API Authentication
Process
- Merchant calls the API to obtain a JWT Token.
- Baokim authenticates the merchant based on direct integration:
- If Master Merchant integrates directly, use Master authentication credentials.
- If Sub Merchant integrates directly, use Sub authentication credentials.
API Information
Method: POST
URL: /b2b/auth-service/api/oauth/get-token
If Master integrates → use Master credentials. If Sub integrates → use Sub credentials.
Request
Main Parameters
| Field Name | Type | Required | Description |
|---|---|---|---|
| merchant_code | String(50) | ✅ | Merchant code provided by Baokim |
| client_id | String(50) | ✅ | Client ID provided by Baokim |
| client_secret | String(50) | ✅ | Client secret provided by Baokim |
Request Example
{
"merchant_code": "BAOKIMMRC",
"client_id": "BAOKIMMRC",
"client_secret": "iOiJKV1QiLCJhbGciOiJIUzI1NiJ9"
}
Response
Main Parameters
| No | Field Name | Data Type | Required | Description |
|---|---|---|---|---|
| 1 | code | Number(3) | ✅ | Baokim error code |
| 2 | message | String(200) | ✅ | Baokim error message |
| 3 | data | Object | ✅ | Data returned by Baokim |
Data Information
| No. | Field Name | Data Type | Required | Description |
|---|---|---|---|---|
| 1 | access_token | String | ✅ | JWT Token string |
| 2 | token_type | String | ✅ | Token type (bearer) |
| 3 | expired_at | DateTime | ✅ | Token expiration time |
{
"code": 100,
"message": "Successfully",
"data": {
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjkyOTIvYXBpL2IyYl9hdXRoL2xvZ2luIiwiaWF0IjoxNzA2MDgwODU1LCJleHAiOjE3MDYwODQ0NTUsIm5iZiI6MTcwNjA4MDg1NSwianRpIjoiV0FUWnpJZTB3d0NuU1dpNSIsInN1YiI6IjEiLCJwcnYiOiIyM2JkNWM4OTQ5ZjYwMGFkYjM5ZTcwMWM0MDA4NzJkYjdhNTk3NmY3IiwibWVyY2hhbnRfaW5mbyI6eyJjb2RlIjoiYWJjIn0sInNjb3BlcyI6W3siYWN0aW9uIjoiR0VUIiwidXJpIjoiYWJjLmNvbSJ9LHsiYWN0aW9uIjoiUE9TVCIsInVyaSI6Inh5ei5jb20ifV19.aRfdvwFz8CDiBqHoCG8IGfPC0bO4vhXRvY76dupRx9k",
"token_type": "bearer",
"expired_at": "2025-10-30 14:41:00"
}
}
Error Code Table
| Error Code | Description |
|---|---|
| 100 | Success |
| 11 | Failed |
| 101 | Baokim system error |
| 104 | OAuth authentication error |
| 105 | Signature authentication error |
| 422 | Validation error: RequestId invalid |
| 422 | Validation error: RequestTime invalid |
| 422 | Validation error: PartnerCode invalid |
| 422 | Card_data invalid |
| 422 | Amount invalid |
| 301 | Order not found by order_code |
| 302 | Card issue (does not exist, expired) |
| 303 | Card declined |
| 304 | Insufficient card balance |
| 305 | User cancelled transaction |
| 306 | Incorrect OTP |
| 308 | Transaction has not completed Authentication |
| 309 | Transaction has not completed Authorization |
| 310 | Transaction already reversed — cannot capture |
| 311 | Transaction already captured — cannot reverse |
| 313 | Bank-side processing error |