Authentication
Initial Setup
Before using the API, you need to:
- Contact the administrator to get your API key
- Provide your server's IP address to be whitelisted
- Wait for confirmation that your IP has been whitelisted
General Authentication
All API requests require authentication using your API key in the header:
Authorization: Bearer {your_api_key}IP Whitelist
For security reasons, API access is restricted to whitelisted IP addresses only. If you receive a "403 IP belum di whitelist" error, please contact the administrator to whitelist your IP address.
Endpoint-Specific Authentication
1. Product List Endpoint
Simple API key authentication:
Authorization: Bearer {your_api_key}2. Status Check Endpoint
Requires a special hash authentication:
Authorization: Bearer {hash}Where hash is generated using:
hash = SHA256(api_key + transaction_id)Security Notes
- Never share your API key with anyone
- Keep your API key secure and rotate it regularly
- Monitor your API usage for any suspicious activity
- Contact support immediately if you suspect your API key has been compromised
Check Transaction Status
POST /api/cek-status
Headers
Authorization: Bearer {hash}
Content-Type: application/json
Authentication
The endpoint requires authentication using a hash generated from the following formula:
hash = SHA256(api_key + transaction_id)
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| trx_id | String | Yes | Unique transaction ID (order_id) |
Example Request
{
"trx_id": "TRX_123456789"
}
Response Structure
{
"status": "success",
"message": "Berhasil mendapatkan status transaksi",
"code": 200,
"data": {
"order_id": "TRX_123456789",
"user_id": "123",
"produk": "Mobile Legends Diamonds",
"harga": 15000,
"status": "Success",
"keterangan": "Pembelian berhasil",
"zone": "1234",
"nickname": "Player123"
}
}
Response Fields
| Field | Type | Description |
|---|---|---|
| status | String | Response status (success/error) |
| message | String | Response message |
| code | Integer | HTTP status code |
| data.order_id | String | Transaction ID |
| data.user_id | String | User ID |
| data.produk | String | Product name |
| data.harga | Integer | Product price |
| data.status | String | Transaction status (Success/Pending/Batal) |
| data.keterangan | String | Additional information (if available) |
| data.zone | String | Game zone (if applicable) |
| data.nickname | String | Player nickname (if applicable) |
Error Responses
| Code | Message | Description |
|---|---|---|
| 400 | Transaction ID is required | Missing transaction ID in request |
| 401 | Unauthorized | Missing or invalid authorization header |
| 401 | Invalid hash combination | Invalid authentication hash |
| 403 | IP belum di whitelist | IP address not whitelisted |
| 403 | IP address not authorized | IP address doesn't match registered IP |
| 404 | Transaction not found | Transaction ID doesn't exist |
| 404 | User not found | Associated user not found |
| 429 | Too many requests | Rate limit exceeded (30 requests per minute) |
| 500 | Internal Server Error | Server-side error occurred |
Rate Limiting
This endpoint is rate limited to 30 requests per minute per user.
Product List
GET /api/list-product
Headers
Authorization: Bearer {your_api_key}
Response Structure
{
"status": "success",
"message": "Berhasil mendapatkan list product",
"code": 200,
"data": [
{
"kode": "1",
"kategori": "Mobile Games",
"produk": "Mobile Legends Diamonds",
"harga": 15000,
"catatan": "Minimal pembelian 100 diamonds",
"status": "Aktif"
}
]
}
Response Fields
| Field | Type | Description |
|---|---|---|
| status | String | Response status (success/error) |
| message | String | Response message |
| code | Integer | HTTP status code |
| data[].kode | String | Product ID |
| data[].kategori | String | Product category name |
| data[].produk | String | Product name |
| data[].harga | Integer | Product price (varies based on user role) |
| data[].catatan | String | Additional product notes |
| data[].status | String | Product status (Aktif/NonAktif) |
Error Responses
| Code | Message | Description |
|---|---|---|
| 401 | Unauthorized | API key not provided |
| 401 | Invalid API key | Invalid or non-existent API key |
| 403 | IP belum di whitelist | IP address not whitelisted |
| 403 | IP address not authorized | IP address doesn't match registered IP |
| 429 | Too many requests. Please try again later. | Rate limit exceeded (20 requests per minute) |
| 500 | Internal Server Error | Server-side error occurred |
Rate Limiting
This endpoint is rate limited to 20 requests per minute per IP address.
Price Variation
Product prices may vary based on the user's role:
Platinum
Platinum Prices
Gold
Gold Prices
Member
Member Prices
Regular
Standard Prices
Order
POST /api/order
Headers
Authorization: Bearer {hash}
X-API-Key: {your_api_key}
X-Request-Time: {current_timestamp}
Content-Type: application/json
Authentication
The endpoint requires multiple authentication headers and a special hash. The hash is generated using:
hash = SHA256(api_key + ref_id + price)
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| user_id | String | Yes | Game user ID or player ID |
| zone | String | No | Game zone/server (if applicable) |
| produk_id | String | Yes | Product ID from product list |
| ref_id | String | Yes | Unique reference ID for the order |
Example Request
{
"user_id": "123456",
"zone": "1234",
"produk_id": "1",
"ref_id": "REF_123456789"
}
Response Structure
{
"status": "success",
"message": "Order created successfully",
"code": 200,
"data": {
"order_id": "INV-ABC123XYZ",
"user_id": "123456",
"zone": "1234",
"produk": "Mobile Legends Diamonds",
"harga": 15000,
"status": "Pending"
}
}
Response Fields
| Field | Type | Description |
|---|---|---|
| status | String | Response status (success/error) |
| message | String | Response message |
| code | Integer | HTTP status code |
| data.order_id | String | Unique order ID |
| data.user_id | String | Game user ID |
| data.zone | String | Game zone/server |
| data.produk | String | Product name |
| data.harga | Integer | Order price |
| data.status | String | Order status (Success/Pending/Batal) |
Error Responses
| Code | Message | Description |
|---|---|---|
| 400 | Request expired | X-Request-Time is more than 5 minutes old |
| 400 | Invalid X-Request-Time format | Invalid timestamp format |
| 400 | Product is not available | Selected product is not available for purchase |
| 400 | Saldo tidak cukup | Insufficient balance |
| 401 | Unauthorized: Missing required headers | Missing authentication headers |
| 401 | Invalid API key | Invalid or non-existent API key |
| 401 | Invalid hash combination | Invalid authentication hash |
| 403 | IP address not authorized | IP address doesn't match registered IP |
| 404 | Product not found | Product ID doesn't exist |
| 429 | Too many requests | Rate limit exceeded (100 requests per minute per IP, 30 per user) |
| 500 | Internal Server Error | Server-side error occurred |
Rate Limiting
This endpoint has two rate limits:
- 100 requests per minute per IP address
- 30 requests per minute per user
Important Notes
- X-Request-Time must be within 5 minutes of the server time
- ref_id must be unique for each order
- Order will be processed only if user has sufficient balance
- Order status will be updated asynchronously