Login - Get Access Token

Login to obtain an access token for authenticating subsequent API requests.

Endpoint

POST /api/v1/login

Request Headers

Request Parameters

Request Body

{
    "username": "app_id",
    "password": "app_secret"
}

Response

Success Response

{
    "success": true,
    "message": "Login successful",
    "data": {
        "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
        "token_type": "Bearer",
        "expires_in": 3600,
        "merchant_id": "MERCHANT001",
        "merchant_name": "Your Merchant Name"
    },
    "meta": {
        "timestamp": "2024-01-15T10:30:00Z"
    }
}

Response Fields

Code Examples

PHP Example

<?php

$data = [
    'username' => 'app_id',
    'password' => 'app_secret'
];

$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://openapi.payara.id:7654/api/v1/login',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_CUSTOMREQUEST => 'POST',
    CURLOPT_POSTFIELDS => json_encode($data),
    CURLOPT_HTTPHEADER => array(
        'Content-Type: application/json',
        'Accept: application/json'
    ),
));

$response = curl_exec($curl);
$httpCode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
curl_close($curl);

if ($httpCode === 200) {
    $result = json_decode($response, true);
    $accessToken = $result['data']['access_token'];
    echo "Login successful. Token: " . $accessToken;
} else {
    echo "Login failed";
}

JavaScript Example

const loginData = {
    username: 'app_id',
    password: 'app_secret'
};

try {
    const response = await fetch('https://openapi.payara.id:7654/api/v1/login', {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
            'Accept': 'application/json'
        },
        body: JSON.stringify(loginData)
    });

    if (response.ok) {
        const result = await response.json();
        const accessToken = result.data.access_token;
        console.log('Login successful. Token:', accessToken);

        // Store token for subsequent requests
        localStorage.setItem('swiftrans_token', accessToken);
    } else {
        console.error('Login failed');
    }
} catch (error) {
    console.error('Login error:', error);
}

cURL Example

curl -X POST https://openapi.payara.id:7654/api/v1/login \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
    "username": "app_id",
    "password": "app_secret"
  }'

Using the Access Token

Once you have obtained an access token, include it in the Authorization header of all subsequent API requests:

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...

Token Management

Token Expiration

Access tokens expire after 1 hour (3600 seconds). You should:

1. Store the expires_in value from the login response
2. Refresh the token before it expires by calling the login endpoint again
3. Handle 401 Unauthorized responses by obtaining a new token

Token Storage

• Store tokens securely in your application
• Never expose tokens in client-side code or logs
• Use HTTPS for all API communications

Error Responses

Invalid Credentials

{
    "success": false,
    "message": "Invalid username or password",
    "error_code": "INVALID_CREDENTIALS"
}

Account Suspended

{
    "success": false,
    "message": "Merchant account is suspended",
    "error_code": "ACCOUNT_SUSPENDED"
}

Too Many Attempts

{
    "success": false,
    "message": "Too many login attempts. Please try again later",
    "error_code": "TOO_MANY_ATTEMPTS"
}

Security Best Practices

1. Secure Credentials: Store username and password securely
2. Token Caching: Cache tokens until they expire
3. HTTPS Only: Always use HTTPS for login requests
4. Rate Limiting: Implement login attempt rate limiting
5. Error Handling: Handle login failures gracefully