NAV
Snap API

Getting Started

Overview

  1. User performs the checkout operation
  2. Merchant server makes an api request to the snap backend to get the SNAP_TOKEN
  3. Snap backend responds to the api call with the SNAP_TOKEN
  4. Merchant server constructs the html page and sends it back to the browser
  5. User verifies the details and clicks the pay button. Merchant’s javascript code calls snap.pay(SNAP_TOKEN, options). User then fills up the payment details and clicks the confirm button.
  6. Snap JS sends the payment details to the snap backend
  7. Snap backend processes the details and responds with the charge status. Snap JS then calls the corresponding callback provided by the merchant’s javascript code.
  8. Snap backend notifies the merchant server about the charge status

payment flow

Supported Browsers

We try to support the latest versions of all major browsers. The list below provides the minimum supported version of each browser in Mobile and Desktop platform.

Mobile

Desktop

Preparation

Goal: Merchants complete the pre-requisite before integrating with midtrans

There are a few pre-requisites before integrating with midtrans:

1. Register to midtrans Sandbox/Production account

Midtrans has one central login to access both production and sandbox account. Sandbox is utilized for development period while production is utilized when the merchant has completed the integration process and want to go live. Data and transaction made on sandbox account will not trigger an actual purchase while in production account will trigger an actual process. Register for midtrans Sandbox/Production account here.

Once logged in, there will be a small button on the header of the dashboard that shows you on whether you are in the production or sandbox environment. The color of the navigation sidebar are also set differently between Production (light blue) and Sandbox (dark blue) for further clarity.

map production map sandbox

2. Fill in the required information in Merchant Admin Portal (MAP)

The required fields can be found under Settings - General Settings.

general settings

3. Take note of your account Access Keys

Your account keys can be found under Settings - Access Keys.

access keys

4. Configure Redirection URL

Customer will be returned to your website after payment process is completed.

redirection url

Go to Settings - Configuration menu to manage the redirection URL.

map redirection url

Library and Plugin

We are trying to make the integration process as easy as possible. This section contains a list of plugins and libraries owned by midtrans. If you write your own plugin or library and would like us to link it, contact support@midtrans.com.

Libraries

Platform Resources
PHP Github

Plugin

Platform Resources
Prestashop v1.6
Github
Magento v1.8, v1.9
Github
Opencart v2.0, v2.1, v2.2
Github
WHMCS WHMCS v5.3.12 or greater
Github
Wordpress
Woocommerce
Wordpress v3.9.1 - v4.x
WooCommerce v2.1.11 - v2.5.x
Github

Backend Integration

Backend integration goal is to acquire SNAP_TOKEN by providing payment informations. We provide a HTTP API to do this.

Endpoint

HTTP Method: POST

Production: https://app.midtrans.com/snap/v1/transactions

Sandbox: https://app.sandbox.midtrans.com/snap/v1/transactions

Request Headers

SERVER_KEY = "VT-server-Cpo03kYDOc0cNUKgt6hnLkKg"

AUTH_STRING = Base64("VT-server-Cpo03kYDOc0cNUKgt6hnLkKg:")

AUTH_STRING = "VlQtc2VydmVyLUNwbzAza1lET2MwY05VS2d0NmhuTGtLZzo="

To create valid Snap HTTP request, merchant have to add 3 headers:

Snap validates HTTP request by using Basic Authentication method. The username is your SERVER_KEY while the password is empty. You can see your SERVER-KEY on Settings - Access Keys.

Authorization header value is represented by AUTH_STRING. AUTH_STRING is base-64 encoded string of your username & password.

AUTH_STRING = Base64(SERVER_KEY + :)

JSON Parameter (Request Body)

Short request

{
  "transaction_details": {
    "order_id": "ORDER-101",
    "gross_amount": 10000
  }
}

Complete request

{
  "transaction_details": {
    "order_id": "ORDER-101",
    "gross_amount": 10000
  },
  "item_details": [{
    "id": "ITEM1",
    "price": 10000,
    "quantity": 1,
    "name": "Midtrans Bear"
  }],
  "enabled_payments": ["credit_card", "mandiri_clickpay", "cimb_clicks",
    "bca_klikbca", "bca_klikpay", "bri_epay", "telkomsel_cash", "echannel",
    "bbm_money", "xl_tunai", "indosat_dompetku", "mandiri_ecash", "permata_va",
    "bca_va", "other_va", "kioson", "indomaret", "gci"],
  "credit_card": {
    "secure": true,
    "channel": "migs",
    "bank": "bca",
    "installment": {
      "required": false,
      "terms": {
        "bni": [3, 6, 12],
        "mandiri": [3, 6, 12],
        "cimb": [3],
        "bca": [3, 6, 12],
        "offline": [6, 12]
      }
    },
    "whitelist_bins": [
      "48111111",
      "41111111"
    ]
  },
  "customer_details": {
    "first_name": "TEST",
    "last_name": "MIDTRANSER",
    "email": "test@midtrans.com",
    "phone": "+628123456",
    "billing_address": {
      "first_name": "TEST",
      "last_name": "MIDTRANSER",
      "email": "test@midtrans.com",
      "phone": "081 2233 44-55",
      "address": "Sudirman",
      "city": "Jakarta",
      "postal_code": "12190",
      "country_code": "IDN"
    },
    "shipping_address": {
      "first_name": "TEST",
      "last_name": "MIDTRANSER",
      "email": "test@midtrans.com",
      "phone": "0 8128-75 7-9338",
      "address": "Sudirman",
      "city": "Jakarta",
      "postal_code": "12190",
      "country_code": "IDN"
    }
  },
  "expiry": {
    "start_time": "2017-04-13 18:11:08 +0700",
    "unit": "minutes",
    "duration": 1
  },
  "custom_field1": "custom field 1 content",
  "custom_field2": "custom field 2 content",
  "custom_field3": "custom field 3 content"
}
Parameter Description
transaction_details.order_id
String(50) (required)
Unique transaction ID. A single ID could be used only once by a Merchant.
transaction_details.gross_amount
Integer (required)
Amount to be charged
item_details
Array Item Details (optional)
Shopping item details will be paid by customer
enabled_payments
Array (optional)
List of payment types that should be enabled. If blank, all active payment types are included.
Options:
credit_card, mandiri_clickpay, cimb_clicks, bca_klikbca, bca_klikpay, bri_epay, telkomsel_cash, echannel, bbm_money, xl_tunai, indosat_dompetku, mandiri_ecash, permata_va, other_va, bca_va, bni_va, kioson, indomaret, gci.

An alias refers to a list of payment types. Adding an alias is the equivalent of adding all the the payment types it refers to.
Supported aliases:
bank_transfer => permata_va, bca_va, bni_va
cstore => kioson, indomaret.

If you want to use other_va, don’t forget to also specify permata_va because Midtrans handles other bank transfer as Permata.
customer_details.first_name
String(255) (optional)
customer_details.last_name
String(255) (optional)
customer_details.email
String(255) (optional)
customer_details.phone
String(255) (optional)
customer_details.billing_address
Address (optional)
customer_details.shipping_address
Address (optional)
credit_card
CreditCard (optional)
Credit card payment options
bca_va
BCA Virtual Account (optional)
BCA Virtual Account payment options
permata_va
Permata Virtual Account (optional)
Permata Virtual Account payment options
bni_va
BNI Virtual Account (optional)
BNI Virtual Account payment options
callbacks.finish
String(255) (optional)
Redirect URL after transaction is successfully paid (Overriden by JS callback)
expiry
Expiry (optional)
Custom transaction lifetime
custom_field1
String(255) (optional)
Custom field 1 for custom parameter from merchant
custom_field2
String(255) (optional)
Custom field 2 for custom parameter from merchant
custom_field3
String(255) (optional)
Custom field 3 for custom parameter from merchant

JSON Object

Collection of JSON objects that are used in Create Snap Token parameter.

Item Details

{
  "id": "ITEM1",
  "price": 10000,
  "quantity": 1,
  "name": "Midtrans Bear"
}
Parameter Description
id
String(255) (optional)
Item ID
price
Integer (required)
Price of the item
NOTE: Don’t add decimal
quantity
Integer (required)
Quantity of the item
name
String(50) (required)
Name of the item

Address

{
  "first_name": "TESTER",
  "last_name": "MIDTRANSER",
  "email": "test@midtrans.com",
  "phone": "081 2233 44-55",
  "address": "Sudirman",
  "city": "Jakarta",
  "postal_code": "12190",
  "country_code": "IDN"
}
Parameter Description
first_name
String(255) (optional)
last_name
String(255) (optional)
email
String(255) (optional)
phone
String(255) (optional)
address
String(200) (optional)
country_code
String(10) (optional)
postal_code
String(10) (optional)
city
String(100) (optional)

Credit Card

{
  "save_card": true,
  "secure": true,
  "channel": "migs",
  "bank": "maybank",
  "installment": {
    "required": false,
    "terms": {
      "bni": [3, 6, 12],
      "mandiri": [3, 6, 12],
      "cimb": [3],
      "bca": [3, 6, 12],
      "offline": [6, 12]
    }
  },
  "whitelist_bins": [
    "48111111",
    "41111111"
  ]
}
Parameter Description
secure
Boolean (optional)
Use 3D-Secure authentication when using credit card. Default: false
bank
String (optional)
Acquiring bank. Options: bca, bni, mandiri, cimb, bri, danamon, maybank
channel
String (optional)
Acquiring channel. Options: migs
whitelist_bins
Array (optional)
Allowed credit card BIN number. Default: allow all cards
installment.required
Boolean (optional)
Force installment when using credit card. Default: false
installment.terms
Object (optional)
Available installment terms

BCA Virtual Account

{
  "va_number": "12345678911",
  "free_text": {
    "inquiry": [
      {
        "en": "text in English",
        "id": "text in Bahasa Indonesia"
      }
    ],
    "payment": [
      {
        "en": "text in English",
        "id": "text in Bahasa Indonesia"
      }
    ]
  }
}
Parameter Description
va_number
String (optional)
Custom virtual account number. Length should be within 1 to 11.
free_text
FreeText (optional)

Free Text

Parameter Description
inquiry
Array of FreeTextItem (optional)
Size should not exceed 10.
payment
Array of FreeTextItem (optional)
Size should not exceed 10.

Free Text Item

Parameter Description
en
String (required)
Size should not exceed 50 chars.
id
String (required)
Size should not exceed 50 chars.

Permata Virtual Account

{
  "va_number": "1234567890"
}
Parameter Description
va_number
String (optional)
Custom virtual account number. Length should be 10. Only supported for b2b transactions.

BNI Virtual Account

{
  "va_number": "12345678"
}
Parameter Description
va_number
String (optional)
Custom virtual account number. Length should be within 1 to 8.

Expiry

{
  "start_time": "2017-04-13 18:11:08 +0700",
  "unit": "minutes",
  "duration": 1
}
Parameter Description
start_time
String(255) (optional)
Timestamp in yyyy-MM-dd hh:mm:ss Z format. If not specified, transaction time will be used as start time (when customer charge)
duration
Integer (required for expiry)
Expiry duration
unit
String (required for expiry)
Expiry unit. Options: day, hour, minute (plural term also accepted)

Response

Response Success

{
  "token": "d379aa71-99eb-4dd1-b9bb-eefe813746e9"
}

HTTP status code: 201

Field Description
token
String(36)
Snap token for frontend integration

Response Failed

Authentication Failed

{
  "error_messages": [
    "Access denied, please check client or server key"
  ]
}

HTTP status code: 401

Field Description
error_messages
Array
Error messages

Validation Error

{
  "error_messages": [
    "transaction_details.gross_amount is not equal to the sum of item_details"
  ]
}

HTTP status code: 400

Field Description
error_messages
Array
Error messages

Internal System Error

{
  "error_messages": [
    "Sorry, we encountered internal server error. We will fix this soon."
  ]
}

HTTP status code: 500

Field Description
error_messages
Array
Error messages

Frontend Integration

Overview

<html>
  <head>
    <script type="text/javascript"
            src="https://app.sandbox.midtrans.com/snap/snap.js"
            data-client-key="<CLIENT-KEY>"></script>
  </head>
  <body>
    <button id="pay-button">Pay!</button>
    <script type="text/javascript">
      var payButton = document.getElementById('pay-button');
      payButton.addEventListener('click', function () {
        snap.pay('<SNAP_TOKEN>');
      });
    </script>
  </body>
</html>

Frontend integration goal is to show Snap payment page within your site.

Include snap.js into your page so snap module is available. Don’t forget to put your CLIENT-KEY as value of data-client-key attribute in snap.js script tag. You can see your CLIENT-KEY on Settings - Access Keys.

You can start payment process by calling snap.pay with SNAP_TOKEN acquired from backend integration as parameter.

Snap.js location

Production: https://app.midtrans.com/snap/snap.js

Sandbox: https://app.sandbox.midtrans.com/snap/snap.js

Snap JS

snap has 3 public functions: pay, show & hide

pay(snapToken, options)

Start Snap payment page.

snap.pay('YOUR_SNAP_TOKEN', {
  onSuccess: function(result){console.log('success');console.log(result);},
  onPending: function(result){console.log('pending');console.log(result);},
  onError: function(result){console.log('error');console.log(result);},
  onClose: function(){console.log('customer closed the popup without finishing the payment');}
})

Parameter:

Name Description
snapToken
String (required)
Snap token acquired from backend integration
enabledPayments
Array (optional)
List of payment types to be displayed. This will filter out enabled payments from backend integration.
options.onSuccess
Function (optional)
Payment success callback (200 status_code)
options.onPending
Function (optional)
Payment pending callback (201 status_code)
options.onError
Function (optional)
Payment error callback (4xx or 5xx status_code)
options.onClose
Function (optional)
Called if customer has closed the payment popup prematurely without finishing the payment
options.language
String (optional)
Sets the language. This will override language setting on Merchant Administration Portal. Supported values are en (English) and id (Bahasa Indonesia). Defaults to id
options.skipOrderSummary
Boolean (optional)
Skips the order summary page if set to true. Set to false by default.
options.skipCustomerDetails
Boolean (optional)
Make email and phone number optional in CC form if set to true. Set to false by default.
options.autoCloseDelay
Integer (optional)
Auto closes the last page of indomaret and bank transfer payments after the specified time delay. The time delay is specified in seconds. Setting it to 0 will disable this feature. Defaults to 0.

onSuccess, onPending, & onError function accept one parameter which is Transaction Result object.

function ajaxGetToken(transactionData, callback){
    var snapToken;
    // Request get token to your server & save result to snapToken variable

    if(snapToken){
      callback(null, snapToken);
    } else {
      callback(new Error('Failed to fetch snap token'),null);
    }
}

payButton.onclick(function(){
  snap.show();
  ajaxGetToken(transactionData, function(error, snapToken){
    if(error){
      snap.hide();
    } else {
      snap.pay(snapToken);
    }
  });
});

show()

Show snap loading page. Helper function if you want to show instant loading feedback while getting SNAP_TOKEN using AJAX.

If AJAX success, call snap.pay to continue payment process. Else, call snap.hide to end loading page.

hide()

Hide active snap page. Complementary function of snap.show. Helper function if you want to show instant loading feedback while getting SNAP_TOKEN using AJAX.

JS Callback

Transaction Result

Success credit card result

{
   "status_code":"200",
   "status_message":"Success, Credit Card transaction is successful",
   "transaction_id":"6d9677da-45a3-40d0-a0f0-8f0b2f860a64",
   "masked_card":"481111-1114",
   "order_id":"1459499971",
   "gross_amount":"10000.00",
   "payment_type":"credit_card",
   "transaction_time":"2016-04-01 15:39:58",
   "transaction_status":"capture",
   "fraud_status":"accept",
   "approval_code":"100057",
   "bank":"bni"
}

Pending echannel result

{
   "status_code":"201",
   "status_message":"Transaksi sedang diproses",
   "transaction_id":"0ae66c29-e4a6-4e7b-b223-a103564a8d29",
   "order_id":"1459500813",
   "gross_amount":"10000.00",
   "payment_type":"echannel",
   "transaction_time":"2016-04-01 15:54:07",
   "transaction_status":"pending",
   "fraud_status":"accept",
   "bill_key":"001689",
   "biller_code":"70012"
}

Error result

{
  "status_code": "406",
  "status_message": ["transaction has been processed"]
}

Object representing transaction result passed to Snap callback.

Name Description
status_code
String
Transaction status code. Possible values: 200, 201, 202, 400, 404, 406, 500
status_message
String
Transaction status message
order_id
String
Merchant’s payment ID
gross_amount
String
Processed gross amount
payment_type
String
Payment type paid by customer. Possible values: credit_card, bca_klikpay, bca_klikbca, bri_epay, mandiri_clickpay, telkomsel_cash, xl_tunai, bank_transfer, echannel, indosat_dompetku, mandiri_ecash, cstore
transaction_time
String
Timestamp in yyyy-MM-dd hh:mm:ss format
transaction_status
String
Transaction status. Possible values: capture, settlement, pending, cancel, expired
fraud_status
String
Fraud status. Possible values: accept, challenge, deny
approval_code
String
Bank approval code
masked_card
String
Customer’s masked card (only in credit_card & mandiri_clickpay)
bank
String
Acquiring Bank
permata_va_number
String
Permata VA Number (only in bank_transfer)
bill_key
String
Customer bill key (only in echannel)
biller_code
String
Customer biller code (only in echannel)
redirect_url
String
Where customer should be redirected (only in bca_klikbca)
saved_token_id
String
TWO_CLICKS_TOKEN value. Only available in credit_card payment type
saved_token_id_expired_at
String
Specifies the expiration time of the TWO_CLICKS_TOKEN

Other Features

Two Clicks

1) Request /snap/v1/transactions with credit_card.save_card value set to true

{
  "transaction_details": {
    "order_id": "ORDER-101",
    "gross_amount": 10000
  },
  "credit_card": {
    "secure": true,
    "save_card": true
  }
}

2) Save the saved_token_id provided in the OnSuccess callback or Http Notification

snap.pay('YOUR_SNAP_TOKEN', {
  onSuccess: function(result) {
    if (result.saved_token_id) {
      // save customer's TWO_CLICKS_TOKEN in database
    }
  }
})

3) Request /snap/v1/transactions with credit_card.card_token value set to TWO_CLICKS_TOKEN value saved during initial transaction

{
  "transaction_details": {
    "order_id": "ORDER-102",
    "gross_amount": 10000
  },
  "credit_card": {
    "secure": true,
    "card_token": "TWO_CLICKS_TOKEN"
  }
}

Two clicks feature allows you to capture customer’s card number, expiry date, email and phone number as a TWO_CLICKS_TOKEN. For successive payments by the same customer the TWO_CLICKS_TOKEN can be utilized to pre-fill the details. Customer just needs to fill out the cvv number to finish the payment.

There are two steps required to utilize two clicks feature:

Initial Transaction

Successive Transactions

One Click

Request SNAP_TOKEN with user_id and credit_card.save_card value set to true

{
  "transaction_details": {
    "order_id": "ORDER-101",
    "gross_amount": 10000
  },
  "credit_card": {
    "secure": true,
    "save_card": true
  },
  "user_id": "customer-nR6DCOzqGis"
}

In addition to two clicks feature, SNAP also supports one click transaction which will also capture card cvv. With this, customer can directly proceed to charge without input any information.

To ease card saving process, SNAP provides card token storage feature. So, merchants don’t have to store and manage credit card token by themselves. Merchants can easily integrate credit card token storage feature to SNAP by providing unique user_id that associate with customer account on merchant’s system, in addition to enabling credit_card.save_card flag.

SNAP will then decide to store credit card token as one click token based on two criteria:

  1. Merchant has recurring MID enabled
  2. Initial transaction is 3DS-enabled

If those two conditions are met, credit card token will be saved as one click token. Otherwise, it will be saved as two clicks token.

Similar to two clicks flow, there are two steps required to utilize credit card token storage feature on SNAP:

Initial Transaction

Successive Transaction

Custom Virtual Account Number

A virtual account number contains two parts. for example, in {91012}{12435678} , the first part is the company code and the second part is a unique code. The second part can be customized for bca_va, permata_va and bni_va payment types.

Transaction Status

midtrans provides three means for the merchant to obtain the transaction status.

Email Notification

You can configure the email notification setting at Settings - Email Notification in MAP.

email notification

HTTP(S) POST Notification

Notification through HTTP(S) POST will be sent to the merchant’s server when customer completes the payment process. You can utilize the HTTP(S) POST notification to update a payment status or send the item of a transaction in real time.

Enable midtrans HTTP(S) POST Notification by setting the Payment Notification URL at Settings - Configuration.

http notification

Refer here for sample json notification for different payment channels.

Merchant Admin Portal(MAP) Transaction Status

Merchant can check the transactions status from payments menu on MAP.

Example of a successful transaction status for credit card:

map transaction

Handling Notifications

Signature key logic

SHA512(order_id + status_code + gross_amount + serverkey)

Sample code generate signature key

<?php
$orderId = "1111";
$statusCode = "200";
$grossAmount = "100000.00";
$serverKey = "askvnoibnosifnboseofinbofinfgbiufglnbfg";
$input = $orderId.$statusCode.$grossAmount.$serverKey;
$signature = openssl_digest($input, 'sha512');
echo "INPUT: " , $input."<br/>";
echo "SIGNATURE: " , $signature;
?>

In order to increase security aspect, there are several ways to ensure notification received from Midtrans.

Challenge Response

An additional mechanism we provide to verify the content and the origin of the notification is to challenge. This can be achieved by calling the get status API. The response is the same as the notification status.

challenge response

Signature Key

We add signature key information in our notification. The purpose of this signature key is to validate whether the notification is originated from Midtrans or not. Should the notification is not genuine, merchants can disregard the notification. Please find on the side, the logic of the signature key and the sample code to generate signature key.

Best Practice to Handle notification

Following are the standard types of notifications. Note different types of notifications can be added in addition to the below. Also new fields may be added to the existing notification, please confirm with the latest documentation for the exact fields.

Status Code

Goal: Understand all status codes used by API. For more inquiries, please contact us at support@midtrans.com or visit our support web page.

Status Codes used by midtrans API are categorized into 2xx, 3xx, 4xx dan 5xx.

Code 2xx

Status Description
200 Credit Card: Success. Request is successful, and transaction is successful (authorize, capture, settlement, cancel, get order, approve challenge transactions), accepted by midtrans and bank.
Other payment methods: Success. Transaction is successful/settlement.
201 Credit Card: Challenge. Transaction is successfully sent to bank but the process has not been completed, need manual action from merchant to complete the transaction process. If the merchant does not perform any action until settlement time (H+1 16:00) midtrans will cancel the transaction.
Bank Transfer: Pending. Transaction is successfully sent to bank but the process has not been completed by the customer. By default the transaction will expire within 24 hours.
Cimb Clicks: Pending. Transaction successfully sent to bank but the process has not been completed by the customer. By default the transaction will expire within 2 hours.
BRI ePay: Pending. Transaction successfully sent to bank but the process has not been completed by the customer. By default the transaction will expire within 2 hours.
Klik BCA: Pending. Transaction successfully sent to bank but the process has not been completed by the customer. By default the transaction will expire within 2 hours.
BCA Klikpay: Pending. Transaction successfully sent to bank but the process has not been completed by the customer. By default the transaction will expire within 2 hours.
Mandiri Bill Payment: Pending. Transaction successfully sent to bank but the process has not been completed by the customer. By default the transaction will expire within 2 hours.
XL Tunai: Pending. Transaction successfully sent to provider but the process has not been completed by the customer. By default the transaction will expire within 2 hours.
Indomaret: Pending. Transaction successfully sent to provider but the process has not been completed by the customer. By default the transaction will expire within 2 hours.
202 Credit Card: Denied. Transaction has been processed but is denied by payment provider or midtrans’ fraud detection system.
Other payment methods: Denied. Transaction has been processed but is denied by payment provider.

Code 3xx

Status Description
300 Move Permanently, current and all future requests should be directed to the new URL

Code 4xx

Status Description
400 Validation Error, merchant sends bad request data example; validation error, invalid transaction type, invalid credit card format, etc.
401 Access denied due to unauthorized transaction, please check client key or server key
402 Merchant doesn’t have access for this payment type
403 The requested resource is only capable of generating content not acceptable according to the accepting headers that sent in the request
404 The requested resource is not found
405 Http method is not allowed
406 Duplicate order ID. Order ID has already been utilized previously
407 Expired transaction
408 Merchant sends the wrong data type
409 Merchant has sent too many transactions for the same card number
410 Merchant account is deactivated. Please contact midtrans support
411 Token id is missing, invalid, or timed out
412 Merchant cannot modify status of the transaction
413 The request cannot be processed due to malformed syntax in the request body

Code 5xx

Status Description
500 Internal Server Error
501 The feature has not finished yet, it will be available soon
502 Internal Server Error: Bank Connection Problem
503 Internal Server Error
504 Internal Server Error: Fraud detection is unavailable

Testing Credentials

Here is a list of dummy transaction credentials that can be used for transaction in the Sandbox Environment.

Credit Card

General Testing Card Number

Normal Transaction

VISA Description
No Authentication
Merchant Disables 3DS
Accept Transaction: 4011 1111 1111 1112
Challenge by FDS Transaction: 4111 1111 1111 1111
Denied by FDS Transaction: 4211 1111 1111 1110
Denied by Bank Transaction: 4311 1111 1111 1119
MASTERCARD Description
No Authentication
Merchant Disables 3DS
Accept Transaction: 5481 1611 1111 1081
Challenge by FDS Transaction: 5110 1111 1111 1119
Denied by FDS Transaction: 5210 1111 1111 1118
Denied by Bank Transaction: 5310 1111 1111 1117

3D Secure Transaction

VISA Description
Full Authentication
Cardholder is 3DS ready
Accept Transaction: 4811 1111 1111 1114
Denied by Bank Transaction: 4911 1111 1111 1113
Attempted Authentication
Cardholder is not
enrolled for 3DS
Accept Transaction: 4411 1111 1111 1118
Challenge by FDS Transaction: 4511 1111 1111 1117
Denied by FDS Transaction: 4611 1111 1111 1116
Denied by Bank Transaction: 4711 1111 1111 1115
MASTERCARD Description
Full Authentication
Cardholder is 3DS ready
Accept Transaction: 5211 1111 1111 1117
Denied by Bank Transaction: 5111 1111 1111 1118
Attempted Authentication
Cardholder is not
enrolled for 3DS
Accept Transaction: 5410 1111 1111 1116
Challenge by FDS Transaction: 5510 1111 1111 1115
Denied by FDS Transaction: 5411 1111 1111 1115
Denied by Bank Transaction: 5511 1111 1111 1114

Bank-Specific Testing Card

Accepted 3D Secure Card

Bank Card Number
Mandiri
Full Authentication

4617 0069 5974 6656

5573 3810 7219 6900
Attempted Authentication 4617 0017 4194 2101 5573 3819 9982 5417
CIMB
Full Authentication

4599 2078 8712 2414

5481 1698 1883 2479
Attempted Authentication 4599 2039 9705 2898 5481 1671 2103 2563
BNI
Full Authentication

4105 0586 8948 1467

5264 2210 3887 4659
Attempted Authentication 4105 0525 4151 2148 5264 2249 7176 1016
BCA
Full Authentication

4773 7760 5705 1650

5229 9031 3685 3172
Attempted Authentication 4773 7738 1098 1190 5229 9073 6430 3610
BRI
Full Authentication

4365 0263 3573 7199

5520 0298 7089 9100
Attempted Authentication 4365 0278 6723 2690 5520 0254 8646 8439
Maybank
Full Authentication

4055 7720 2603 6004

5520 0867 5210 2334
Attempted Authentication 4055 7713 3514 4012 5520 0867 7490 8452

Accepted Normal Card

Bank Card Number
Mandiri 4617 0030 8177 8145 5573 3899 1384 3648
Mandiri Debit 4097 6658 2970 8136
CIMB 4599 2043 5516 9092 5481 1620 3830 7406
BNI 4105 0568 6475 0672 5264 2282 3919 2765
BNI Private Label 1946 4159 8148 7684
BCA 4773 7781 0290 6680 5229 9028 2076 4661
BRI 4365 0299 9362 0368 5520 0219 0920 3008
Maybank 4055 7796 2846 0474 5520 0883 1465 3770

Denied Card

Bank Card Number
Mandiri 4617 0085 6083 1760 5573 3840 4322 4447
Mandiri Debit 4097 6676 7217 8631
CIMB 4599 2060 0973 3090 5481 1691 9178 2739
BNI 4105 0541 4854 1363 5264 2235 3013 1711
BNI Private Label 1946 4102 7193 1269
BCA 4773 7752 0201 1809 5229 9034 0542 3830
BRI 4365 0299 9362 0368 5520 0219 0920 3008
Maybank 4055 7796 2846 0474 5520 0883 1465 3770

Expiry Date and CVV

Input Value
Expiry Month 01
Expiry Year 2020
CVV 123

Bank Transfer

Payment Methods Description
Permata Virtual Account Midtrans will generate a dummy 16 digits Permata Virtual Account Number. To perform a test transaction, use the Permata Virtual Account Simulator
BCA Virtual Account Midtrans will generate a dummy 11 digits BCA Virtual Account Number. To perform a test transaction, use the BCA Virtual Account Simulator
Mandiri Bill Payment Midtrans will generate a dummy 12 digits Bill Key to complete payment via Mandiri e-channel (Internet Banking, SMS Banking, Mandiri ATM). To perform a test transaction, use Mandiri Bill Payment Simulator

Direct Debit

Payment Methods Description
Mandiri Clickpay Card Number: 4111 1111 1111 1111
Accept Token: 000000
Deny Token: 111111
CIMB Clicks midtrans will redirect CIMB Clicks test transaction to a payment simulator.
Success Transaction: testuser00
Failure Transaction: testuser01
ePay BRI midtrans will redirect ePay BRI test transaction to a payment simulator.
Success Transaction: testuser00
Failure Transaction: testuser03
BCA Klikpay midtrans will redirect BCA Klikpay test transaction to a payment simulator.
KlikBCA midtrans will register user id filled in KlikBCA input. To perform a test transaction, use the KlikBca Simulator

e-Wallet

Payment Methods Description
Telkomsel Cash Accept Customer: 0811111111
Deny Customer: 0822222222
XL Tunai midtrans will generate a dummy XL Tunai Merchant Code and Order ID. To perform a test transaction, use the XL Tunai Simulator
Indosat Dompetku Accept number: 08123456789
Deny number: other than 08123456789
Mandiri E-cash Accept number: 0987654321
PIN: 12345
OTP: 12123434

Convenience Store

Payment Methods Description
Indomaret midtrans will generate a dummy Indomaret Payment Code. To perform a test transaction, use the Indomaret Simulator
Kioson midtrans will generate a dummy Kioson Payment Code. To perform a test transaction, use the Kioson Simulator

Going Live

The tutorial below will assist you in changing the configuration from Sandbox to Production. Please choose the following integration method. If further assistance is required, please contact us at support@midtrans.com or visit our support page.

If you have completed integrating in Sandbox (Testing Environment) and ready to go live in Production Environment, there are a few steps that need to be made:

PHP

<?php
include_once('Veritrans.php');

// Set our production server key
Veritrans_Config::$serverKey = '<your production server key>';

// Use production account
Veritrans_Config:$isProduction = true;
...

?>

Set Veritrans-PHP library to Production Environment. This can be done by changing the value Veritrans_Config::$serverKey with production server key and Veritrans_Config::$isProduction into true.

Magento

Set magento plugin settings with production client key and server key and change environment to production.

magento set production

OpenCart

Set opencart plugin settings with production client key and server key and change environment to production.

magento set production

Prestashop

Set prestashop plugin settings with production client key and server key and change environment to production.

magento set production

Woocommerce

Set woocommerce plugin environment settings to production.

magento set production