Daftar Produk
Endpoint untuk mengambil daftar produk yang tersedia berdasarkan tipe: prepaid, game, atau pascabayar.
Endpoint: POST /v1/products
Parameter Request
| Parameter | Tipe | Wajib | Keterangan |
|---|---|---|---|
api_id | string | ✅ | API ID dari pengaturan akun |
timestamp | integer | ✅ | Unix timestamp saat request dikirim |
signature | string | ✅ | HMAC-SHA256 |
cmd | string | ✅ | Tipe produk: prepaid, game, atau pasca |
Nilai cmd
| Nilai | Keterangan |
|---|---|
prepaid | Pulsa dan paket data (Telkomsel, Indosat, XL, Axis, Tri, Smartfren) |
game | Voucher game dan top-up (Mobile Legends, Free Fire, PUBG, dll) |
pasca | Tagihan pascabayar (PLN, BPJS, PDAM, Telkom, dll) |
Contoh Request
- PHP
- JavaScript
- Python
- Java
- C#
- cURL
<?php
$api_id = 'your_api_id';
$api_key = 'your_api_key';
$secret_key = 'your_secret_key';
$timestamp = time();
// Business params
$businessParams = ['cmd' => 'prepaid']; // prepaid | game | pasca
// Urutkan A ke Z (ksort)
ksort($businessParams);
$canonicalBody = json_encode($businessParams, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
$bodyHash = hash('sha256', $canonicalBody);
$stringToSign = implode('|', [$api_id, $api_key, $timestamp, $bodyHash]);
$signature = hash_hmac('sha256', $stringToSign, $secret_key);
$payload = array_merge($businessParams, [
'api_id' => $api_id,
'timestamp' => $timestamp,
'signature' => $signature,
]);
$ch = curl_init('https://api.isikuota.com/v1/products');
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => ['Content-Type: application/json'],
CURLOPT_POSTFIELDS => json_encode($payload),
]);
$response = json_decode(curl_exec($ch), true);
curl_close($ch);
const crypto = require('crypto');
const api_id = 'your_api_id';
const api_key = 'your_api_key';
const secret_key = 'your_secret_key';
const timestamp = Math.floor(Date.now() / 1000);
// Business params — urutkan A ke Z
const businessParams = { cmd: 'prepaid' }; // prepaid | game | pasca
const sorted = Object.fromEntries(
Object.keys(businessParams).sort().map(k => [k, businessParams[k]])
);
const canonicalBody = JSON.stringify(sorted);
const bodyHash = crypto.createHash('sha256').update(canonicalBody).digest('hex');
const stringToSign = `${api_id}|${api_key}|${timestamp}|${bodyHash}`;
const signature = crypto.createHmac('sha256', secret_key).update(stringToSign).digest('hex');
const response = await fetch('https://api.isikuota.com/v1/products', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ ...sorted, api_id, timestamp, signature }),
});
const data = await response.json();
import hmac, hashlib, time, json, requests
api_id = 'your_api_id'
api_key = 'your_api_key'
secret_key = 'your_secret_key'
timestamp = int(time.time())
# Business params — urutkan A ke Z
business_params = {'cmd': 'prepaid'} # prepaid | game | pasca
sorted_params = dict(sorted(business_params.items()))
canonical_body = json.dumps(sorted_params, ensure_ascii=False, separators=(',', ':'))
body_hash = hashlib.sha256(canonical_body.encode()).hexdigest()
string_to_sign = f'{api_id}|{api_key}|{timestamp}|{body_hash}'
signature = hmac.new(secret_key.encode(), string_to_sign.encode(), hashlib.sha256).hexdigest()
payload = {**sorted_params, 'api_id': api_id, 'timestamp': timestamp, 'signature': signature}
response = requests.post('https://api.isikuota.com/v1/products', json=payload)
data = response.json()
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.time.Instant;
import java.util.TreeMap;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.net.http.*;
import java.net.URI;
public class ProductsExample {
static String sha256(String input) throws Exception {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] hash = digest.digest(input.getBytes(StandardCharsets.UTF_8));
StringBuilder sb = new StringBuilder();
for (byte b : hash) sb.append(String.format("%02x", b));
return sb.toString();
}
static String hmacSha256(String data, String key) throws Exception {
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
byte[] hash = mac.doFinal(data.getBytes(StandardCharsets.UTF_8));
StringBuilder sb = new StringBuilder();
for (byte b : hash) sb.append(String.format("%02x", b));
return sb.toString();
}
public static void main(String[] args) throws Exception {
String apiId = "your_api_id";
String apiKey = "your_api_key";
String secretKey = "your_secret_key";
long timestamp = Instant.now().getEpochSecond();
// Business params — TreeMap otomatis urut A ke Z
TreeMap<String, String> businessParams = new TreeMap<>();
businessParams.put("cmd", "prepaid"); // prepaid | game | pasca
ObjectMapper mapper = new ObjectMapper();
String canonicalBody = mapper.writeValueAsString(businessParams);
String bodyHash = sha256(canonicalBody);
String stringToSign = apiId + "|" + apiKey + "|" + timestamp + "|" + bodyHash;
String signature = hmacSha256(stringToSign, secretKey);
java.util.Map<String, Object> payload = new java.util.LinkedHashMap<>(businessParams);
payload.put("api_id", apiId);
payload.put("timestamp", timestamp);
payload.put("signature", signature);
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://api.isikuota.com/v1/products"))
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(mapper.writeValueAsString(payload)))
.build();
HttpResponse<String> response = HttpClient.newHttpClient()
.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using System.Security.Cryptography;
using System.Text;
using System.Text.Json;
using System.Threading.Tasks;
class ProductsExample
{
static string Sha256(string input)
{
using var sha = SHA256.Create();
var bytes = sha.ComputeHash(Encoding.UTF8.GetBytes(input));
return BitConverter.ToString(bytes).Replace("-", "").ToLower();
}
static string HmacSha256(string data, string key)
{
using var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key));
var bytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(data));
return BitConverter.ToString(bytes).Replace("-", "").ToLower();
}
static async Task Main()
{
var apiId = "your_api_id";
var apiKey = "your_api_key";
var secretKey = "your_secret_key";
var timestamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
// Business params — SortedDictionary otomatis urut A ke Z
var businessParams = new SortedDictionary<string, string>
{
{ "cmd", "prepaid" }, // prepaid | game | pasca
};
var canonicalBody = JsonSerializer.Serialize(businessParams);
var bodyHash = Sha256(canonicalBody);
var stringToSign = $"{apiId}|{apiKey}|{timestamp}|{bodyHash}";
var signature = HmacSha256(stringToSign, secretKey);
var payload = new Dictionary<string, object>(
businessParams.Select(x => new KeyValuePair<string, object>(x.Key, x.Value)))
{
{ "api_id", apiId },
{ "timestamp", timestamp },
{ "signature", signature },
};
using var client = new HttpClient();
var json = JsonSerializer.Serialize(payload);
var content = new StringContent(json, Encoding.UTF8, "application/json");
var response = await client.PostAsync("https://api.isikuota.com/v1/products", content);
Console.WriteLine(await response.Content.ReadAsStringAsync());
}
}
API_ID="your_api_id"
API_KEY="your_api_key"
SECRET="your_secret_key"
TIMESTAMP=$(date +%s)
# Business params — key urut A ke Z
CANONICAL_BODY='{"cmd":"prepaid"}'
BODY_HASH=$(echo -n "$CANONICAL_BODY" | sha256sum | awk '{print $1}')
STRING_TO_SIGN="${API_ID}|${API_KEY}|${TIMESTAMP}|${BODY_HASH}"
SIGNATURE=$(echo -n "$STRING_TO_SIGN" | openssl dgst -sha256 -hmac "$SECRET" | awk '{print $2}')
curl -X POST https://api.isikuota.com/v1/products \
-H "Content-Type: application/json" \
-d "{
\"api_id\": \"$API_ID\",
\"timestamp\": $TIMESTAMP,
\"signature\": \"$SIGNATURE\",
\"cmd\": \"prepaid\"
}"
Contoh Response
- Prepaid & Data
- Voucher Game
- Pascabayar
{
"success": true,
"code": "SUCCESS",
"message": "Ditemukan 2911 produk",
"data": [
{
"code": "TSEL10",
"name": "Telkomsel 10.000",
"brand": "TELKOMSEL",
"category": "Pulsa",
"type": "Umum",
"price": 11500,
"is_active": true,
"description": ""
},
{
"code": "AIGO2",
"name": "Voucher AIGO 2 GB 30 Hari",
"brand": "AXIS",
"category": "Voucher",
"type": "Umum",
"price": 22510,
"is_active": true,
"description": "AIGO Bronet 2GB + Kuota di Kota-mu 30hr"
}
],
"errors": null,
"meta": null
}
{
"success": true,
"code": "SUCCESS",
"message": "Ditemukan 120 produk",
"data": [
{
"code": "COC14K",
"name": "Clash of Clans 14.000 Gems",
"brand": "Clash of Clans",
"category": "Clash of Clans",
"type": "diamond",
"price": 1255525,
"is_active": true,
"description": "Masukkan ID Player."
},
{
"code": "FF100",
"name": "Free Fire 100 Diamond",
"brand": "Free Fire",
"category": "Free Fire",
"type": "diamond",
"price": 15500,
"is_active": true,
"description": "Masukkan ID dan Zone ID Player."
}
],
"errors": null,
"meta": null
}
{
"success": true,
"code": "SUCCESS",
"message": "Ditemukan 366 produk",
"data": [
{
"code": "MPBPJS",
"name": "Bpjs Kesehatan",
"brand": "BPJS KESEHATAN",
"category": "BPJS KESEHATAN",
"type": "Umum",
"admin": 3500,
"is_active": true,
"description": "-"
},
{
"code": "MPPLNPASCA",
"name": "PLN Pascabayar",
"brand": "PLN",
"category": "PLN Pascabayar",
"type": "Umum",
"admin": 2500,
"is_active": true,
"description": "-"
}
],
"errors": null,
"meta": null
}
Field Response
Prepaid & Game (cmd=prepaid / cmd=game)
| Field | Tipe | Keterangan |
|---|---|---|
code | string | Kode unik produk — dipakai saat order |
name | string | Nama lengkap produk |
brand | string | Brand/operator produk |
category | string | Kategori produk (Pulsa, Data, Voucher, dll) |
type | string | Tipe produk (Umum, diamond) |
price | integer | Harga jual dalam rupiah |
is_active | boolean | true = produk aktif |
description | string | Cara penggunaan / info tambahan |
Pascabayar (cmd=pasca)
| Field | Tipe | Keterangan |
|---|---|---|
code | string | Kode produk — dipakai saat inquiry & pembayaran |
name | string | Nama lengkap produk |
brand | string | Brand/operator |
category | string | Kategori (PLN, BPJS, PDAM, dll) |
type | string | Tipe produk |
admin | integer | Biaya admin per transaksi dalam rupiah |
is_active | boolean | true = produk aktif |
description | string | Catatan tambahan |
Best Practice
- Cache daftar produk dan update setiap 6–12 jam
- Hanya tampilkan produk dengan
is_active: trueke user - Tampilkan
descriptionjika tidak kosong — biasanya berisi petunjuk penggunaan - Untuk pascabayar, gunakan
codedari endpoint ini saat inquiry tagihan
Alur Transaksi Pascabayar
Produk pascabayar tidak langsung dibeli — harus melalui inquiry dulu:
- Ambil daftar produk pascabayar (
cmd=pasca) - Lakukan inquiry tagihan
- Konfirmasi ke user
- Bayar tagihan