{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"cfc27218-a907-43d0-83b1-87078565001a","name":"VCGamers Mitra Open API","description":"Dear _valued partners_, we are excited to announce our new feature VCGamers Mitra API, marking a significant upgrade to our current Open API. With the introduction of this advanced API, we offer **enhanced host-to-host connectivity**, ensuring seamless and secure communication between our platform and your systems.\n\nThis improvement will facilitate faster data exchange, streamline processes, and ultimately enhance the overall experience for both our partners and their customers. We firmly believe that this **host-to-host integration** will greatly contribute to the success and growth of our partnership ecosystem.\n\n# URL\n\n| **Type** | **URL** |\n| --- | --- |\n| Development | `https://h2h-api.vcg.my.id` |\n| Production | `https://mitra-api.vcgamers.com` |\n\n# Changelogs\n\n| **Release Date** | **Changelogs** |\n| --- | --- |\n| 11 September 2025 | Add Postpaid Products and Variations ( PLN, BPJS, etc. )  <br>  <br>Add Inquiry for postpaid products  <br>  <br>Create Order and Order Status now support for postpaid transaction. Please refer to the related documentation |\n| 16 June 2024 | Add V2 API : recommended product choices, simpler API  <br>  <br>Remove check id process inside \"Create Order\" endpoint, you have to call the \"Check ID\" endpoint separately  <br>  <br>When a transaction fails / refunded, the reason message is placed inside sn at the Order Status endpoint ( if any )  <br>  <br>API performance improvements |\n| 03 September 2024 | Add Authorization guide  <br>Add Create Order Scenario Test guide  <br>Add Webhook Setup guide  <br>Add Create Order Flow guide  <br>Add Rate Limit Information |\n\n# HTTP Codes\n\n- 200 OK\n    \n- 400 Bad Request\n    \n- 404 Not Found\n    \n- 500 Internal Server Error\n    \n\n# Status Codes\n\n- SUCCESS\n    \n- CLIENT_ERROR\n    \n- SIGNATURE_INVALID\n    \n- INTERNAL_SERVER_ERROR\n    \n- NOT_FOUND\n    \n- BAD_REQUEST\n    \n- UNAUTHENTICATED\n    \n- VALIDATION_ERROR\n    \n\n# Authorization\n\nPrerequisites :\n\n1. Whitelisted IP Address\n    \n2. Your **API Access Key** for Authorization using Bearer Token\n    \n3. Your **Secret Key** for signature generate algorithm\n    \n\n# Signature Algorithm\n\n**VCGamers Mitra API** verifies the identity of each API request, and the server will also verify whether the call parameters are valid. Therefore, each HTTP request must contain the signature information. The requests with invalid signature will be rejected.\n\nThe process of generating the signature is as follows :\n\n1. Get your **Secret Key** and **API Access Key** in your Mitra App > Setting > API Integration > Access Key\n    \n\n> if you don't have an access token yet, you can generate one. Each user can only have a maximum of 2 access tokens \n  \n\n1. Concatenate your **secret key** and all parameters into a string. For example:  \n    `{yoursecret}+category`\n    \n2. Encode the concatenated string in UTF-8 format and make a digest by the signature algorithm (using **HMAC_SHA512**). For example :  \n    `hmac_sha512({yoursecret}+category)`\n    \n3. Convert the digest to hexadecimal format. For example :  \n    `hex(\"helloworld\".getBytes(\"utf-8\")) = \"68656C6C6F776F726C64\"`\n    \n4. Encode hexadecimal value into **Base64**. For example :  \n    `base_64(\"68656C6C6F776F726C64\")`\n    \n5. Finally, put Base64 encoded signature into query parameter : **sign**\n    \n\n## Signing Example\n\n> API documentation emphasizes the importance of cryptography, _which refers to cryptographic techniques_, **not currency**. It utilizes hashing to ensure data integrity and verification, and encryption to protect sensitive information. Authorized parties can decrypt the ciphertext to access the original data. By incorporating these cryptographic techniques, our API aims to maintain data security and user trust. \n  \n\n### PHP\n\n``` php\n$secret = \"YourVerySecretKey\";\n$price = 9999;\n$qty = 1;\n$product = \"VCGS33-S22\";\n$trx_code = \"TRX0005\";\n$total = $price * $qty;\n$str = $secret.$total.$product.$price.$trx_code;\n$hmac = hash_hmac(\"sha512\", $str, $secret, false);\n$signature = base64_encode($hmac);\n\n ```\n\n### NodeJS\n\n``` javascript\nconst CryptoJS = require(\"crypto-js\");\nconst secret = \"YourVerySecretKey\";\nconst price = 9999;\nconst qty = 1;\nconst product = \"VCGS33-S22\";\nconst trx_code = \"TRX0006\";\nconst total = price * qty;\nconst str = `${secret}${total}${product}${price}${trx_code}`;\nconst hmac = CryptoJS.HmacSHA512(str, secret).toString();\nconst signature = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(hmac));\n\n ```\n\n### Go\n\n``` go\npackage main\nimport (\n    \"crypto/hmac\"\n    \"crypto/sha512\"\n    \"encoding/hex\"\n    \"encoding/base64\"\n    \"fmt\"\n)\nfunc main() {\n    secret := \"YourVerySecretKey\"\n    price := 9999\n    product := \"VCGS33-S22\"\n    data := fmt.Sprintf(\"%s%d%s\", secret, price, product)\n    fmt.Printf(\"Secret: %s Data: %s\\n\", secret, data)\n    // Create a new HMAC by defining the hash type and the key (as byte array)\n    h := hmac.New(sha512.New, []byte(secret))\n    // Write Data to it\n    h.Write([]byte(data))\n    // Get result and encode as hexadecimal string\n    hashSign := hex.EncodeToString(h.Sum(nil))\n    // convert hash result into base64\n    signature := base64.StdEncoding.EncodeToString([]byte(hashSign))\n}\n\n ```\n\n# Create Order Scenario Test\n\n- **SUCESS** ( Via Callback - Top Up )  \n    `variation_key = \"MLBB112\"`\n    \n- **SUCCESS** ( Via Callback - Voucher )  \n    `variation_key = \"STEAMV50\"`\n    \n- **PRODUCT_NOT_FOUND**  \n    `variation_key = \"VCG\"`\n    \n- **CLIENT_ERROR**  \n    `variation_key = \"MLBB112\"`  \n    `ref_id = empty string`\n    \n- **VALIDATION_ERROR**  \n    `variation_key = \"MLBB112\"`  \n    `data = empty array / null`\n    \n\n# Webhook Setup\n\nCurrently we support 4 types of webhooks :\n\n- **Top Up**  \n    Triggered whenever topup was completed.\n    \n- **New Transaction**  \n    Triggered whenever there are new transaction.\n    \n- **Status Update**  \n    Triggered whenever there are status updates on your transactions.\n    \n- **Product Status**  \n    Triggered whenever there are update status on product for example : price change or status active/inactive change.\n    \n\n# Create Order Flow\n\n<img src=\"https://content.pstmn.io/18dcd45b-39ec-44a0-a457-0f996ec0fd01/cHJvZHVjdCAmIHRyYW5hY3Rpb24gZmxvdy5kcmF3aW8ucG5n\">\n\n1. Find a product\n    \n2. Find an Item SKU from products\n    \n3. Fill `ref_id`, `product_code`, `sku_code`, `price` and `data` into request body\n    \n4. For `data` parameter, use this example :\n    \n\n> Look for `forms` parameter ini step 1 response. example : \n  \n\n``` json\n[\n   {\n      \"key\": \"user_id\",\n      \"type\": \"numeric\",\n      \"alias\": \"UID\"\n   },\n   {\n      \"key\": \"additional_id\",\n      \"type\": \"option\",\n      \"options\": [\n         \"SEA\",\n         \"NA\",\n         \"JP\",\n         \"KR\"\n      ],\n      \"alias\": \"SERVER\"\n   }\n]\n\n ```\n\n> Copy those structures, remove `type`, `options`, and `alias`; then add `value` on each objects inside the array. The `value` depends on the `type` parameter \n  \n\n| **Type** | **Description** |\n| --- | --- |\n| text | Put alphanumeric characters |\n| numeric | Put only numeric characters ( use `string` data-type ) |\n| option | Put from one of the `options` value |\n\n> Reform your array of objects structure into `data` parameter. Example : \n  \n\n``` json\n[\n   {\n      \"key\": \"user_id\",\n      \"value\": \"12345678\"\n   },\n   {\n      \"key\": \"additional_id\",\n      \"value\": \"SEA\"\n   }\n]\n\n ```\n\n# Rate Limit\n\nFor system security purposes, we apply API rate limiter to all endpoints per user IP address, furthermore the limit is 200 requests / 60 seconds.\n\n# IP Whitelist\n\nPlease make sure to add our IP to your whitelist :\n\n| **Type** | **IP** |\n| --- | --- |\n| ipv4 | 172.236.143.138 |\n| ipv6 | 2600:3c15::f03c:95ff:fe98:ef07 |\n\n# RC Code List\n\n| **RC Code** | **Description** |\n| --- | --- |\n| 00 | Success / OK |\n| 21 | Check ID feature is currently not available |\n| 22 | Check ID feature error |\n| 23 | Ref ID is already exist |\n| 24 | Product price limit exceeded |\n| 25 | Insufficient Balance |\n| 26 | Payment Unavailable / Already Paid |\n| 40 | Invalid Parameter, check `message` parameter for more explanation |\n| 41 | Parse token error |\n| 42 | Unauthenticated |\n| 43 | Signature Invalid |\n| 44 | Data Not Found / Transaction Not Available |\n| 45 | Traffic limit exceeded, please try again after a while |\n| 46 | User limit exceeded, please contact Admin |\n| 47 | Inquiry Failed / Error ( Postpaid ) |\n| 50 | Server Error / Server Maintenance Error |","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"18660785","team":2966448,"collectionId":"cfc27218-a907-43d0-83b1-87078565001a","publishedId":"2s93sc3CBe","public":true,"publicUrl":"https://documenter-api.postman.tech/view/18660785/2s93sc3CBe","privateUrl":"https://go.postman.co/documentation/18660785-cfc27218-a907-43d0-83b1-87078565001a","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"documentationLayout":"classic-single-column","customisation":{"metaTags":[{"name":"description","value":"VCGamers Mitra Open API"},{"name":"title","value":"VCGamers Mitra API"}],"appearance":{"default":"dark","themes":[{"name":"dark","logo":null,"colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":null,"colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"}}]}},"version":"8.10.1","publishDate":"2024-08-29T06:27:27.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"VCGamers Mitra API","description":"VCGamers Mitra Open API"},"logos":{"logoLight":null,"logoDark":null}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/768118b36f06c94b0306958b980558e6915839447e859fe16906e29d683976f0","favicon":""},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://documenter.gw.postman.com/view/metadata/2s93sc3CBe"}