Bayar Tagihan Pascabayar

Endpoint untuk melakukan pembayaran tagihan setelah inquiry berhasil.

Endpoint: POST /v1/order

warning

Gunakan ref_id yang sama dengan saat inquiry. Sesi inquiry berlaku 5 menit — jika habis, ulangi inquiry dari awal.

Parameter Request

Parameter	Tipe	Wajib	Keterangan
api_id	string	✅	API ID
timestamp	integer	✅	Unix timestamp
signature	string	✅	HMAC-SHA256
cmd	string	✅	Harus pay-pasca
code	string	✅	Kode produk (sama dengan saat inquiry)
customer_no	string	✅	Nomor pelanggan (sama dengan saat inquiry)
ref_id	string	✅	Ref ID dari response inquiry
testing	boolean	❌	true untuk mode testing. Default: false

Contoh Request

PHP

<?php
// Lanjutan dari inquiry — gunakan $ref_id yang sudah disimpan
$api_id     = 'your_api_id';
$api_key    = 'your_api_key';
$secret_key = 'your_secret_key';
$timestamp  = time();

// Business params
$businessParams = [
    'cmd'         => 'pay-pasca',
    'code'        => 'MPBPJS',
    'customer_no' => '1234567890',
    'ref_id'      => $ref_id,  // dari response inquiry
];

// Urutkan A ke Z (ksort)
ksort($businessParams);

$canonicalBody = json_encode($businessParams, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
$bodyHash      = hash('sha256', $canonicalBody);
$stringToSign  = implode('|', [$api_id, $api_key, $timestamp, $bodyHash]);
$signature     = hash_hmac('sha256', $stringToSign, $secret_key);

$payload = array_merge($businessParams, [
    'api_id'    => $api_id,
    'timestamp' => $timestamp,
    'signature' => $signature,
]);

$ch = curl_init('https://api.isikuota.com/v1/order');
curl_setopt_array($ch, [
    CURLOPT_POST           => true,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER     => ['Content-Type: application/json'],
    CURLOPT_POSTFIELDS     => json_encode($payload),
]);
$response = json_decode(curl_exec($ch), true);
curl_close($ch);

JavaScript

const crypto = require('crypto');

const api_id     = 'your_api_id';
const api_key    = 'your_api_key';
const secret_key = 'your_secret_key';
const timestamp  = Math.floor(Date.now() / 1000);

// Business params — urutkan A ke Z
const businessParams = {
  cmd:         'pay-pasca',
  code:        'MPBPJS',
  customer_no: '1234567890',
  ref_id:      ref_id,  // dari response inquiry
};
const sorted = Object.fromEntries(
  Object.keys(businessParams).sort().map(k => [k, businessParams[k]])
);

const canonicalBody = JSON.stringify(sorted);
const bodyHash      = crypto.createHash('sha256').update(canonicalBody).digest('hex');
const stringToSign  = `${api_id}|${api_key}|${timestamp}|${bodyHash}`;
const signature     = crypto.createHmac('sha256', secret_key).update(stringToSign).digest('hex');

const response = await fetch('https://api.isikuota.com/v1/order', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ ...sorted, api_id, timestamp, signature }),
});
const data = await response.json();

Python

import hmac, hashlib, time, json, requests

api_id     = 'your_api_id'
api_key    = 'your_api_key'
secret_key = 'your_secret_key'
timestamp  = int(time.time())

# Business params — urutkan A ke Z
business_params = {
    'cmd':         'pay-pasca',
    'code':        'MPBPJS',
    'customer_no': '1234567890',
    'ref_id':      ref_id,  # dari response inquiry
}
sorted_params = dict(sorted(business_params.items()))

canonical_body = json.dumps(sorted_params, ensure_ascii=False, separators=(',', ':'))
body_hash      = hashlib.sha256(canonical_body.encode()).hexdigest()
string_to_sign = f'{api_id}|{api_key}|{timestamp}|{body_hash}'
signature      = hmac.new(secret_key.encode(), string_to_sign.encode(), hashlib.sha256).hexdigest()

payload = {**sorted_params, 'api_id': api_id, 'timestamp': timestamp, 'signature': signature}
response = requests.post('https://api.isikuota.com/v1/order', json=payload)
data = response.json()

Java

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.time.Instant;
import java.util.*;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.net.http.*;
import java.net.URI;

public class PayPascaExample {

    static String sha256(String input) throws Exception {
        MessageDigest digest = MessageDigest.getInstance("SHA-256");
        byte[] hash = digest.digest(input.getBytes(StandardCharsets.UTF_8));
        StringBuilder sb = new StringBuilder();
        for (byte b : hash) sb.append(String.format("%02x", b));
        return sb.toString();
    }

    static String hmacSha256(String data, String key) throws Exception {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
        byte[] hash = mac.doFinal(data.getBytes(StandardCharsets.UTF_8));
        StringBuilder sb = new StringBuilder();
        for (byte b : hash) sb.append(String.format("%02x", b));
        return sb.toString();
    }

    public static void main(String[] args) throws Exception {
        String apiId     = "your_api_id";
        String apiKey    = "your_api_key";
        String secretKey = "your_secret_key";
        long   timestamp = Instant.now().getEpochSecond();
        String refId     = "INQ-001"; // dari response inquiry

        // Business params — TreeMap otomatis urut A ke Z
        TreeMap<String, String> businessParams = new TreeMap<>();
        businessParams.put("cmd",         "pay-pasca");
        businessParams.put("code",        "MPBPJS");
        businessParams.put("customer_no", "1234567890");
        businessParams.put("ref_id",      refId);

        ObjectMapper mapper = new ObjectMapper();
        String canonicalBody = mapper.writeValueAsString(businessParams);
        String bodyHash      = sha256(canonicalBody);
        String stringToSign  = apiId + "|" + apiKey + "|" + timestamp + "|" + bodyHash;
        String signature     = hmacSha256(stringToSign, secretKey);

        Map<String, Object> payload = new LinkedHashMap<>(businessParams);
        payload.put("api_id",    apiId);
        payload.put("timestamp", timestamp);
        payload.put("signature", signature);

        HttpRequest request = HttpRequest.newBuilder()
            .uri(URI.create("https://api.isikuota.com/v1/order"))
            .header("Content-Type", "application/json")
            .POST(HttpRequest.BodyPublishers.ofString(mapper.writeValueAsString(payload)))
            .build();

        HttpResponse<String> response = HttpClient.newHttpClient()
            .send(request, HttpResponse.BodyHandlers.ofString());
        System.out.println(response.body());
    }
}

C#

using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using System.Security.Cryptography;
using System.Text;
using System.Text.Json;
using System.Threading.Tasks;

class PayPascaExample
{
    static string Sha256(string input)
    {
        using var sha = SHA256.Create();
        var bytes = sha.ComputeHash(Encoding.UTF8.GetBytes(input));
        return BitConverter.ToString(bytes).Replace("-", "").ToLower();
    }

    static string HmacSha256(string data, string key)
    {
        using var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key));
        var bytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(data));
        return BitConverter.ToString(bytes).Replace("-", "").ToLower();
    }

    static async Task Main()
    {
        var apiId     = "your_api_id";
        var apiKey    = "your_api_key";
        var secretKey = "your_secret_key";
        var timestamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
        var refId     = "INQ-001"; // dari response inquiry

        // Business params — SortedDictionary otomatis urut A ke Z
        var businessParams = new SortedDictionary<string, string>
        {
            { "cmd",         "pay-pasca"  },
            { "code",        "MPBPJS"     },
            { "customer_no", "1234567890" },
            { "ref_id",      refId        },
        };

        var canonicalBody = JsonSerializer.Serialize(businessParams);
        var bodyHash      = Sha256(canonicalBody);
        var stringToSign  = $"{apiId}|{apiKey}|{timestamp}|{bodyHash}";
        var signature     = HmacSha256(stringToSign, secretKey);

        var payload = new Dictionary<string, object>(
            businessParams.Select(x => new KeyValuePair<string, object>(x.Key, x.Value)))
        {
            { "api_id",    apiId     },
            { "timestamp", timestamp },
            { "signature", signature },
        };

        using var client = new HttpClient();
        var json     = JsonSerializer.Serialize(payload);
        var content  = new StringContent(json, Encoding.UTF8, "application/json");
        var response = await client.PostAsync("https://api.isikuota.com/v1/order", content);
        Console.WriteLine(await response.Content.ReadAsStringAsync());
    }
}

cURL

API_ID="your_api_id"
API_KEY="your_api_key"
SECRET="your_secret_key"
TIMESTAMP=$(date +%s)
REF_ID="INQ-001"  # dari response inquiry

# Business params — key wajib urut A ke Z
CANONICAL_BODY="{\"cmd\":\"pay-pasca\",\"code\":\"MPBPJS\",\"customer_no\":\"1234567890\",\"ref_id\":\"$REF_ID\"}"

BODY_HASH=$(echo -n "$CANONICAL_BODY" | sha256sum | awk '{print $1}')
STRING_TO_SIGN="${API_ID}|${API_KEY}|${TIMESTAMP}|${BODY_HASH}"
SIGNATURE=$(echo -n "$STRING_TO_SIGN" | openssl dgst -sha256 -hmac "$SECRET" | awk '{print $2}')

curl -X POST https://api.isikuota.com/v1/order \
  -H "Content-Type: application/json" \
  -d "{
    \"api_id\":      \"$API_ID\",
    \"timestamp\":   $TIMESTAMP,
    \"signature\":   \"$SIGNATURE\",
    \"cmd\":         \"pay-pasca\",
    \"code\":        \"MPBPJS\",
    \"customer_no\": \"1234567890\",
    \"ref_id\":      \"$REF_ID\"
  }"

Contoh Response

BPJS Kesehatan

{
  "success": true,
  "code": "BILL_PAYMENT_SUCCESS",
  "message": "Pembayaran tagihan berhasil",
  "data": {
    "ref_id": "INQ-001",
    "status": "success",
    "customer_no": "08123456789",
    "customer_name": "Demo Member",
    "code": "MPBPJS",
    "tagihan": 22500,
    "admin": 2700,
    "total": 25200,
    "sn": "S1234554321N",
    "desc": {
      "jumlah_peserta": "2",
      "lembar_tagihan": 1,
      "alamat": "JAKARTA PUSAT",
      "detail": [{ "periode": "01" }]
    },
    "created_at": "2026-05-31 10:41:16"
  },
  "errors": null,
  "meta": null
}

PLN Pascabayar

{
  "success": true,
  "code": "BILL_PAYMENT_SUCCESS",
  "message": "Pembayaran tagihan berhasil",
  "data": {
    "ref_id": "INQ-001",
    "status": "success",
    "customer_no": "08123456789",
    "customer_name": "Demo Member",
    "code": "MPPLNPASCA",
    "tagihan": 8000,
    "admin": 2500,
    "total": 10500,
    "sn": "S1234554321N",
    "desc": {
      "tarif": "R1",
      "daya": 1300,
      "lembar_tagihan": 1,
      "detail": [
        { "periode": "201901", "nilai_tagihan": "8000", "admin": "2500", "denda": "500" }
      ]
    },
    "created_at": "2026-05-31 10:41:16"
  },
  "errors": null,
  "meta": null
}

Internet (Telkom)

{
  "success": true,
  "code": "BILL_PAYMENT_SUCCESS",
  "message": "Pembayaran tagihan berhasil",
  "data": {
    "ref_id": "INQ-001",
    "status": "success",
    "customer_no": "08123456789",
    "customer_name": "Demo Member",
    "code": "MPSPEEDY",
    "tagihan": 19500,
    "admin": 5000,
    "total": 24500,
    "sn": "S1234554321N",
    "desc": {
      "lembar_tagihan": 2,
      "detail": [
        { "periode": "MEI 2019", "nilai_tagihan": "8000", "admin": "2500" },
        { "periode": "JUN 2019", "nilai_tagihan": "11500", "admin": "2500" }
      ]
    },
    "created_at": "2026-05-31 10:41:16"
  },
  "errors": null,
  "meta": null
}

PDAM (Air)

{
  "success": true,
  "code": "BILL_PAYMENT_SUCCESS",
  "message": "Pembayaran tagihan berhasil",
  "data": {
    "ref_id": "INQ-001",
    "status": "success",
    "customer_no": "08123456789",
    "customer_name": "Demo Member",
    "code": "PDAMBANDUNG",
    "tagihan": 10000,
    "admin": 2500,
    "total": 12500,
    "sn": "S1234554321N",
    "desc": {
      "tarif": "3A",
      "lembar_tagihan": 1,
      "alamat": "WONOKROMO S.S BARU 2 8",
      "jatuh_tempo": "1-15 DES 2014",
      "detail": [
        {
          "periode": "201901",
          "nilai_tagihan": "8000",
          "denda": "500",
          "meter_awal": "00080000",
          "meter_akhir": "00090000",
          "biaya_lain": "1500"
        }
      ]
    },
    "created_at": "2026-05-31 10:41:16"
  },
  "errors": null,
  "meta": null
}

Multifinance (Cicilan)

{
  "success": true,
  "code": "BILL_PAYMENT_SUCCESS",
  "message": "Pembayaran tagihan berhasil",
  "data": {
    "ref_id": "INQ-001",
    "status": "success",
    "customer_no": "08123456789",
    "customer_name": "Demo Member",
    "code": "MPMEGACENFINANCE",
    "tagihan": 22500,
    "admin": 2500,
    "total": 25000,
    "sn": "S1234554321N",
    "desc": {
      "lembar_tagihan": 1,
      "item_name": "HONDA VARIO TECHNO 125 PGM FI NON CBS",
      "no_rangka": "MH1JFB111CK196426",
      "no_pol": "B6213UWX",
      "tenor": "030",
      "detail": [{ "periode": "002", "denda": "0", "biaya_lain": "0" }]
    },
    "created_at": "2026-05-31 10:41:16"
  },
  "errors": null,
  "meta": null
}

Gas Negara (PGN)

{
  "success": true,
  "code": "BILL_PAYMENT_SUCCESS",
  "message": "Pembayaran tagihan berhasil",
  "data": {
    "ref_id": "INQ-001",
    "status": "success",
    "customer_no": "08123456789",
    "customer_name": "Demo Member",
    "code": "MPGASNEGARA",
    "tagihan": 97500,
    "admin": 2500,
    "total": 100000,
    "sn": "S1234554321N",
    "desc": {
      "lembar_tagihan": 1,
      "alamat": "KO. GRIYA ASRI CIPAGERAN",
      "detail": [{ "periode": "0320", "meter_awal": "006538", "meter_akhir": "006573" }]
    },
    "created_at": "2026-05-31 10:41:16"
  },
  "errors": null,
  "meta": null
}

HP Pascabayar

{
  "success": true,
  "code": "BILL_PAYMENT_SUCCESS",
  "message": "Pembayaran tagihan berhasil",
  "data": {
    "ref_id": "INQ-001",
    "status": "success",
    "customer_no": "08123456789",
    "customer_name": "Demo Member",
    "code": "MPHPPASCA",
    "tagihan": 10000,
    "admin": 2500,
    "total": 12500,
    "sn": "S1234554321N",
    "desc": {
      "lembar_tagihan": 1
    },
    "created_at": "2026-05-31 10:41:16"
  },
  "errors": null,
  "meta": null
}

⏳ Pending

{
  "success": true,
  "code": "BILL_PAYMENT_PENDING",
  "message": "Pembayaran tagihan sedang diproses",
  "data": {
    "ref_id": "INQ-001",
    "status": "pending",
    "customer_no": "08123456789",
    "customer_name": "Demo Member",
    "code": "MPBPJS",
    "tagihan": 22500,
    "admin": 2700,
    "total": 25200,
    "sn": null,
    "created_at": "2026-05-31 10:41:16"
  },
  "errors": null,
  "meta": null
}

❌ Failed

{
  "success": false,
  "code": "BILL_PAYMENT_FAILED",
  "message": "Pembayaran tagihan gagal",
  "data": null,
  "errors": null,
  "meta": null
}

Field Response

Field	Tipe	Keterangan
ref_id	string	ID referensi transaksi
status	string	Status pembayaran (success / pending / failed)
customer_no	string	Nomor pelanggan
customer_name	string	Nama pelanggan
code	string	Kode produk
tagihan	integer	Nilai tagihan sebelum admin (Rp)
admin	integer	Biaya admin (Rp)
total	integer	Total yang dibayarkan (Rp)
sn	string/null	Serial number bukti bayar (null jika masih pending)
desc	object	Detail tagihan
created_at	string	Waktu transaksi dibuat