Getting started | Bangkok Bank Developer Portal

Step 1: Register and Log In

Step 1: Register and Log In Begin by registering and logging in You can follow these steps:

Click on "Sign Up" on the homepage of the API portal, then enter the necessary information for registration. Set your password. After confirming and creating your new user account, you will receive an email for confirmation.

2. After successful registration confirmation, you can use the API Portal

Step 2: Create an App for Testing API

Creating an app is the initial step for accessing the Sandbox API. Each account can create a maximum of 3 apps, and each app will receive an API key and secret for testing.

Click on your username in the top right corner of the screen, then click on the "My Apps" menu. This will take you to the Application Management page. Click the "Create App" button to create a new app.
Provide the necessary information for app creation, then click "Save."
Once you have successfully created the app, the screen will display a list of apps, and you will receive a Consumer ID and Secret that can be used for testing APIs in the Sandbox.

Step 3: Authentication

1. When the app is successfully created, you will receive the app’s API key and secret required to gain access to the sandbox APIs.

2. In submitting a token request, the value of header must be entered per the following format:

Authorization: Basic base64(consumer_key:consumer_secret)

Username (Consumer Key) and password (Consumer secret) are entered in succession, with a single colon (:) in between.
The string result will be encoded (Base64). Character set should be UTF-8.

According to basic authorization method, put “Basic” at the front, followed by the encoded string from the above item.

curl --request POST 'https://api-sandbox.bangkokbank.com/oauth/accesstoken' \
--header 'Authorization: Basic 
QkF6V29tNGxLa3VVTjdNVVYxTFlPR2hyMllkS0ZoUVc6R01idmJScVRYN3NrT1FWVQ==' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'scope=READ CREATE' \
--data-urlencode 'grant_type=client_c

Digital Signature - JWT Guide

Bangkok Bank’s API securely utilizes payment information using the JSON Web Token (JWT) standard (RFC 7519). JWTs can be verified using digital signatures created with a public/private (RSA256) key pair.

Guide to generate JWT token

To generate a JSON Web Token (JWT), partners need their secret key and request data, and must use the RSA256 signing algorithm to generate the token.

Partners can use JWT.IO library based on the coding language your applications are utilizing

For Sandbox purpose , you can use the following key to generate your digital signature as per the guide Below

Before you can generate a JWT signature, you'll need to obtain your API credentials as per the guide above

To generate the JWT signature, Our Developer portal has provided you with the utility API to easily construct a JWT signature based on the payload you are utilizing for the API calls:

Construct a POST request to our /v1/jwt/partner endpoint. Here's an example of the request:

POST /v1/jwt/partner HTTP/1.1
Host: api-sandbox.bangkokbank.com
Content-Type: application/json
Authorization: <Your oAuth Token>

{
    "serviceCode": "BBLSANDBOX",
    "billerId": "010755000023800",
    "reference1": "1124579998",
    "reference2": "78897",
    "totalAmount": 250.20,
    "shopImage": "UE5HDQoaCgAAAA1JSERSAAAAGAAAABgIBAAAAEp+cwAAAARnQU1BAAALYQUAAAAgY0hSTQAAeiYAAAAAAAAAAAB1MAAAYAAAOgAAF3BRPAAAAAJiS0dEAAAjMgAAAAlwSFlzAAAOAAAOASsOGwAAAAd0SU1FBwQTBTAHAAABPklEQVQ4L0xbURQPDShUEzJDMhQTAGokEwVDJkkwWzIzRUItMDEgOGpqNmAwZitZdxARXmsaSHNzXjoKcU9GcEcmQiUqQghiKS8DKlZcFjo2bAhtCVk/WxIVKypCb0I4N2kJUnxwUiRYEHERahwIQit0fUUGD3VrYUcITWkQLGsKbWpXPl81TDFsL01lVRNAQQsORksaGHMvPDBPHUh2XXt3AWEjCgAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAxOS0wNC0xOVQwMzo0ODowNyswMjowMBZ8AAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE5LTA0LTE5VDAzOjQ4OjA3KzAyOjAwZ3EAAAAZdEVYdFNvZnR3YXJlAHd3dy5pbmtzY2FwZS5vcmc8GgAAAABJRU5EQmA=",
    "shopName": "Sandbox SHOP",
    "osPlatform": "ANDROID",
    "currencyCode": "THB",
    "shippingFee": 30.20,
    "buyerName": "Sandbox Buyer",
    "promotionCode": "BBLSAVE10",
    "additionalInfo": [{
        "name": "string",
        "value": "string"
    }],
    "partnerAppUrl": "com.shop.mobilepartnersandbox://payment",
    "transType": "APP2APP"
}

Ensure you replace <Your API Token> with your actual API token obtained from your Application credentials The request body contains the payload for which you want to generate the JWT signature. Customize the payload according to your requests.

Upon successful API request, you will receive a response containing the generated JWT signature. Use this JWT signature in the appropriate headers or authentication mechanisms for subsequent API requests on our platform. The JWT signature acts as proof of authentication and authorization.

Decoding and Verifying a JWT

decode a JWT, paste it into the 'Encoded' box. JWT.IO will automatically decode the token and display the header and payload.

To verify a JWT, enter the secret key used to sign the JWT into the 'VERIFY SIGNATURE' box. If the signature is valid, you will see the message 'Signature Verified'. If the signature is not valid, or if the message was changed, you will see the message 'Invalid Signature'.

Note: For security purposes, JWT.IO does not remember the secret keys you input into the site.

Using the API Explorer

1. Making calls to APIs in the API Explorer

After retrieving the token and generating the signature, you can try the API products in the freely accessible environment.

2. Making calls using postman collections

You can also choose to download the postman collections and test out the scenarios covered in the sandbox.

Test API via Postman

You can also choose to download the Postman collections and test out the APIs covered in the sandbox from each of API product on the developer portal or via the link below

App To App APIs	Download Collection
Thai QR APIs	Download Collection

How to Import Postman Collections

Step 1:

Open Postman: Launch the Postman application.
Click on the 'Import' button at the top left of the Postman window.
In the import dialog, select the downloaded collection file or drag and drop it into the dialog box.
Click on 'Import' to add the collection to your Postman workspace.

Step 2:

In the "Import File" modal, click on the "Choose Files" button and select the Postman collection file you downloaded from our developer portal to import.

Step 3: Enjoy testing

Select a Request: From the imported collection, select the API request you want to test.
Configure-Request: If needed, modify the request parameters, headers, or body to suit your test case.
Send Request: Click the 'Send' button to execute the request.
View Response: Observe the response returned by the API in the lower section of the Postman window.

Going Live

Before you can submit a Go-Live request, make sure you understand the bank's API and how it works. This usually involves reading the API documentation, which should provide details about the API's endpoints, the request/response format, the authentication method (like OAuth or JWT), error codes, rate limiting, and more. Initiated some application development on your end by integrating and testing the sandbox version of APIs

1. Register Company Information