API documentation

October 18, 2016

by midtrans
Contents

1 Getting Started 3
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1. Register to Veritrans Sandbox/Production account. . . . . . . . . . . . . . . . . . 5
2. Fill in the required information in Merchant Admin Portal (MAP). . . . . . . . . . . 6
3. Take note of your account Access Keys. . . . . . . . . . . . . . . . . . . . . . . . 7
4. Configure Redirection URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Library and Plugin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Libraries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Plugin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2 Backend Integration 12
Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Request Headers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
JSON Parameter (Request Body) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
JSON Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Credit Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Expiry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Response Success . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Response Failed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3 Frontend Integration 20
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Snap.js location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Snap JS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
pay(snapToken, options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
show() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

1
 hide() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
JS Callback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4 Other Features 26
Two Clicks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Initial Transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Successive Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

5 Status Code 28
Code 2xx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Code 3xx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Code 4xx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Code 5xx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

6 Testing Credentials 32
Credit Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
General Testing Card Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Bank-Specific Testing Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Expiry Date and CVV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Bank Transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Direct Debit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
e-Wallet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Convenience Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

2
Getting Started

Overview

1. User performs the checkout operation

2. Merchant server makes an api request to the snap backend to get the SNAP_TOKEN
3. Snap backend responds to the api call with the SNAP_TOKEN
4. Merchant server constructs the html page and sends it back to the browser
5. User verifies the details and clicks the pay button. Merchant’s javascript code calls
snap.pay(SNAP_TOKEN, options). User then fills up the payment details and
clicks the confirm button.
6. Snap JS sends the payment details to the snap backend
7. Snap backend processes the details and responds with the charge status. Snap JS
then calls the corresponding callback provided by the merchant’s javascript code.
8. Snap backend notifies the merchant server about the charge status

3
payment flow

Preparation

Goal: Merchants complete the pre-requisite before integrating with Veritrans

There are a few pre-requisite before integrating with Veritrans:

4
1. Register to Veritrans Sandbox/Production account.

Veritrans has one central login to access both production and sandbox account. Sandbox is utilized
for development period while production is utilized when the merchant has completed the integra-
tion process and want to go live. Data and transaction made on sandbox account will not trigger an
actual purchase while in production account will trigger an actual process. Register for Veritrans Sand-
box/Production account here.

Once logged in, there will be a small button on the header of the dashboard that shows
you on whether you are in the production or sandbox environment. The color of the na-
givation sidebar also set differently between Production (light blue) and Sandbox (dark
blue) for further clarity.

5
2. Fill in the required information in Merchant Admin Portal (MAP).

The required fields can be found under Settings - General Settings.

6
general settings

Warning!

Merchant Name: DO NOT input symbols.

Valid Merchant URL:

3. Take note of your account Access Keys.

Your account keys can be found under Settings - Access Keys.

7
access keys

Caution!

Be discreet on your ‘Server Key’.

4. Configure Redirection URL

Customer will be returned to your website after payment process is completed.

8
redirection url

Go to Settings - Configuration menu to manage the redirection URL.

9
map redirection url

Warning!

Please fill the URL with http:// or https://

Library and Plugin

We are trying to make the integration process as easy as possible. This section contains a list of plugins
and libraries owned by Veritrans. If you write your own plugin or library and would like us to link it,
contact support@veritrans.co.id.

Libraries

10
 Platform Resources
PHP Github

Plugin

Platform Resources
Prestashop v1.6
Github
Magento v1.8, v1.9
Github
Opencart v2.0, v2.1, v2.2
Github
Wordpress Wordpress v3.9.1 - v4.x
Woocommerce WooCommerce v2.1.11 - v2.5.x
Github

11
Backend Integration

Backend integration goal is to acquire SNAP_TOKEN by providing payment informations. We provide a

HTTP API to do this.

Endpoint

HTTP Method: POST

Production: https://app.veritrans.co.id/snap/v1/transactions

Sandbox: https://app.sandbox.veritrans.co.id/snap/v1/transactions

Request Headers

SERVER_KEY = "VT-server-Cpo03kYDOc0cNUKgt6hnLkKg"

AUTH_STRING = Base64("VT-server-Cpo03kYDOc0cNUKgt6hnLkKg:")

AUTH_STRING = "VlQtc2VydmVyLUNwbzAza1lET2MwY05VS2d0NmhuTGtLZzo="

To create valid Snap HTTP request, merchant have to add 3 headers:

• Accept: application/json
• Content-Type: application/json
• Authorization: Basic AUTH_STRING

12
Snap validates HTTP request by using Basic Authentication method. The username is your
SERVER_KEY while the password is empty. You can see your SERVER-KEY on Settings - Access
Keys.

Authorization header value is represented by AUTH_STRING. AUTH_STRING is base-64 encoded

string of your username & password.

AUTH_STRING = Base64(SERVER_KEY + :)

JSON Parameter (Request Body)

Short request
{
"transaction_details": {
"order_id": "ORDER-101",
"gross_amount": 10000
}
}

Complete request
{
"transaction_details": {
"order_id": "ORDER-101",
"gross_amount": 10000
},
"credit_card": {
"secure": true,
"channel": "migs",
"bank": "bca",
"installment": {
"required": false,
"terms": {
"bni": [3, 6, 12],
"mandiri": [3, 6, 12],
"cimb": [3],
"bca": [3, 6, 12],
"offline": [6, 12]
}
}

13
 },
"item_details": [{
"id": "ITEM1",
"price": 10000,
"quantity": 1,
"name": "Veritrans Bear"
}],
"customer_details": {
"first_name": "TEST",
"last_name": "VERITRANSER",
"email": "test@veritrans.co.id",
"phone": "+628123456",
"billing_address": {
"first_name": "TEST",
"last_name": "VERITRANSER",
"email": "test@veritrans.co.id",
"phone": "081 2233 44-55",
"address": "Sudirman",
"city": "Jakarta",
"postal_code": "12190",
"country_code": "IDN"
},
"shipping_address": {
"first_name": "TEST",
"last_name": "VERITRANSER",
"email": "test@veritrans.co.id",
"phone": "0 8128-75 7-9338",
"address": "Sudirman",
"city": "Jakarta",
"postal_code": "12190",
"country_code": "IDN"
}
},
"expiry": {
"start_time": "2017-04-13 18:11:08 +0700",
"unit": "minutes",
"duration": 1
}
}

14
Parameter Description
transaction_details.order_id Unique transaction ID. A single ID could be used only
String(255) (required) once by a Merchant.
transaction_details.gross_amount Amount to be charged
Integer (required)
enabled_payments List of payment types that should be enabled. If blank,
Array (optional) all active payment types are included.
Options:
credit_card, mandiri_clickpay, cimb_clicks,
bca_klikbca, bca_klikpay, bri_epay,
telkomsel_cash, echannel, bbm_money, xl_tunai,
indosat_dompetku, mandiri_ecash, permata_va,
bca_va, kioson, indomaret.

An alias refers to a list of payment types. Adding an alias

is the equivalent of adding all the the payment types it
refers to.
Supported aliases:
bank_transfer => permata_va, bca_va
cstore => kioson, indomaret
customer_details.first_name
String(255) (optional)
customer_details.last_name
String(255) (optional)
customer_details.email
String(255) (optional)
customer_details.phone
String(255) (optional)
customer_details.billing_address
Address (optional)
customer_details.shipping_address
Address (optional)
credit_card Credit card payment options
CreditCard (optional)
callbacks.finish Redirect URL after transaction is successfully paid
String(255) (optional) (Overriden by JS callback)
expiry Custom transaction lifetime
Expiry (optional)

15
JSON Object

Collection of JSON objects that are used in Get Token parameter.

Address

{
"first_name": "TESTER",
"last_name": "VERITRANS",
"email": "test@veritrans.co.id",
"phone": "081 2233 44-55",
"address": "Sudirman",
"city": "Jakarta",
"postal_code": "12190",
"country_code": "IDN"
}

Parameter Description
first_name
String(255)
last_name
String(255)
email
String(255)
phone
String(255)
address
String(255)
country_code
String(255)
postal_code
String(255)
city
String(255)

16
Credit Card

{
"save_card": true,
"secure": true,
"channel": "migs",
"bank": "maybank",
"installment": {
"required": false,
"terms": {
"bni": [3, 6, 12],
"mandiri": [3, 6, 12],
"cimb": [3],
"bca": [3, 6, 12],
"offline": [6, 12]
}
}
}

Parameter Description
secure Use 3D-Secure authentication when using credit card
Boolean
bank Acquiring bank. Options: bca, bni, mandiri, cimb, bri,
String danamon, maybank
channel Acquiring channel. Options: migs
String
whitelist_bins Allowed credit card BIN number
Array
installment.required Force installment when using credit card
Boolean
installment.terms Available installment terms
Object

Expiry

{
"start_time": "2017-04-13 18:11:08 +0700",

17
 "unit": "minutes",
"duration": 1
}

Parameter Description
start_time Timestamp in yyyy-MM-dd hh:mm:ss Z format
String(255)
duration
Integer
unit Expiry unit. Options: day, hour, minute (plural term
String also accepted)

Response

Response Success

{
"token": "d379aa71-99eb-4dd1-b9bb-eefe813746e9"
}

HTTP status code: 201

Field Description
token Snap token for frontend integration
String(36)

Response Failed

Authentication Failed

{
"error_messages": [
"Access denied, please check client or server key"
]

18
}

HTTP status code: 401

Field Description
error_messages Error messages
Array

Validation Error

{
"error_messages": [
"transaction_details.gross_amount is not equal to the sum of item_details"
]
}

HTTP status code: 400

Field Description
error_messages Error messages
Array

Internal System Error

{
"error_messages": [
"Sorry, we encountered internal server error. We will fix this soon."
]
}

HTTP status code: 500

Field Description
error_messages Error messages
Array

19
Frontend Integration

Summary

<html>
<head>
<script type="text/javascript"
src="https://app.sandbox.veritrans.co.id/snap/snap.js"
data-client-key="CLIENT-KEY"></script>
</head>
<body>
<button id="pay-button">Pay!</button>
<script type="text/javascript">
var payButton = document.getElementById('pay-button');
payButton.addEventListener('click', function () {
snap.pay('<SNAP_TOKEN>');
});
</script>
</body>
</html>

Frontend integration goal is to show Snap payment page within your site.

Include snap.js into your page so snap module is available. Don’t forget to put your CLIENT-KEY as
value of data-client-key attribute in snap.js script tag. You can see your CLIENT-KEY on Settings
- Access Keys.

You can start payment process by calling snap.pay with SNAP_TOKEN acquired from backend integra-
tion as parameter.

20
Snap.js location

Production: https://app.veritrans.co.id/snap/snap.js

Sandbox: https://app.sandbox.veritrans.co.id/snap/snap.js

Snap JS

snap has 3 public functions: pay, show & hide

pay(snapToken, options)

Start Snap payment page.

snap.pay('YOUR_SNAP_TOKEN', {
onSuccess: function(result){console.log('success');console.log(result);},
onPending: function(result){console.log('pending');console.log(result);},
onError: function(result){console.log('error');console.log(result);},
onClose: function(){console.log('customer closed the popup without finishing the p
})

Parameter:

Name Description
snapToken token acquired from backend integration
String (required)
options.onSuccess Payment success callback (200 status_code)
Function (optional)
options.onPending Payment pending callback (201 status_code)
Function (optional)
options.onError Payment error callback (4xx or 5xx status_code)
Function (optional)
options.onClose Called if customer has closed the payment popup
Function (optional) prematurely without finishing the payment
options.language Sets the language. This will override language setting on
String (optional) Merchant Administration Portal. Supported values are
en (English) and id (Bahasa Indonesia). Defaults to id
options.skipOrderSummary Skips the order summary page if set to true. Set to
Boolean (optional) false by default.

21
 Name Description
options.autoCloseDelay Auto closes the last page of indomaret and bank transfer
Integer (optional) payments after the specified time delay. The time delay
is specified in seconds. Setting it to 0 will disable this
feature. Defaults to 0.

onSuccess, onPending, & onError function accept one parameter which is Transaction Result ob-
ject.

function ajaxGetToken(transactionData, callback){

var snapToken;
// Request get token to your server & save result to snapToken variable

if(snapToken){
callback(null, snapToken);
} else {
callback(new Error('Failed to fetch snap token'),null);
}
}

payButton.onclick(function(){
snap.show();
ajaxGetToken(transactionData, function(error, snapToken){
if(error){
snap.hide();
} else {
snap.pay(snapToken);
}
});
});

show()

Show snap loading page. Helper function if you want to show instant loading feedback while getting
SNAP_TOKEN using AJAX.

If AJAX success, call snap.pay to continue payment process. Else, call snap.hide to end loading
page.

22
hide()

Hide active snap page. Complementary function of snap.show. Helper function if you want to show
instant loading feedback while getting SNAP_TOKEN using AJAX.

JS Callback

Success credit card result

{
"status_code":"200",
"status_message":"Success, Credit Card transaction is successful",
"transaction_id":"6d9677da-45a3-40d0-a0f0-8f0b2f860a64",
"masked_card":"481111-1114",
"order_id":"1459499971",
"gross_amount":"10000.00",
"payment_type":"credit_card",
"transaction_time":"2016-04-01 15:39:58",
"transaction_status":"capture",
"fraud_status":"accept",
"approval_code":"100057",
"bank":"bni"
}

Pending echannel result

{
"status_code":"201",
"status_message":"Transaksi sedang diproses",
"transaction_id":"0ae66c29-e4a6-4e7b-b223-a103564a8d29",
"order_id":"1459500813",
"gross_amount":"10000.00",
"payment_type":"echannel",
"transaction_time":"2016-04-01 15:54:07",
"transaction_status":"pending",
"fraud_status":"accept",
"bill_key":"001689",
"biller_code":"70012"
}

23
 Error result
{
"status_code": "406",
"status_message": ["transaction has been processed"]
}

Object representing transaction result passed to Snap callback.

Name Description
status_code Transaction status code. Possible value: 200, 201, 202,
String 400, 404, 406, 500
status_message Transaction status message
String
order_id Merchant’s payment ID
String
gross_amount Processed gross amount
String
payment_type Payment type paid by customer. Possible value:
String credit_card, bca_klikpay, bca_klikbca,
bri_epay, mandiri_clickpay, telkomsel_cash,
xl_tunai, bank_transfer, echannel,
indosat_dompetku, mandiri_ecash, cstore
transaction_time Timestamp in yyyy-MM-dd hh:mm:ss format
String
transaction_status Transaction status. Possible value: capture,
String settlement, pending, cancel, expired
fraud_status Fraud status. Possible values: accept, challenge,
String deny
approval_code Bank approval code
String
masked_card Customer’s masked card (only in credit_card &
String mandiri_clickpay)
bank Acquiring Bank
String
permata_va_number Permata VA Number (only in bank_transfer)
String
bill_key Customer bill key (only in echannel)
String
biller_code Customer biller code (only in echannel)
String

24
 Name Description
redirect_url Where customer should be redirected (only in
String bca_klikbca)
saved_token_id TWO_CLICKS_TOKEN value. Only available in
String credit_card payment type
saved_token_id_expired_at Specifies the expiration time of the TWO_CLICKS_TOKEN
String

Warning!

For security reason, results from JS callback should only be used for UI feedback to user and should NOT
be used to alter transaction status on your database. We provide HTTP Notification for that purpose.
You can set your payment HTTP Notification URL in Settings - Configuration

25
Other Features

Two Clicks

Two clicks feature allows you to capture customer’s card number, expiry date, email and phone number
as a TWO_CLICKS_TOKEN. For successive payments by the same customer the TWO_CLICKS_TOKEN
can be utilised to pre fill the details. Customer just needs to fill out the cvv number to finish the pay-
ment.

There are two steps required to utilise two clicks feature:

Request /snap/v1/pay with credit_card.save_card value set to true

{
"transaction_details": {
"order_id": "ORDER-101",
"gross_amount": 10000
},
"credit_card": {
"secure": true,
"save_card": true
}
}

Save the saved_token_id in the OnSuccess callback

snap.pay('YOUR_SNAP_TOKEN', {
onSuccess: function(result) {
if (result.saved_token_id) {
// save customer's TWO_CLICKS_TOKEN in database

26
 }
}
})

Initial Transaction

• Create SNAP_TOKEN with credit_card.save_card value set to true

• Customer will be presented with save option when they fill out the credit card details
• If customer chooses the save option, then the Transaction Result will have two extra fields
namely saved_token_id and saved_token_id_expired_at

Request /snap/v1/pay with credit_card.token_id value set to TWO_CLICKS_TOKEN value

saved during initial transaction
{
"transaction_details": {
"order_id": "ORDER-102",
"gross_amount": 10000
},
"credit_card": {
"secure": true,
"token_id": "TWO_CLICKS_TOKEN"
}
}

Successive Transactions

• Create SNAP_TOKEN with credit_card.token_id value set to TWO_CLICKS_TOKEN saved

during the initial transaction
• Customer will be presented with pre filled credit card number, expiry date, email and phone
number

27
Status Code

Goal: Understand all status codes used by API. For more inquiries, please contact us at support@veritrans.
co.id or visit our support web page.

Status Codes used by Veritrans API are categorized into 2xx, 3xx, 4xx dan 5xx.

Code 2xx

Status Description
200 Credit Card: Success. Request is successful, and
transaction is successful (authorize, capture, settlement,
cancel, get order, approve challenge transactions),
accepted by Veritrans and bank.
Other payment methods: Success. Transaction is
successful/settlement.

28
Status Description
201 Credit Card: Challenge. Transaction successfully sent
to bank but the process has not been completed, need
manual action from merchant to complete the
transaction process. If the merchant does not perform
any action until settlement time (H+1 16:00) Veritrans
will cancel the transaction.
Bank Transfer: Pending. Transaction successfully sent
to bank but the process has not been completed by the
customer. By default the transaction will expire within 24
hours.
Cimb Clicks: Pending. Transaction successfully sent to
bank but the process has not been completed by the
customer. By default the transaction will expire within 2
hours.
BRI ePay: Pending. Transaction successfully sent to
bank but the process has not been completed by the
customer. By default the transaction will expire within 2
hours.
Klik BCA: Pending. Transaction successfully sent to
bank but the process has not been completed by the
customer. By default the transaction will expire within 2
hours.
BCA Klikpay: Pending. Transaction successfully sent to
bank but the process has not been completed by the
customer. By default the transaction will expire within 2
hours.
Mandiri Bill Payment: Pending. Transaction
successfully sent to bank but the process has not been
completed by the customer. By default the transaction
will expire within 2 hours.
XL Tunai: Pending. Transaction successfully sent to
provider but the process has not been completed by the
customer. By default the transaction will expire within 2
hours.
Indomaret: Pending. Transaction successfully sent to
provider but the process has not been completed by the
customer. By default the transaction will expire within 2
hours.

29
Status Description
202 Credit Card: Denied. Transaction has been processed
but is denied by payment provider or Veritrans’ fraud
detection system.
Other payment methods: Denied. Transaction has
been processed but is denied by payment provider.

Code 3xx

Status Description
300 Move Permanently, current and all future requests
should be directed to the new URL

Code 4xx

Status Description
400 Validation Error, merchant sent bad request data
example; validation error, invalid transaction type,
invalid credit card format, etc.
401 Access denied due to unauthorized transaction, please
check client key or server key
402 Merchant doesn’t have access for this payment type
403 The requested resource is only capable of generating
content not acceptable according to the accepting
headers that sent in the request
404 The requested resource is not found
405 Http method is not allowed
406 Duplicate order ID. Order ID has already been utilized
previously
407 Expired transaction
408 Merchant sent the wrong data type
409 Merchant has sent too many transactions for the same
card number

30
Status Description
410 Merchant account is deactivated. Please contact
Veritrans support
411 Token id is missing, invalid, or timed out
412 Merchant cannot modify status of the transaction
413 The request cannot be processed due to malformed
syntax in the request body

Code 5xx

Status Description
500 Internal Server Error
501 The feature has not finished yet, it will be available soon
502 Internal Server Error: Bank Connection Problem
503 Internal Server Error
504 Internal Server Error: Fraud detection is unavailable

31
Testing Credentials

Here is a list of dummy transaction credentials that can be used for transaction in the Sandbox Envi-
ronment.

Credit Card

General Testing Card Number

Normal Transaction

VISA Description
No Authentication Accept Transaction: 4011 1111 1111 1112
Merchant Disables 3DS Challenge by FDS Transaction: 4111 1111 1111 1111
Denied by FDS Transaction: 4211 1111 1111 1110
Denied by Bank Transaction: 4311 1111 1111 1119

MASTERCARD Description
No Authentication Accept Transaction: 5481 1611 1111 1081
Merchant Disables 3DS Challenge by FDS Transaction: 5110 1111 1111 1119
Denied by FDS Transaction: 5210 1111 1111 1118
Denied by Bank Transaction: 5310 1111 1111 1117

32
3D Secure Transaction

VISA Description
Full Authentication Accept Transaction: 4811 1111 1111 1114
Cardholder is 3DS ready Denied by Bank Transaction: 4911 1111 1111 1113
Attempted Authentication Accept Transaction: 4411 1111 1111 1118
Cardholder is not Challenge by FDS Transaction: 4511 1111 1111 1117
enrolled for 3DS Denied by FDS Transaction: 4611 1111 1111 1116
Denied by Bank Transaction: 4711 1111 1111 1115

MASTERCARD Description
Full Authentication Accept Transaction: 5211 1111 1111 1117
Cardholder is 3DS ready Denied by Bank Transaction: 5111 1111 1111 1118
Attempted Authentication Accept Transaction: 5410 1111 1111 1116
Cardholder is not Challenge by FDS Transaction: 5510 1111 1111 1115
enrolled for 3DS Denied by FDS Transaction: 5411 1111 1111 1115
Denied by Bank Transaction: 5511 1111 1111 1114

Bank-Specific Testing Card

Accepted 3D Secure Card

Bank Card Number

Mandiri
Full Authentication 4617 0069 5974 6656 5573 3810 7219 6900
Attempted Authentication 4617 0017 4194 2101 5573 3819 9982 5417
CIMB
Full Authentication 4599 2078 8712 2414 5481 1698 1883 2479
Attempted Authentication 4599 2039 9705 2898 5481 1671 2103 2563
BNI
Full Authentication 4105 0586 8948 1467 5264 2210 3887 4659
Attempted Authentication 4105 0525 4151 2148 5264 2249 7176 1016
BCA
Full Authentication 4773 7760 5705 1650 5229 9031 3685 3172
Attempted Authentication 4773 7738 1098 1190 5229 9073 6430 3610

33
 Bank Card Number
BRI
Full Authentication 4365 0263 3573 7199 5520 0298 7089 9100
Attempted Authentication 4365 0278 6723 2690 5520 0254 8646 8439
Maybank
Full Authentication 4055 7720 2603 6004 5520 0867 5210 2334
Attempted Authentication 4055 7713 3514 4012 5520 0867 7490 8452

Accepted Normal Card

Bank Card Number

Mandiri 4617 0030 8177 8145 5573 3899 1384 3648
Mandiri Debit 4097 6658 2970 8136
CIMB 4599 2043 5516 9092 5481 1620 3830 7406
BNI 4105 0568 6475 0672 5264 2282 3919 2765
BNI Private Label 1946 4159 8148 7684
BCA 4773 7781 0290 6680 5229 9028 2076 4661
BRI 4365 0299 9362 0368 5520 0219 0920 3008
Maybank 4055 7796 2846 0474 5520 0883 1465 3770

Denied Card

Bank Card Number

Mandiri 4617 0085 6083 1760 5573 3840 4322 4447
Mandiri Debit 4097 6676 7217 8631
CIMB 4599 2060 0973 3090 5481 1691 9178 2739
BNI 4105 0541 4854 1363 5264 2235 3013 1711
BNI Private Label 1946 4102 7193 1269
BCA 4773 7752 0201 1809 5229 9034 0542 3830
BRI 4365 0299 9362 0368 5520 0219 0920 3008
Maybank 4055 7796 2846 0474 5520 0883 1465 3770

Expiry Date and CVV

34
 Input Value
Expiry Month 01
Expiry Year 2020
CVV 123

Bank Transfer

Payment Methods Description

Permata Virtual Account Veritrans will generate a dummy 16 digits Permata
Virtual Account Number. To perform a test transaction,
use the Permata Virtual Account Simulator
BCA Virtual Account Veritrans will generate a dummy 11 digits BCA Virtual
Account Number. To perform a test transaction, use the
BCA Virtual Account Simulator
Mandiri Bill Payment Veritrans will generate a 6 digits Payment Code to
complete payment via Mandiri e-channel (Internet
Banking, SMS Banking, Mandiri ATM). To perform a test
transaction, use the Mandiri Bill Payment Simulator

Direct Debit

Payment Methods Description

Mandiri Clickpay Card Number: 4111 1111 1111 1111
Accept Token: 000000
Deny Token: 111111
CIMB Clicks Veritrans will redirect CIMB Clicks test transaction to a
payment simulator.
Success Transaction: testuser00
Failure Transaction: testuser01
ePay BRI Veritrans will redirect ePay BRI test transaction to a
payment simulator.
Success Transaction: testuser00
Failure Transaction: testuser03

35
 Payment Methods Description
BCA Klikpay Veritrans will redirect BCA Klikpay test transaction to a
payment simulator.
KlikBCA Veritrans will register user id filled in KlikBCA input. To
perform a test transaction, use the KlikBca Simulator

e-Wallet

Payment Methods Description

Telkomsel Cash Accept Customer: 0811111111
Deny Customer: 0822222222
XL Tunai Veritrans will generate a dummy XL Tunai Merchant Code
and Order ID. To perform a test transaction, use the XL
Tunai Simulator
Indosat Dompetku Accept number: 08123456789
Deny number: other than 08123456789
Mandiri E-cash Accept number: 0987654321
PIN: 12345
OTP: 12123434

Convenience Store

Payment Methods Description

Indomaret Veritrans will generate a dummy Indomaret Payment
Code. To perform a test transaction, use the Indomaret
Simulator
Kioson Veritrans will generate a dummy Kioson Payment Code.
To perform a test transaction, use the Kioson Simulator

36