Order Prepaid & Voucher Game
Endpoint untuk melakukan transaksi pulsa, paket data, dan voucher game.
Endpoint: POST /v1/order
Parameter Request
| Parameter | Tipe | Wajib | Keterangan |
|---|---|---|---|
api_id | string | ✅ | API ID |
timestamp | integer | ✅ | Unix timestamp |
signature | string | ✅ | HMAC-SHA256 |
cmd | string | ✅ | prepaid untuk pulsa/data, game untuk voucher game |
code | string | ✅ | Kode produk dari Daftar Produk |
customer_no | string | ✅ | Nomor HP tujuan (pulsa/data) atau ID game (voucher) |
ref_id | string | ❌ | ID referensi unik — jika kosong di-generate otomatis |
testing | boolean | ❌ | true untuk mode testing (tidak potong saldo). Default: false |
Contoh Request
- PHP
- JavaScript
- Python
- Java
- C#
- cURL
<?php
$api_id = 'your_api_id';
$api_key = 'your_api_key';
$secret_key = 'your_secret_key';
$timestamp = time();
// Business params
$businessParams = [
'cmd' => 'prepaid',
'code' => 'TSEL21',
'customer_no' => '08123456789',
'ref_id' => 'TRX' . uniqid(),
];
// Urutkan A ke Z (ksort)
ksort($businessParams);
$canonicalBody = json_encode($businessParams, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
$bodyHash = hash('sha256', $canonicalBody);
$stringToSign = implode('|', [$api_id, $api_key, $timestamp, $bodyHash]);
$signature = hash_hmac('sha256', $stringToSign, $secret_key);
$payload = array_merge($businessParams, [
'api_id' => $api_id,
'timestamp' => $timestamp,
'signature' => $signature,
]);
$ch = curl_init('https://api.isikuota.com/v1/order');
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => ['Content-Type: application/json'],
CURLOPT_POSTFIELDS => json_encode($payload),
]);
$response = json_decode(curl_exec($ch), true);
curl_close($ch);
const crypto = require('crypto');
const api_id = 'your_api_id';
const api_key = 'your_api_key';
const secret_key = 'your_secret_key';
const timestamp = Math.floor(Date.now() / 1000);
// Business params — urutkan A ke Z
const businessParams = {
cmd: 'prepaid',
code: 'TSEL21',
customer_no: '08123456789',
ref_id: `TRX${Date.now()}`,
};
const sorted = Object.fromEntries(
Object.keys(businessParams).sort().map(k => [k, businessParams[k]])
);
const canonicalBody = JSON.stringify(sorted);
const bodyHash = crypto.createHash('sha256').update(canonicalBody).digest('hex');
const stringToSign = `${api_id}|${api_key}|${timestamp}|${bodyHash}`;
const signature = crypto.createHmac('sha256', secret_key).update(stringToSign).digest('hex');
const response = await fetch('https://api.isikuota.com/v1/order', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ ...sorted, api_id, timestamp, signature }),
});
const data = await response.json();
import hmac, hashlib, time, json, requests
api_id = 'your_api_id'
api_key = 'your_api_key'
secret_key = 'your_secret_key'
timestamp = int(time.time())
# Business params — urutkan A ke Z
business_params = {
'cmd': 'prepaid',
'code': 'TSEL21',
'customer_no': '08123456789',
'ref_id': f'TRX{int(time.time())}',
}
sorted_params = dict(sorted(business_params.items()))
canonical_body = json.dumps(sorted_params, ensure_ascii=False, separators=(',', ':'))
body_hash = hashlib.sha256(canonical_body.encode()).hexdigest()
string_to_sign = f'{api_id}|{api_key}|{timestamp}|{body_hash}'
signature = hmac.new(secret_key.encode(), string_to_sign.encode(), hashlib.sha256).hexdigest()
payload = {**sorted_params, 'api_id': api_id, 'timestamp': timestamp, 'signature': signature}
response = requests.post('https://api.isikuota.com/v1/order', json=payload)
data = response.json()
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.time.Instant;
import java.util.*;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.net.http.*;
import java.net.URI;
public class OrderExample {
static String sha256(String input) throws Exception {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] hash = digest.digest(input.getBytes(StandardCharsets.UTF_8));
StringBuilder sb = new StringBuilder();
for (byte b : hash) sb.append(String.format("%02x", b));
return sb.toString();
}
static String hmacSha256(String data, String key) throws Exception {
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
byte[] hash = mac.doFinal(data.getBytes(StandardCharsets.UTF_8));
StringBuilder sb = new StringBuilder();
for (byte b : hash) sb.append(String.format("%02x", b));
return sb.toString();
}
public static void main(String[] args) throws Exception {
String apiId = "your_api_id";
String apiKey = "your_api_key";
String secretKey = "your_secret_key";
long timestamp = Instant.now().getEpochSecond();
// Business params — TreeMap otomatis urut A ke Z
TreeMap<String, String> businessParams = new TreeMap<>();
businessParams.put("cmd", "prepaid");
businessParams.put("code", "TSEL21");
businessParams.put("customer_no", "08123456789");
businessParams.put("ref_id", "TRX" + System.currentTimeMillis());
ObjectMapper mapper = new ObjectMapper();
String canonicalBody = mapper.writeValueAsString(businessParams);
String bodyHash = sha256(canonicalBody);
String stringToSign = apiId + "|" + apiKey + "|" + timestamp + "|" + bodyHash;
String signature = hmacSha256(stringToSign, secretKey);
Map<String, Object> payload = new LinkedHashMap<>(businessParams);
payload.put("api_id", apiId);
payload.put("timestamp", timestamp);
payload.put("signature", signature);
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://api.isikuota.com/v1/order"))
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(mapper.writeValueAsString(payload)))
.build();
HttpResponse<String> response = HttpClient.newHttpClient()
.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using System.Security.Cryptography;
using System.Text;
using System.Text.Json;
using System.Threading.Tasks;
class OrderExample
{
static string Sha256(string input)
{
using var sha = SHA256.Create();
var bytes = sha.ComputeHash(Encoding.UTF8.GetBytes(input));
return BitConverter.ToString(bytes).Replace("-", "").ToLower();
}
static string HmacSha256(string data, string key)
{
using var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key));
var bytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(data));
return BitConverter.ToString(bytes).Replace("-", "").ToLower();
}
static async Task Main()
{
var apiId = "your_api_id";
var apiKey = "your_api_key";
var secretKey = "your_secret_key";
var timestamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
// Business params — SortedDictionary otomatis urut A ke Z
var businessParams = new SortedDictionary<string, string>
{
{ "cmd", "prepaid" },
{ "code", "TSEL21" },
{ "customer_no", "08123456789" },
{ "ref_id", $"TRX{DateTimeOffset.UtcNow.ToUnixTimeMilliseconds()}" },
};
var canonicalBody = JsonSerializer.Serialize(businessParams);
var bodyHash = Sha256(canonicalBody);
var stringToSign = $"{apiId}|{apiKey}|{timestamp}|{bodyHash}";
var signature = HmacSha256(stringToSign, secretKey);
var payload = new Dictionary<string, object>(
businessParams.Select(x => new KeyValuePair<string, object>(x.Key, x.Value)))
{
{ "api_id", apiId },
{ "timestamp", timestamp },
{ "signature", signature },
};
using var client = new HttpClient();
var json = JsonSerializer.Serialize(payload);
var content = new StringContent(json, Encoding.UTF8, "application/json");
var response = await client.PostAsync("https://api.isikuota.com/v1/order", content);
Console.WriteLine(await response.Content.ReadAsStringAsync());
}
}
API_ID="your_api_id"
API_KEY="your_api_key"
SECRET="your_secret_key"
TIMESTAMP=$(date +%s)
# Business params — key wajib urut A ke Z
CANONICAL_BODY='{"cmd":"prepaid","code":"TSEL21","customer_no":"08123456789","ref_id":"TRX001"}'
BODY_HASH=$(echo -n "$CANONICAL_BODY" | sha256sum | awk '{print $1}')
STRING_TO_SIGN="${API_ID}|${API_KEY}|${TIMESTAMP}|${BODY_HASH}"
SIGNATURE=$(echo -n "$STRING_TO_SIGN" | openssl dgst -sha256 -hmac "$SECRET" | awk '{print $2}')
curl -X POST https://api.isikuota.com/v1/order \
-H "Content-Type: application/json" \
-d "{
\"api_id\": \"$API_ID\",
\"timestamp\": $TIMESTAMP,
\"signature\": \"$SIGNATURE\",
\"cmd\": \"prepaid\",
\"code\": \"TSEL21\",
\"customer_no\": \"08123456789\",
\"ref_id\": \"TRX001\"
}"
Contoh Response
- ✅ Success
- ⏳ Pending
- ❌ Failed
{
"success": true,
"code": "ORDER_SUCCESS",
"message": "Transaksi berhasil diproses",
"data": {
"ref_id": "TRX12345asdxxx",
"status": "Success",
"customer_no": "08123456789",
"code": "TSEL21",
"name": "Telkomsel 21.000",
"price": 21425,
"sn": "1234-5678-9012-3456",
"created_at": "2026-05-31 10:34:36"
},
"errors": null,
"meta": null
}
{
"success": true,
"code": "ORDER_PENDING",
"message": "Transaksi sedang diproses",
"data": {
"ref_id": "TRX12345asdxxx",
"status": "Pending",
"customer_no": "08123456789",
"code": "TSEL21",
"name": "Telkomsel 21.000",
"price": 21425,
"sn": null,
"created_at": "2026-05-31 10:34:36"
},
"errors": null,
"meta": null
}
{
"success": false,
"code": "ORDER_FAILED",
"message": "Transaksi gagal - nomor tidak aktif",
"data": {
"ref_id": "TRX12345asdxxx",
"status": "Failed",
"customer_no": "08123456789",
"code": "TSEL21",
"name": "Telkomsel 21.000",
"price": 21425,
"sn": null,
"created_at": "2026-05-31 10:34:36"
},
"errors": null,
"meta": null
}
Field Response
| Field | Tipe | Keterangan |
|---|---|---|
ref_id | string | ID referensi transaksi |
status | string | Status transaksi (Pending / Success / Failed) |
customer_no | string | Nomor tujuan transaksi |
code | string | Kode produk |
name | string | Nama produk |
price | integer | Harga yang dibayarkan (Rp) |
sn | string/null | Serial Number / kode voucher (tersedia jika Success) |
created_at | string | Waktu transaksi dibuat |
Status Transaksi
| Status | Keterangan | Tindakan |
|---|---|---|
Pending | Sedang diproses | Tunggu callback atau cek via /status |
Success | Berhasil — sn tersedia | Update status di sistem Anda |
Failed | Gagal — saldo dikembalikan otomatis | Notifikasi user |
warning
Jika request timeout, cek status dulu via /status menggunakan ref_id sebelum membuat transaksi baru. Transaksi mungkin sudah berhasil meski response tidak diterima.
Mode Testing
Tambahkan "testing": true untuk simulasi transaksi tanpa memotong saldo.