen":"prerequest","script":{"id":"5ec6abbf-f030-4436-8842-77878935f54d","exec":["const merchant_code = pm.environment.get(\"merchant_code\");\r","const merchant_secret = pm.environment.get(\"merchant_secret\");\r","const reference_no = \"260428LUKGQ4CS8TT3MEX7442\";\r","pm.variables.set(\"merchant_code\", merchant_code);\r","pm.variables.set(\"reference_no\", reference_no);\r","pm.variables.set(\"signature\", CryptoJS.HmacSHA256(merchant_code + \":\" + reference_no, merchant_secret).toString());\r",""],"type":"text/javascript","packages":{},"requests":{}}}],"id":"267bef44-8fa2-403c-b6ed-f5cc638724da","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"merchant_code\": \"{{merchant_code}}\",\r\n    \"reference_no\": \"{{reference_no}}\",\r\n    \"signature\": \"{{signature}}\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{host}}/api/pay/check","description":"<p>Checks the status of an existing billing or invoice transaction.</p>\n<h2 id=\"authentication\">Authentication</h2>\n<p>This endpoint uses HMAC-SHA256 signature-based authentication.</p>\n<ul>\n<li><p><strong>Signature pattern:</strong> <code>{merchant_code} : {reference_no}</code></p>\n</li>\n<li><p><strong>Formula:</strong> <code>HMAC-SHA256(merchant_secret, merchant_code + \":\" + reference_no)</code></p>\n</li>\n</ul>\n<h2 id=\"request-body-parameters\">Request Body Parameters</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Parameter</th>\n<th>Type</th>\n<th>Required</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>merchant_code</code></td>\n<td>String</td>\n<td>Yes</td>\n<td>Unique merchant identifier provided by PGA upon registration.</td>\n</tr>\n<tr>\n<td><code>reference_no</code></td>\n<td>String</td>\n<td>Yes</td>\n<td>Unique reference number of the transaction to check. Used in the signature pattern.</td>\n</tr>\n<tr>\n<td><code>signature</code></td>\n<td>String</td>\n<td>Yes</td>\n<td>Security hash generated using HMAC-SHA256. Formula: <code>HMAC-SHA256(merchant_secret, merchant_code + \":\" + reference_no)</code></td>\n</tr>\n</tbody>\n</table>\n</div>","urlObject":{"path":["api","pay","check"],"host":["{{host}}"],"query":[],"variable":[]}},"response":[{"id":"05eeb44b-98dc-4900-ba6a-2da8cafa6410","name":"/api/pay/check","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"merchant_code\": \"{{mid}}\",\r\n    \"reference_no\": \"{{reference_no}}\",\r\n    \"signature\": \"{{signature}}\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{host}}/api/pay/check"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Server","value":"nginx"},{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Connection","value":"keep-alive"},{"key":"Vary","value":"Accept-Encoding"},{"key":"Cache-Control","value":"no-cache, private"},{"key":"Date","value":"Tue, 28 Apr 2026 11:10:50 GMT"},{"key":"X-RateLimit-Limit","value":"200"},{"key":"X-RateLimit-Remaining","value":"199"},{"key":"Set-Cookie","value":"XSRF-TOKEN=eyJpdiI6Im03MVRVWUlsU2k3S0NaRzZUdWxycGc9PSIsInZhbHVlIjoiV0ZOeEM3Q0p5cGwxOXphTDFRcUxiWEtBV0ZTREJ3bVhwbGpJcU1sbU90d015SkdJeHRieXJ4SVo0UEZscTBFNGs4dTBYQld4THREb000ZjA0d2NpZDFlbklBZmdvUzJQV2duVkpiZ2UvWG52R3lGOFFENEhvT3NyVTV2VThKV1UiLCJtYWMiOiI4NmMzZWM5ZjgyMDA0MTE3M2UwM2NmMWEzYWYwZmNjYmVkN2E3N2FkNmYwYjM2NzBmMGMzN2RmYjY1MjJkM2QzIn0%3D; expires=Tue, 28-Apr-2026 13:10:50 GMT; Max-Age=7200; path=/; samesite=lax"},{"key":"Set-Cookie","value":"HEROIC=eyJpdiI6Ijd2eFlhVnZneFJrbWhrdis2ckF1TkE9PSIsInZhbHVlIjoibXIxa0J4alMzaEtnRjdkNmhDUlZNdUxWV0J2bnhFM0hYRnJOMDZtRW4ybWRFR0pMRFd5Ty9hZ2JoSlcxSHltY3hkVXc0TURGOVRGS2RKUHRISHU1YzFsUVJxRXFkQmVVeGdvb2NHMkw2NXk0bTNHU1I4aGhzNmhSanZxU0ZmV0wiLCJtYWMiOiI2ZTcxNmIzZmYzMWRhNzE1ZmY0YTI4OWQ0ZDUxYWQzYTE3ZTA3ODUzOGFlY2RmYTM0MDA2OGQ1MWM0MDRhMDQwIn0%3D; path=/; httponly; samesite=lax"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"no-referrer-when-downgrade"},{"key":"Content-Encoding","value":"gzip"}],"cookie":[],"responseTime":null,"body":"{\n    \"status\": \"000\",\n    \"data\": {\n        \"merchant_code\": \"PGASANDBOX\",\n        \"reference_no\": \"260428LUKGQ4CS8TT3MEX7442\",\n        \"invoice_no\": \"TEST1777374400259\",\n        \"customer\": {\n            \"name\": \"TESTER\",\n            \"phone\": \"081212121314\",\n            \"email\": \"tester@gmail.com\"\n        },\n        \"description\": \"Test Deposit\",\n        \"net_amount\": \"41847.00\",\n        \"surcharge\": \"0.00\",\n        \"surcharge_to\": \"CUST\",\n        \"amount\": \"42139.93\",\n        \"payment_method\": \"QRIS Payment\",\n        \"payment_method_code\": \"qris\",\n        \"pay_code\": \"\",\n        \"pay_qrcode\": \"https://sandbox.sec2pay.com/qrcodes/2026/04/28/chronos_qris_260428LUKGQ4CS8TT3MEX7442.png\",\n        \"paid_status\": 0,\n        \"paid_description\": \"UNPAID\",\n        \"created_at\": \"2026-04-28 18:06:40\",\n        \"expired_at\": \"2026-04-29 18:06:40\"\n    },\n    \"loadtime\": \"0.05 s\"\n}"}],"_postman_id":"267bef44-8fa2-403c-b6ed-f5cc638724da"}],"id":"a1272662-e54b-4048-8383-db325806932a","description":"<h5 id=\"a3-inquiry-billing-status\">A.3 Inquiry Billing Status</h5>\n<p>API to inquiry the status of payment of the billing.</p>\n<p><code>SIGNATURE_PATTERN = {merchant_code} : {reference_no}</code></p>\n","_postman_id":"a1272662-e54b-4048-8383-db325806932a"},{"name":"4. Payment Callback Webhook","item":[],"id":"ef7f84b6-f44a-4321-ad51-4bb4f08e5b98","description":"<h5 id=\"a4-callback-webhook-on-payment-notification\">A.4 Callback Webhook on Payment Notification</h5>\n<p>When on-boarding, merchant required to setup callback URLs in PGA dashboard for receiving success payment notification. This endpoints prefers HTTPS protocol with POST method.</p>\n<p>Callback URLs for billing should be 2 URL:</p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Usage</th>\n<th>Example</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Notification of generated billing</td>\n<td><a href=\"https://merchantwebsite.com/notification/?billing_inquiry\">https://merchantwebsite.com/notification/?billing_inquiry</a></td>\n</tr>\n<tr>\n<td>Notification of paid payment</td>\n<td><a href=\"https://merchantwebsite.com/notification/?success_payment\">https://merchantwebsite.com/notification/?success_payment</a></td>\n</tr>\n</tbody>\n</table>\n</div><h5 id=\"example-of-sent-callback\">Example of Sent Callback</h5>\n<ol>\n<li>Callback of successfully generated billing:</li>\n</ol>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code>    {\n    \"merchant_code\": \"PGASANDBOX\",\n    \"invoice_no\": \"BILLING223644516\",\n    \"invoice_amount\": \"20873\",\n    \"customer_name\": \"TESTER\",\n    \"payment_method\": \"QRIS Payment\",\n    \"payment_method_code\": \"QRIS\",\n    \"reference_no\": \"BILLING223644516\",\n    \"paid_description\": \"PENDING\",\n    \"created_at\": \"2026-04-28 18:34:11\",\n    \"form_url\": \"https:\\/\\/sandbox.sec2pay.com\\/secure\\/inv\\/2026042850a1838129f0a\"\n}\n\n</code></pre><ol>\n<li>Callback of successfully paid billing:</li>\n</ol>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code>{\n    \"signature\": \"ed9771b22cdb043b8c195098343c\",\n    \"merchant_code\": \"PGASANDBOX\",\n    \"reference_no\": \"BILLING223644516\",\n    \"invoice_no\": \"BILLING223644516\",\n    \"customer_name\": \"TESTER\",\n    \"customer_phone\": \"081212121314\",\n    \"customer_email\": \"tester@gmail.com\",\n    \"paid_status\": \"1\",\n    \"paid_description\": \"PAID\",\n    \"net_amount\": \"20873\",\n    \"surcharge\": \"0\",\n    \"surcharge_to\": \"MERC\",\n    \"amount\": 20873,\n    \"payment_method\": \"QRIS Payment\",\n    \"payment_method_code\": \"QRIS\",\n    \"pay_code\": \"\",\n    \"pay_qrcode\": \"https:\\/\\/sandbox.sec2pay.com\\/qrcodes\\/2026\\/04\\/28\\/qris_BILLING223644516.png\",\n    \"currency\": \"IDR\",\n    \"description\": \"Payment of BILLING223644516\",\n    \"transaction_description\": \"Deposit from TESTER\",\n    \"created_at\": \"2026-04-28 18:34:11\",\n    \"paid_at\": \"2026-04-28 18:36:43\",\n    \"settlement_time\": \"2026-04-29 12:00:00\"\n}\n\n</code></pre>","_postman_id":"ef7f84b6-f44a-4321-ad51-4bb4f08e5b98"}],"id":"c3d371db-d349-4b90-a76d-d0fc8bbf320d","description":"<h3 id=\"overview\">Overview</h3>\n<p>Fund acceptance is activity initiated by customer as they:</p>\n<ol>\n<li><p>opens the merchant's page listed with many payment methods,</p>\n</li>\n<li><p>selected the favored payment method along with inputting the transaction amount,</p>\n</li>\n<li><p>then submitting the form to generate the billing/invoice,</p>\n</li>\n<li><p>and finally preview the invoice page contains the QR code or Virtual Account Number or E-wallet QR so they can authorize the payment using their bank/e-wallet application.</p>\n</li>\n</ol>\n","_postman_id":"c3d371db-d349-4b90-a76d-d0fc8bbf320d"},{"name":"B. Disbursement","item":[{"name":"1. Get Bank List","item":[{"name":"/api/disbursement/bank","event":[{"listen":"prerequest","script":{"id":"98dd68c6-6f16-49c7-90d0-9aeda5e02c0f","exec":["const merchant_code = pm.environment.get(\"merchant_code\");\r","const merchant_secret = pm.environment.get(\"merchant_secret\");\r","pm.variables.set(\"merchant_code\", merchant_code);\r","pm.variables.set(\"signature\", CryptoJS.HmacSHA256(merchant_code, merchant_secret).toString());\r",""],"type":"text/javascript","packages":{},"requests":{}}}],"id":"de94a9fb-0f1c-4c50-9837-229a9535d88c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"merchant_code\": \"{{merchant_code}}\",\r\n    \"signature\": \"{{signature}}\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{host}}/api/disbursement/bank","description":"<p>Retrieves the list of supported banks available for disbursement transactions.</p>\n<h2 id=\"authentication\">Authentication</h2>\n<p>This endpoint uses HMAC-SHA256 signature-based authentication.</p>\n<ul>\n<li><p><strong>Signature pattern:</strong> <code>{merchant_code}</code></p>\n</li>\n<li><p><strong>Formula:</strong> <code>HMAC-SHA256(merchant_secret, merchant_code</code></p>\n</li>\n</ul>\n<h3 id=\"request-body\">Request Body</h3>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Type</th>\n<th>Required</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>merchant_code</code></td>\n<td>string</td>\n<td>Yes</td>\n<td>Unique merchant identifier from the environment.</td>\n</tr>\n<tr>\n<td><code>signature</code></td>\n<td>string</td>\n<td>Yes</td>\n<td>HMAC-SHA256 signature computed from <code>merchant_code</code> using <code>merchant_secret</code> as the key. Auto-generated by the pre-request script.</td>\n</tr>\n</tbody>\n</table>\n</div><h3 id=\"response\">Response</h3>\n<p><strong>Success (<strong><strong><code>status: \"000\"</code></strong></strong>):</strong></p>\n<p>Returns an array of supported banks under the <code>data</code> field.</p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Type</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>status</code></td>\n<td>string</td>\n<td>Response status code. <code>\"000\"</code> indicates success.</td>\n</tr>\n<tr>\n<td><code>data</code></td>\n<td>array</td>\n<td>List of available banks.</td>\n</tr>\n<tr>\n<td><code>data[].bank_code</code></td>\n<td>string</td>\n<td>Unique bank identifier code.</td>\n</tr>\n<tr>\n<td><code>data[].bank_name</code></td>\n<td>string</td>\n<td>Full name of the bank.</td>\n</tr>\n<tr>\n<td><code>data[].bank_short_name</code></td>\n<td>string</td>\n<td>Short/abbreviated name of the bank.</td>\n</tr>\n</tbody>\n</table>\n</div>","urlObject":{"path":["api","disbursement","bank"],"host":["{{host}}"],"query":[],"variable":[]}},"response":[{"id":"3845cbfa-3143-474d-93bb-4efd5cc20c34","name":"/api/disbursement/bank","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"merchant_code\": \"{{merchant_code}}\",\r\n    \"signature\": \"{{signature}}\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{host}}/api/disbursement/bank"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Server","value":"nginx"},{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Connection","value":"keep-alive"},{"key":"Vary","value":"Accept-Encoding"},{"key":"Cache-Control","value":"no-cache, private"},{"key":"Date","value":"Wed, 29 Apr 2026 16:10:24 GMT"},{"key":"Set-Cookie","value":"XSRF-TOKEN=eyJpdiI6Im9GcVdoeGRhdXpZS0NzRXZhMGFGUVE9PSIsInZhbHVlIjoiZ0xJR0Z5ZVBVSkZ5RXJkeXlIcndYbHdQZG9YTEFsT1NPTGoxOFpka3U2SFVRY2g0Vzh5aEhKVTFtajBjNnRNa0Y3aXB0TEJRVm9HR3lkUG1WaHZaTkhrajNsUklMNGlwTDBLQXpmOGphSkJuLytSQ0poUURMeHVSQmNnSml3eGMiLCJtYWMiOiI0Yjc4NzU5NTg5ZWQwMTFkMjhiMDUxM2U5ZmE2MzBkNjY4NjI2ODdmOWJkNzUyYTg1MDUyNGY4ZWI2MjE5YmQyIn0%3D; expires=Wed, 29-Apr-2026 18:10:24 GMT; Max-Age=7200; path=/; samesite=lax"},{"key":"Set-Cookie","value":"HEROIC=eyJpdiI6IlpUeVBiMTlyeEtxZGhGQ2hCSXRtMGc9PSIsInZhbHVlIjoiNTJsU09IaEtvbjB0Rkd0eWM0SHF5UlA0dWRkbGI0WFNDNzY3Tkh1SVpKS012TGFwT0lVT00yQmhxMXEzZTU5c2h1N0JBeUxLdXhkbitXSEhSakpOWjhURzZ6dTUvZ0hITk1JZDNFYU4rSWZHbmcwb3lNSDVOeUZZdS9mcDh0U3oiLCJtYWMiOiJhM2Y1NmJhMmI0NDk5NzYxMzZjZmU0MDllZmJjODZiNjVhMDJlODhkNGQxZDg2MGI0NGNmOGZiNzMzZTYwMWFjIn0%3D; path=/; httponly; samesite=lax"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"no-referrer-when-downgrade"},{"key":"Content-Encoding","value":"gzip"}],"cookie":[],"responseTime":null,"body":"{\n    \"status\": \"000\",\n    \"data\": [\n        {\n            \"bank_code\": \"008\",\n            \"bank_name\": \"MANDIRI\",\n            \"bank_short_name\": \"MANDIRI\"\n        },\n        {\n            \"bank_code\": \"014\",\n            \"bank_name\": \"BCA\",\n            \"bank_short_name\": \"BCA\"\n        },\n        {\n            \"bank_code\": \"022\",\n            \"bank_name\": \"CIMB\",\n            \"bank_short_name\": \"CIMB\"\n        }\n    ]\n}"}],"_postman_id":"de94a9fb-0f1c-4c50-9837-229a9535d88c"}],"id":"4c0eb4d4-56a7-40a3-8188-ecd853ed0933","description":"<h5 id=\"b1-get-list-of-available-bank-codes\">B.1 Get List of Available Bank Codes</h5>\n<p>API to retrieve available bank list for fund transfer.</p>\n<p><code>SIGNATURE_PATTERN = {merchant_code}</code></p>\n","_postman_id":"4c0eb4d4-56a7-40a3-8188-ecd853ed0933"},{"name":"2. Bank Account Inquiry","item":[{"name":"/api/disbursement/bank_account_inquiry","event":[{"listen":"prerequest","script":{"id":"fa9d546d-c776-49cd-bc75-50f8c2cdc3b9","exec":["const merchant_code = pm.environment.get(\"merchant_code\");\r","const merchant_secret = pm.environment.get(\"merchant_secret\");\r","const bank_code = JSON.parse(pm.request.body.raw).bank_code;\r","const bank_account_number = JSON.parse(pm.request.body.raw).bank_account_number;\r","pm.variables.set(\"merchant_code\", merchant_code);\r","pm.variables.set(\"signature\", CryptoJS.HmacSHA256(merchant_code + \":\" + bank_code + \":\" + bank_account_number, merchant_secret).toString());\r",""],"type":"text/javascript","packages":{},"requests":{}}}],"id":"43be50f3-8a7a-413a-976a-9f82afdc649d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"merchant_code\": \"{{merchant_code}}\",\r\n    \"bank_code\": \"014\",\r\n    \"bank_account_number\": \"1234567890\",\r\n    \"signature\": \"{{signature}}\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{host}}/api/disbursement/bank_account_inquiry","description":"<p>Validates and retrieves the account holder's name for a given bank account number, confirming the account is valid before initiating a disbursement.</p>\n<h2 id=\"authentication\">Authentication</h2>\n<p>This endpoint uses HMAC-SHA256 signature-based authentication.</p>\n<ul>\n<li><p><strong>Signature pattern:</strong> <code>{merchant_code} : {bank_code} : {bank_account_number}</code></p>\n</li>\n<li><p><strong>Formula:</strong> <code>HMAC-SHA256(merchant_secret, merchant_code + \":\" + bank_code+ \":\" + bank_account_number)</code></p>\n</li>\n</ul>\n<h3 id=\"request-body\">Request Body</h3>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Type</th>\n<th>Required</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>merchant_code</code></td>\n<td>string</td>\n<td>Yes</td>\n<td>Unique merchant identifier from the environment.</td>\n</tr>\n<tr>\n<td><code>bank_code</code></td>\n<td>string</td>\n<td>Yes</td>\n<td>Code of the destination bank (e.g., <code>\"014\"</code> for BCA). Refer to the Get Bank List endpoint for valid codes.</td>\n</tr>\n<tr>\n<td><code>bank_account_number</code></td>\n<td>string</td>\n<td>Yes</td>\n<td>The bank account number to inquire about.</td>\n</tr>\n<tr>\n<td><code>signature</code></td>\n<td>string</td>\n<td>Yes</td>\n<td>HMAC-SHA256 signature computed from <code>merchant_code</code>, <code>bank_code</code>, and <code>bank_account_number</code> using <code>merchant_secret</code> as the key. Auto-generated by the pre-request script.</td>\n</tr>\n</tbody>\n</table>\n</div><h3 id=\"response\">Response</h3>\n<p><strong>Success (<strong><strong><code>status: \"000\"</code></strong></strong>):</strong></p>\n<p>Returns the account details under the <code>data</code> field.</p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Type</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>status</code></td>\n<td>string</td>\n<td>Response status code. <code>\"000\"</code> indicates success.</td>\n</tr>\n<tr>\n<td><code>data</code></td>\n<td>object</td>\n<td>Account inquiry result.</td>\n</tr>\n<tr>\n<td><code>data.bank_code</code></td>\n<td>string</td>\n<td>Code of the bank.</td>\n</tr>\n<tr>\n<td><code>data.bank_name</code></td>\n<td>string</td>\n<td>Full name of the bank.</td>\n</tr>\n<tr>\n<td><code>data.bank_short_name</code></td>\n<td>string</td>\n<td>Short/abbreviated name of the bank.</td>\n</tr>\n<tr>\n<td><code>data.bank_account_number</code></td>\n<td>string</td>\n<td>The queried bank account number.</td>\n</tr>\n<tr>\n<td><code>data.bank_account_name</code></td>\n<td>string</td>\n<td>The registered account holder's name.</td>\n</tr>\n</tbody>\n</table>\n</div>","urlObject":{"path":["api","disbursement","bank_account_inquiry"],"host":["{{host}}"],"query":[],"variable":[]}},"response":[{"id":"75b9fb71-ba60-478c-82fc-950c7fcdb8f2","name":"/api/disbursement/bank_account_inquiry","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n    \"merchant_code\": \"{{merchant_code}}\",\r\n    \"bank_code\": \"014\",\r\n    \"bank_account_number\": \"1234567890\",\r\n    \"signature\": \"{{signature}}\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{host}}/api/disbursement/bank_account_inquiry"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Server","value":"nginx"},{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Connection","value":"keep-alive"},{"key":"Vary","value":"Accept-Encoding"},{"key":"Cache-Control","value":"no-cache, private"},{"key":"Date","value":"Wed, 29 Apr 2026 16:23:58 GMT"},{"key":"Set-Cookie","value":"XSRF-TOKEN=eyJpdiI6Ijk2cUtDeGV1NVo2Z240S2lxaitrR3c9PSIsInZhbHVlIjoieDBVcjV1UzZ0WUNLMUVFLzdQYzdKelQ1SzJwRzRPMEpLbFArSjZWZHVxSGlxRmNidGtlR0NYTEZIVWRjRXlER1llTWpkMUVjc1FaV09sdXRqY1ovUHFqRGVWQTZhN1I3SkpBNlh4Y3Z4T2lLWGU4a0hHSVpYQkZKYnJFY2tLamMiLCJtYWMiOiI2ODIyZDA1NGJlMjc3MDg0YjdmYTEzODI1ZTExZTI2ZjhjYjQ4NTU3YmQ4ZTkwZGQzZjkzYWZhOTliNzFmN2Q0In0%3D; expires=Wed, 29-Apr-2026 18:23:58 GMT; Max-Age=7200; path=/; samesite=lax"},{"key":"Set-Cookie","value":"HEROIC=eyJpdiI6IktPYzA4eWt6SDV3bE5MSzBlRzVNUUE9PSIsInZhbHVlIjoiRXN4SU5qODhHeWtMMndicllDeDJ0YnAxWkpWTHlhOFViRWlwSzFTZVRtdDZoMWZxeUUzYlBQaFVaM2dveWdVY0ZNdDJwVzA1M0t1bEdkSHVma05Yc2NYYTdMc0pqMm96ZnJnYmc0Zk1WSTBnbVp6R29CUDRYWlVqb2kyNmpwZ04iLCJtYWMiOiJkMWY5MTFkMTdlMDgxYjQ3NjVjMTI1YmUzZDUwMjUxM2VmZGY0Mzk5MWMwZDY0OWRlY2U1ODVkY2NjYWRkODg3In0%3D; path=/; httponly; samesite=lax"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"no-referrer-when-downgrade"},{"key":"Content-Encoding","value":"gzip"}],"cookie":[],"responseTime":null,"body":"{\n    \"status\": \"000\",\n    \"data\": {\n        \"bank_code\": \"014\",\n        \"bank_name\": \"BCA\",\n        \"bank_short_name\": \"BCA\",\n        \"bank_account_number\": \"1234567890\",\n        \"bank_account_name\": \"Tester\"\n    }\n}"}],"_postman_id":"43be50f3-8a7a-413a-976a-9f82afdc649d"}],"id":"b50499b8-097d-4361-9440-76d75629f56b","description":"<h5 id=\"b2-bank-account-inquiry\">B.2 Bank Account Inquiry</h5>\n<p>API to validate fund transfer beneficiary account.</p>\n<p><code>SIGNATURE_PATTERN = {merchant_code} : {bank_code} : {bank_account_number}</code></p>\n","_postman_id":"b50499b8-097d-4361-9440-76d75629f56b"},{"name":"3. Fund Transfer","item":[{"name":"/api/disbursement/send","event":[{"listen":"prerequest","script":{"id":"66fdeb66-0ad6-4b28-a3ff-0455009fc3af","exec":["const merchant_code = pm.environment.get(\"merchant_code\");\r","const merchant_secret = pm.environment.get(\"merchant_secret\");\r","const timestamp = new Date().getTime();\r","const amount = _.random(13000, 15000);\r","const unique_id = \"UNIQUE\" + timestamp;\r","const bank_code = JSON.parse(pm.request.body.raw).bank_code;\r","const bank_account_number = JSON.parse(pm.request.body.raw).bank_account_number;\r","pm.variables.set(\"merchant_code\", merchant_code);\r","pm.variables.set(\"unique_id\", unique_id);\r","pm.variables.set(\"amount\", amount);\r","pm.variables.set(\"signature\", CryptoJS.HmacSHA256(merchant_code + \":\" + unique_id + \":\" + bank_code + \":\" + bank_account_number + \":\" + amount, merchant_secret).toString());\r",""],"type":"text/javascript","packages":{},"requests":{}}}],"id":"a887cfda-28b2-4ecf-87ce-764167afeb0e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n\t\"merchant_code\": \"{{merchant_code}}\",\r\n    \"unique_id\": \"{{unique_id}}\",\r\n    \"description\": \"Test Disbursement\",\r\n    \"amount\": \"{{amount}}\",\r\n    \"currency\": \"IDR\",\r\n    \"customer_name\": \"Tester\",\r\n    \"customer_email\": \"tester@gmail.com\",\r\n    \"customer_phone\": \"081212121314\",\r\n    \"bank_code\": \"014\",\r\n    \"bank_account_number\": \"1234567890\",\r\n    \"bank_account_name\": \"Tester\",\r\n    \"signature\": \"{{signature}}\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{host}}/api/disbursement/send","description":"<p>Initiates a disbursement (payout) transaction to a specified bank account. This endpoint transfers funds from the merchant's balance to the recipient's bank account.</p>\n<h2 id=\"authentication\">Authentication</h2>\n<p>This endpoint uses HMAC-SHA256 signature-based authentication.</p>\n<ul>\n<li><p><strong>Signature pattern:</strong> <code>{merchant_code} : {unique_id } : {bank_code } : {bank_account_number} : {amount}</code></p>\n</li>\n<li><p><strong>Formula:</strong> <code>HMAC-SHA256(merchant_code + \":\" + unique_id + \":\" + bank_code + \":\" + bank_account_number + \":\" + amount, merchant_secret)</code></p>\n</li>\n</ul>\n<h3 id=\"request-body\">Request Body</h3>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Type</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>merchant_code</code></td>\n<td>string</td>\n<td>Merchant identifier, sourced from environment variable</td>\n</tr>\n<tr>\n<td><code>unique_id</code></td>\n<td>string</td>\n<td>Unique transaction identifier, auto-generated by the pre-request script</td>\n</tr>\n<tr>\n<td><code>description</code></td>\n<td>string</td>\n<td>Description or note for the disbursement transaction</td>\n</tr>\n<tr>\n<td><code>amount</code></td>\n<td>string</td>\n<td>Disbursement amount in the specified currency</td>\n</tr>\n<tr>\n<td><code>currency</code></td>\n<td>string</td>\n<td>Currency code (e.g. <code>IDR</code>)</td>\n</tr>\n<tr>\n<td><code>customer_name</code></td>\n<td>string</td>\n<td>Full name of the recipient</td>\n</tr>\n<tr>\n<td><code>customer_email</code></td>\n<td>string</td>\n<td>Email address of the recipient</td>\n</tr>\n<tr>\n<td><code>customer_phone</code></td>\n<td>string</td>\n<td>Phone number of the recipient</td>\n</tr>\n<tr>\n<td><code>bank_code</code></td>\n<td>string</td>\n<td>Bank code of the recipient's bank (e.g. <code>014</code> for BCA). Refer to the Get Bank List endpoint for valid codes</td>\n</tr>\n<tr>\n<td><code>bank_account_number</code></td>\n<td>string</td>\n<td>The recipient's bank account number</td>\n</tr>\n<tr>\n<td><code>bank_account_name</code></td>\n<td>string</td>\n<td>The registered name of the recipient's bank account</td>\n</tr>\n<tr>\n<td><code>signature</code></td>\n<td>string</td>\n<td>HMAC-SHA256 signature for request authentication, auto-generated by the pre-request script</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h3 id=\"response\">Response</h3>\n<p>A successful response returns status <code>000</code> with the disbursement details:</p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>status</code></td>\n<td>Response status code (<code>000</code> = success)</td>\n</tr>\n<tr>\n<td><code>data.unique_id</code></td>\n<td>The unique transaction ID submitted in the request</td>\n</tr>\n<tr>\n<td><code>data.reference_no</code></td>\n<td>System-generated reference number for the transaction</td>\n</tr>\n<tr>\n<td><code>data.amount</code></td>\n<td>Disbursement amount</td>\n</tr>\n<tr>\n<td><code>data.fee</code></td>\n<td>Transaction fee charged</td>\n</tr>\n<tr>\n<td><code>data.merchant_surcharge_rate</code></td>\n<td>Surcharge rate applied to the merchant</td>\n</tr>\n<tr>\n<td><code>data.charge_to</code></td>\n<td>Indicates who bears the fee (<code>MERC</code> = merchant)</td>\n</tr>\n<tr>\n<td><code>data.payout_amount</code></td>\n<td>Actual amount paid out to the recipient</td>\n</tr>\n<tr>\n<td><code>data.disbursement_status</code></td>\n<td>Status code of the disbursement (<code>0</code> = on process)</td>\n</tr>\n<tr>\n<td><code>data.disbursement_description</code></td>\n<td>Human-readable disbursement status (e.g. <code>ON PROCESS</code>)</td>\n</tr>\n<tr>\n<td><code>data.created_at</code></td>\n<td>Timestamp when the transaction was created</td>\n</tr>\n<tr>\n<td><code>data.executed_at</code></td>\n<td>Timestamp when the transaction was executed</td>\n</tr>\n<tr>\n<td><code>data.bank.code</code></td>\n<td>Code of the recipient's bank</td>\n</tr>\n<tr>\n<td><code>data.bank.name</code></td>\n<td>Name of the recipient's bank</td>\n</tr>\n<tr>\n<td><code>data.bank.account_number</code></td>\n<td>Recipient's bank account number</td>\n</tr>\n<tr>\n<td><code>data.bank.account_name</code></td>\n<td>Registered name of the recipient's bank account</td>\n</tr>\n<tr>\n<td><code>data.note</code></td>\n<td>Additional notes (if any)</td>\n</tr>\n<tr>\n<td><code>data.merchant_balance.balance_effective</code></td>\n<td>Merchant's effective balance after transaction</td>\n</tr>\n<tr>\n<td><code>data.merchant_balance.balance_pending</code></td>\n<td>Merchant's pending balance</td>\n</tr>\n<tr>\n<td><code>data.merchant_balance.balance_disbursement</code></td>\n<td>Merchant's disbursement balance</td>\n</tr>\n<tr>\n<td><code>data.merchant_balance.balance_collection</code></td>\n<td>Merchant's collection balance</td>\n</tr>\n</tbody>\n</table>\n</div>","urlObject":{"path":["api","disbursement","send"],"host":["{{host}}"],"query":[],"variable":[]}},"response":[{"id":"ef69f923-703b-48c6-a28a-1f25f9771dbc","name":"/api/disbursement/send","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n\t\"merchant_code\": \"{{merchant_code}}\",\r\n    \"unique_id\": \"{{unique_id}}\",\r\n    \"description\": \"Test Disbursement\",\r\n    \"amount\": \"{{amount}}\",\r\n    \"currency\": \"IDR\",\r\n    \"customer_name\": \"Tester\",\r\n    \"customer_email\": \"tester@gmail.com\",\r\n    \"customer_phone\": \"081212121314\",\r\n    \"bank_code\": \"014\",\r\n    \"bank_account_number\": \"1234567890\",\r\n    \"bank_account_name\": \"Tester\",\r\n    \"signature\": \"{{signature}}\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{host}}/api/disbursement/send"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Server","value":"nginx"},{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Connection","value":"keep-alive"},{"key":"Vary","value":"Accept-Encoding"},{"key":"Cache-Control","value":"no-cache, private"},{"key":"Date","value":"Wed, 29 Apr 2026 16:36:52 GMT"},{"key":"Set-Cookie","value":"XSRF-TOKEN=eyJpdiI6Ijh5VEQvWTFjeFR1R21adTB0b2pJRlE9PSIsInZhbHVlIjoiWGpibWxyejZrL0h6N1c1L0F3bGh0cDI0Y0d4dzhsaUQzczVkaU4yWmFEcU42NlNGWDVaYkRuNnhrM1IxYlN5bE5SNnBjUkx5WkZSMVVGekp0MVRBdW1ITzlkQW52czU5eVVzVHUwekZxR20wVlduYWY5b3VYWVFTdjBvZWFzelIiLCJtYWMiOiJjNjk5ZDJiM2RlMWYxYTdkMmRjZmFiMjgxNmVmMjVjOTkyZDhlZmYwNDc1NGNhYjk0MmY2ZGZmZmZiZjc2NzlmIn0%3D; expires=Wed, 29-Apr-2026 18:36:52 GMT; Max-Age=7200; path=/; samesite=lax"},{"key":"Set-Cookie","value":"HEROIC=eyJpdiI6InVOQ3pZejFoMmVsOEEzbW9xL1RQNlE9PSIsInZhbHVlIjoiRkJaSFp1amQxZ1NDTDRLaHFoRkpuSndSYlY2SnN4eUFVMGZkbnRZUjNBLzRZQ2tnMnhyWkllU0hrWnRuNDMrQ2FHUWxOb0xOeURhdng0eHZwZDRIcmJ6SmJrbFh2cjdPci9OMTF0akREZXJLZVpZUEUvTWxrODIzeXNuMkhSeFIiLCJtYWMiOiJjODM3NTE2ZTA0MDFiNWMzZDVkODhmZWU0OTczZWZhOWZjNDQ5MWJmOTcyNDAwNDJhOTdhZDAyODU3ZjkwMTg4In0%3D; path=/; httponly; samesite=lax"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"no-referrer-when-downgrade"},{"key":"Content-Encoding","value":"gzip"}],"cookie":[],"responseTime":null,"body":"{\n    \"status\": \"000\",\n    \"data\": {\n        \"unique_id\": \"UNIQUE1777480611112\",\n        \"reference_no\": \"TF_260429Q4G6071PNKX0ZYYF\",\n        \"amount\": \"14773.00\",\n        \"fee\": \"3500.00\",\n        \"merchant_surcharge_rate\": \"0.00\",\n        \"charge_to\": \"MERC\",\n        \"payout_amount\": \"14773.00\",\n        \"disbursement_status\": 0,\n        \"disbursement_description\": \"ON PROCESS\",\n        \"created_at\": \"2026-04-29 23:36:50\",\n        \"executed_at\": \"2026-04-29 23:36:50\",\n        \"bank\": {\n            \"code\": \"014\",\n            \"name\": \"BCA\",\n            \"account_number\": \"1234567890\",\n            \"account_name\": \"Tester\"\n        },\n        \"note\": null,\n        \"merchant_balance\": {\n            \"balance_effective\": 0,\n            \"balance_pending\": 0,\n            \"balance_disbursement\": 9981727,\n            \"balance_collection\": 0\n        }\n    }\n}"}],"_postman_id":"a887cfda-28b2-4ecf-87ce-764167afeb0e"}],"id":"2cc5f089-3903-4141-a6a0-9dcf0ce74940","description":"<h5 id=\"b3-fund-transfer\">B.3 Fund Transfer</h5>\n<p>API to create fund transfer.</p>\n<p><code>SIGNATURE_PATTERN = {merchant_code} : {unique_id} : {bank_code} : {bank_account_number} : {amount}</code></p>\n","_postman_id":"2cc5f089-3903-4141-a6a0-9dcf0ce74940"},{"name":"4. Check Fund Transfer Status","item":[{"name":"/api/disbursement/inquiry","event":[{"listen":"prerequest","script":{"id":"8a6ef496-bbfa-4f8e-beb8-6b738a267b0e","exec":["const merchant_code = pm.environment.get(\"merchant_code\");\r","const merchant_secret = pm.environment.get(\"merchant_secret\");\r","const reference_no = \"TF_260429Q4G6071PNKX0ZYYF\";\r","pm.variables.set(\"merchant_code\", merchant_code);\r","pm.variables.set(\"reference_no\", reference_no);\r","pm.variables.set(\"signature\", CryptoJS.HmacSHA256(merchant_code + \":\" + reference_no, merchant_secret).toString());\r",""],"type":"text/javascript","packages":{},"requests":{}}}],"id":"dce3ff41-c4c3-4c3c-a93c-aff6b206266d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n\t\"merchant_code\": \"{{merchant_code}}\",\r\n    \"reference_no\": \"{{reference_no}}\",\r\n    \"signature\": \"{{signature}}\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{host}}/api/disbursement/inquiry","description":"<p>Retrieves the current status and details of a previously submitted disbursement transaction using its reference number.</p>\n<h2 id=\"authentication\">Authentication</h2>\n<p>This endpoint uses HMAC-SHA256 signature-based authentication.</p>\n<ul>\n<li><p><strong>Signature pattern:</strong> <code>{merchant_code} : {reference_no}</code></p>\n</li>\n<li><p><strong>Formula:</strong> <code>HMAC-SHA256(merchant_code + \":\" + reference_no, merchant_secret)</code></p>\n</li>\n</ul>\n<h3 id=\"request-body\">Request Body</h3>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Type</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>merchant_code</code></td>\n<td>string</td>\n<td>Merchant identifier, sourced from environment variable</td>\n</tr>\n<tr>\n<td><code>reference_no</code></td>\n<td>string</td>\n<td>The system-generated reference number returned when the disbursement was created (e.g. <code>TF_260429Q4G6071PNKX0ZYYF</code>)</td>\n</tr>\n<tr>\n<td><code>signature</code></td>\n<td>string</td>\n<td>HMAC-SHA256 signature for request authentication, auto-generated by the pre-request script</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h3 id=\"response\">Response</h3>\n<p>A successful response returns status <code>000</code> with the disbursement details:</p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>status</code></td>\n<td>Response status code (<code>000</code> = success)</td>\n</tr>\n<tr>\n<td><code>data.reference_no</code></td>\n<td>System-generated reference number of the disbursement</td>\n</tr>\n<tr>\n<td><code>data.unique_id</code></td>\n<td>The unique transaction ID originally submitted with the disbursement</td>\n</tr>\n<tr>\n<td><code>data.amount</code></td>\n<td>Disbursement amount</td>\n</tr>\n<tr>\n<td><code>data.fee</code></td>\n<td>Transaction fee charged</td>\n</tr>\n<tr>\n<td><code>data.merchant_surcharge_rate</code></td>\n<td>Surcharge rate applied to the merchant</td>\n</tr>\n<tr>\n<td><code>data.charge_to</code></td>\n<td>Who bears the fee (<code>MERC</code> = merchant)</td>\n</tr>\n<tr>\n<td><code>data.payout_amount</code></td>\n<td>Actual amount paid out to the recipient</td>\n</tr>\n<tr>\n<td><code>data.disbursement_status</code></td>\n<td>Status code of the disbursement (<code>0</code> = on process)</td>\n</tr>\n<tr>\n<td><code>data.disbursement_description</code></td>\n<td>Human-readable disbursement status (e.g. <code>ON PROCESS</code>)</td>\n</tr>\n<tr>\n<td><code>data.created_at</code></td>\n<td>Timestamp when the disbursement was created</td>\n</tr>\n<tr>\n<td><code>data.executed_at</code></td>\n<td>Timestamp when the disbursement was executed</td>\n</tr>\n<tr>\n<td><code>data.bank.code</code></td>\n<td>Recipient bank code</td>\n</tr>\n<tr>\n<td><code>data.bank.name</code></td>\n<td>Recipient bank name</td>\n</tr>\n<tr>\n<td><code>data.bank.account_number</code></td>\n<td>Recipient bank account number</td>\n</tr>\n<tr>\n<td><code>data.bank.account_name</code></td>\n<td>Recipient bank account name</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n","urlObject":{"path":["api","disbursement","inquiry"],"host":["{{host}}"],"query":[],"variable":[]}},"response":[{"id":"c900f45e-47d8-4d17-8963-380f0e371fda","name":"/api/disbursement/inquiry","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n\t\"merchant_code\": \"{{merchant_code}}\",\r\n    \"reference_no\": \"{{reference_no}}\",\r\n    \"signature\": \"{{signature}}\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{host}}/api/disbursement/inquiry"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Server","value":"nginx"},{"key":"Content-Type","value":"application/json"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Connection","value":"keep-alive"},{"key":"Vary","value":"Accept-Encoding"},{"key":"Cache-Control","value":"no-cache, private"},{"key":"Date","value":"Wed, 29 Apr 2026 16:50:21 GMT"},{"key":"Set-Cookie","value":"XSRF-TOKEN=eyJpdiI6ImVpenlLRW00Mk0vQjdHeXlTT1NPSXc9PSIsInZhbHVlIjoia3E3aWkrcDdRUm5LYXQwZFE0clkrK1ErQ290a3ZvT25iSGVxclVESmh0NHA4U3NxNlovUHFMTHlVN3pzZVoraWRjN3JQdmNDUW5GeTErY3VaR0Yxa0ZnL1NSUWtuc1UrbUxCMktiUjlyaGU3amJUNmpBeVREdkdneCtKVUtLZk4iLCJtYWMiOiI3NmM5NzkyMTk4ZTNkZGY0YTQ3MmIyYWVhYTc5ODI1ZmRhNTZkMjc3N2JjOTYyZTllNTYwYzFmM2Q4M2U3ZWM5In0%3D; expires=Wed, 29-Apr-2026 18:50:21 GMT; Max-Age=7200; path=/; samesite=lax"},{"key":"Set-Cookie","value":"HEROIC=eyJpdiI6IkhWNGpRUnZWZmM4bFZ0ZXIxU0lXREE9PSIsInZhbHVlIjoiTVREcXdhOGhrdG5ZY1hPSWxIK0c2a0xVcmsyejc5OEFRZGRjRHhHUzl5ZW1zQnlEeTVQVmhTcDVoTkpJN1NsNmRWMmxuYUE1d3JrUHNYTjFNTzg2cTFCWS9uS0sveGJEbzNmb3grZ2FHUDB4dHRJaVBRWGkwRVppMFpJdVlyV00iLCJtYWMiOiI1OTgwNDQ2OGE5YmI2NGIzMGM2ZDE4YTNlNDdlY2Q3MjZjZjE1YzUwOWI4Y2MyNDBmYjM2ZjM5MDc1MWUyMDgxIn0%3D; path=/; httponly; samesite=lax"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"no-referrer-when-downgrade"},{"key":"Content-Encoding","value":"gzip"}],"cookie":[],"responseTime":null,"body":"{\n    \"status\": \"000\",\n    \"data\": {\n        \"reference_no\": \"TF_260429Q4G6071PNKX0ZYYF\",\n        \"unique_id\": \"UNIQUE1777480611112\",\n        \"amount\": \"14773.00\",\n        \"fee\": \"3500.00\",\n        \"merchant_surcharge_rate\": \"0.00\",\n        \"charge_to\": \"MERC\",\n        \"payout_amount\": \"14773.00\",\n        \"disbursement_status\": 0,\n        \"disbursement_description\": \"ON PROCESS\",\n        \"created_at\": \"2026-04-29 23:36:50\",\n        \"executed_at\": \"2026-04-29 23:36:50\",\n        \"bank\": {\n            \"code\": \"014\",\n            \"name\": \"BCA\",\n            \"account_number\": \"1234567890\",\n            \"account_name\": \"Tester\"\n        }\n    }\n}"}],"_postman_id":"dce3ff41-c4c3-4c3c-a93c-aff6b206266d"}],"id":"2cd13c82-2726-43d4-af73-8be145d7d879","description":"<h5 id=\"b4-check-fund-transfer-status\">B.4 Check Fund Transfer Status</h5>\n<p>API to inquiry fund transfer status</p>\n<p><code>SIGNATURE_PATTERN = {merchant_code} : {reference_num}</code></p>\n","_postman_id":"2cd13c82-2726-43d4-af73-8be145d7d879"},{"name":"5. Disbursement Callback Webhook","item":[],"id":"fd3a8a8d-f20c-4d1d-bece-ab9687fd954e","description":"<h5 id=\"b5-callback-webhook-on-success-transfer-notification\">B.5 Callback Webhook on Success Transfer Notification</h5>\n<p>To enable disbursement feature, merchant required to provide callback URL for receiving success tranfer notification. This endpoints prefers HTTPS protocol with POST method.</p>\n<p>Callback URLs for billing should be 2 URL:</p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Usage</th>\n<th>Example</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Notification of success disbursement</td>\n<td><a href=\"https://merchantwebsite.com/notification/?success_transfer\">https://merchantwebsite.com/notification/?success_transfer</a></td>\n</tr>\n</tbody>\n</table>\n</div><h5 id=\"example-of-sent-callback\">Example of Sent Callback</h5>\n<p>Callback of successfully sent transfer:</p>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code>{\n  \"signature\": \"38b8adc71ead6af1e6b5130ef183bada9f0abe\",\n  \"reference_no\": \"TF_260429Q4G6071PNKX0ZYYF\",\n  \"unique_id\": \"UNIQUE1777480611112\",\n  \"amount\": \"87000.00\",\n  \"fee\": \"0.00\",\n  \"merchant_surcharge_rate\": \"0.00\",\n  \"charge_to\": \"MERC\",\n  \"payout_amount\": \"87000.00\",\n  \"disbursement_status\": 1,\n  \"disbursement_description\": \"SUCCESS\",\n  \"payout_at\": \"2026-04-29 23:54:52\",\n  \"created_at\": \"2026-04-29 23:54:44\",\n  \"bank\": {\n    \"code\": \"014\",\n    \"name\": \"BANK CENTRAL ASIA\",\n    \"account_number\": \"1234567890\",\n    \"account_name\": \"Tester\"\n  },\n  \"failure_reason\": \"success\"\n}\n\n</code></pre>","_postman_id":"fd3a8a8d-f20c-4d1d-bece-ab9687fd954e"}],"id":"25c7d670-3152-4e64-8141-82a01d464d75","description":"<h3 id=\"overview\">Overview</h3>\n<p>Fund transfer is normally processed in following sequences:</p>\n<ol>\n<li><p>check if beneficiary bank is supported by PGA for transfer,</p>\n</li>\n<li><p>inquiry the beneficiary bank account number to check if it is valid or not,</p>\n</li>\n<li><p>perform the fund transfer,</p>\n</li>\n<li><p>await for incoming disbursement callback,</p>\n</li>\n<li><p>issue fund transfer check if no callback received or delayed.</p>\n</li>\n</ol>\n","_postman_id":"25c7d670-3152-4e64-8141-82a01d464d75"}]}