{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"a83bedd8-836e-49c3-92ea-bdf6a88af496","name":"VCGamers Seller Open API","description":"Dear _valued partners_, we are excited to announce our new feature VCGamers Seller API, marking a significant upgrade to our current Open API. With the introduction of this advanced API, we offer **enhanced Seller connectivity**, ensuring seamless and secure communication between our platform and your systems.\n\nThis improvement will facilitate faster data exchange, streamline processes, and ultimately enhance the overall experience for both our partners and their customers. We firmly believe that this **Seller Integration** will greatly contribute to the success and growth of our partnership ecosystem!\n\n# URL\n\n| **Type** | **URL** |\n| --- | --- |\n| Development | `https://apis.vcg.my.id` |\n| Production | `https://apis.vcgamers.com` |\n\n# Changelogs\n\n| **Release Date** | **Changelogs** |\n| --- | --- |\n| 27 March 2026 | Separate rate limit for order processing endpoints (300 RPM).  <br>  <br>Add endpoint-specific error codes:  <br>ERR_PRICE_LIMIT  <br>ERR_POLLING_LIMIT  <br>ERR_ORDER_LIMIT  <br>ERR_RATE_LIMIT |\n| 28 August 2024 | Add transaction flow guide  <br>  <br>Add Webhook / Callback type |\n| 25 March 2024 | First Release |\n\n# HTTP Codes\n\n- 200 OK\n    \n- 400 Bad Request\n    \n- 404 Not Found\n    \n- 429 Too Many Requests\n    \n- 500 Internal Server Error\n    \n\n# Status Codes\n\n| **Code** | **Description** |\n| --- | --- |\n| 00 | OK / Success |\n| 41 | Invalid Request |\n| 43 | Forbidden Request |\n| 44 | Not Found |\n| 45 | Invalid Token |\n| 46 | Invalid Signature |\n| 47 | Invalid Timestamp |\n| 48 | Invalid VIP Request |\n| 50 | Server Error |\n\n# Authorization\n\nPrerequisites :\n\n1. Whitelisted IP Address\n    \n2. Your **API Access Key** for Authorization using Bearer Token\n    \n3. Your **Secret Key** for signature generate algorithm\n    \n\n# Signature Algorithm\n\n**VCGamers Seller API** verifies the identity of each API request, and the server will also verify whether the call parameters are valid. Therefore, each HTTP request must contain the signature information. The requests with invalid signature will be rejected.\n\nThe process of generating the signature is as follows :\n\n1. Get your **secret key** and **token** in your Seller Portal > VIP Seller > API Integration > Access Key\n    \n\n> if you don't have an access token yet, you can generate one. Each seller can only have a maximum of 2 access tokens \n  \n\n1. Concatenate this parameter into a string\n    \n    1. endpoint path ( with leading `/` )\n        \n    2. access key\n        \n    3. timestamp ( format: `YYYYMMDDHHmm`, example: 202303241520 )\n        \n\n> for example:  \n`/rest/profile/get+{access_key}+{YYYYMMDDHHmm}` \n  \n\n1. Encode the concatenated string in UTF-8 format and make a digest by the signature algorithm (using **HMAC_SHA512**). For example :  \n    `hmac_sha512({yoursecret}+{parameter})`\n    \n2. Convert the digest to hexadecimal format. For example :  \n    `hex(\"helloworld\".getBytes(\"utf-8\")) = \"68656C6C6F776F726C64\"`\n    \n3. Encode hexadecimal value into **Base64**. For example :  \n    `base_64(\"68656C6C6F776F726C64\")`\n    \n4. Finally, put Base64 encoded signature into query parameter : **sign**\n    \n\n## Signing Example\n\n> API documentation emphasizes the importance of cryptography, _which refers to cryptographic techniques_, **not currency**. It utilizes hashing to ensure data integrity and verification, and encryption to protect sensitive information. Authorized parties can decrypt the ciphertext to access the original data. By incorporating these cryptographic techniques, our API aims to maintain data security and user trust. \n  \n\nPHP\n\n``` php\n$path=\"/rest/profile/get\"\n$secret = \"YourSecretKey\";\n$access = \"YourAccessKey\";\n$t=time();\n$timestamp = date(\"YmdHis\", $t);\n$str = $path.$access.$timestamp;\n$hmac = hash_hmac(\"sha512\", $str, $secret, false);\n$signature = base64_encode($hmac);\n\n ```\n\nNodeJS\n\n``` javascript\nconst CryptoJS = require(\"crypto-js\");\nconst path = \"/rest/profile/get\";\nconst secret = \"YourSecretKey\";  \nconst access = \"YourAccessKey\";\nconst timestamp = new Date();\nconst str = `${path}${access}${timestamp}`;\nconst hmac = CryptoJS.HmacSHA512(str, secret).toString();\nconst signature = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(hmac));\n\n ```\n\nGo\n\n``` go\npackage main\nimport (\n    \"crypto/hmac\"\n    \"crypto/sha512\"\n    \"encoding/hex\"\n    \"encoding/base64\"\n    \"fmt\"\n    \"time\"\n)\nfunc main() {\n    path := \"/rest/profile/get\"\n    secret := \"YourSecretKey\"\n    access := \"YourAccessKey\"\n    timestamp := time.Now().Format(\"200601021504\")\n    data := fmt.Sprintf(\"%s%s%s\", path, access, timestamp)\n    // Create a new HMAC by defining the hash type and the key (as byte array)\n    h := hmac.New(sha512.New, []byte(secret))\n    // Write Data to it\n    h.Write([]byte(data))\n    // Get result and encode as hexadecimal string\n    hashSign := hex.EncodeToString(h.Sum(nil))\n    // convert hash result into base64\n    signature := base64.StdEncoding.EncodeToString([]byte(hashSign))\n}\n\n ```\n\n# Transaction Flow\n\n<img src=\"https://content.pstmn.io/e4fafbb7-c3e4-4da7-8571-622eda3044b2/VHJhbnNhY3Rpb24gRmxvdy5kcmF3aW8ucG5n\">\n\n# Webhook Setup\n\nCurrently we support 7 types of webhooks\n\n- **Withdrawal**  \n    Triggered whenever withdrawal request has been requested / updated\n    \n- **Transaction**  \n    Triggered whenever there are new transaction\n    \n- **Stock**  \n    Triggered whenever products stock has updated\n    \n- **Promotion**  \n    Triggered whenever there are new upcoming promotions\n    \n- **Event**  \n    Triggered whenever there are new upcoming VCGamers events\n    \n- **Campaign**  \n    Triggered whenever there are new upcoming campaign\n    \n- **Feature**  \n    Tiggered whenever there are updates on your Kilat / Instant / VIP activation status\n    \n\n# Rate Limit\n\nFor system security purposes, we apply API rate limiter per user IP address with the following limits:\n\n| Endpoint Category | Limit |\n| --- | --- |\n| Order Processing:  <br>`/rest/transaction/process`  <br>`/rest/transaction/cancel` | **300 requests / 60 seconds** |\n| All other endpoints | **200 requests / 60 seconds** |\n\nWhen the rate limit is exceeded, the API returns HTTP `429 Too Many Requests` with endpoint-specific error codes:\n\n| Error Code | Trigger Endpoints | Message |\n| --- | --- | --- |\n| ERR_PRICE_LIMIT | `/rest/product/price-update`, `/rest/product/stock-update` | Batas update harga tercapai. |\n| ERR_POLLING_LIMIT | `/rest/transaction/all`, `/rest/transaction/get` | Batas frekuensi cek transaksi tercapai. Gunakan Webhook untuk efisiensi. |\n| ERR_ORDER_LIMIT | `/rest/transaction/process`, `/rest/transaction/cancel` | Batas kirim pesanan tercapai. Silakan coba lagi dalam beberapa menit. |\n| ERR_RATE_LIMIT | All other endpoints | Batas request tercapai. Silakan coba lagi nanti. |\n\nExample error response:\n\n``` json\n{\n    \"code\": 429,\n    \"status\": \"ERROR\",\n    \"error_code\": \"ERR_PRICE_LIMIT\",\n    \"message\": \"Batas update harga tercapai.\"\n}\n\n ```","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"28289164","collectionId":"a83bedd8-836e-49c3-92ea-bdf6a88af496","publishedId":"2s9YJjTKWG","public":true,"publicUrl":"https://documenter-api.postman.tech/view/28289164/2s9YJjTKWG","privateUrl":"https://go.postman.co/documentation/28289164-a83bedd8-836e-49c3-92ea-bdf6a88af496","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":""},{"name":"title","value":"VCGamers Seller API Documentation"}],"appearance":{"default":"light","themes":[{"name":"dark","logo":null,"colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":null,"colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"}}]}},"version":"8.10.0","publishDate":"2023-10-12T05:07:03.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"VCGamers Seller API Documentation","description":""},"logos":{"logoLight":null,"logoDark":null}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/768118b36f06c94b0306958b980558e6915839447e859fe16906e29d683976f0","favicon":""},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://documenter.gw.postman.com/view/metadata/2s9YJjTKWG"}