Lấy đường dẫn xác thực
GET
URLhttps://open-api.tingee.vn/v1/direct-link/get-authorization-url
Lấy URL xác thực tài khoản ( chỉ dùng với BIDV )
Header Request
| Header | Bắt buộc | Mô tả |
|---|---|---|
Content-Type | ✓ | application/json |
x-client-id | ✓ | Mã định danh của đối tác do TINGEE cung cấp. |
x-signature | ✓ | Chữ ký xác thực HMAC SHA512. |
x-request-timestamp | ✓ | Thời gian gửi request (format: yyyyMMddHHmmssSSS, múi giờ UTC+7) |
Query Parameters
| Trường | Kiểu | Bắt buộc | Mô tả |
|---|---|---|---|
bankBin | string | ✓ | Mã BIN ngân hàng. Mặc định truyền 970418 là mã BIN của BIDV |
role | string | ✓ | Vai trò của tài khoản cần xác thực - Maker: Tài khoản tạo lệnh chi hộ - Checker: Tài khoản duyệt lệnh chi hộ |
returnUrl | string | ✓ | URL chuyển hướng người dùng quay lại sau khi thực hiện xác thực |
Ví dụ mã nguồn
- cURL
- NestJS
- C#
- Java
- PHP
curl --location --request GET 'https://open-api.tingee.vn/v1/direct-link/get-authorization-url?bankBin=970418&role=Maker&returnUrl=https://yourdomain.com/callback' \
--header 'accept: application/json' \
--header 'x-signature: YOUR_SIGNATURE' \
--header 'x-request-timestamp: 20251110175110111' \
--header 'x-client-id: YOUR_CLIENT_ID' \
--header 'Content-Type: application/json'
import axios from "axios";
import { createHmac } from "crypto";
import { format } from 'date-fns';
async function makeRequest() {
const body = {}; // Empty body for GET request signature
const timestamp = format(new Date(), "yyyyMMddHHmmssSSS");
const secretKey = "YOUR_SECRET_KEY";
const message = `${timestamp}:${JSON.stringify(body)}`;
const signature = createHmac('sha512', secretKey).update(message).digest('hex');
const res = await axios({
method: 'GET',
url: 'https://open-api.tingee.vn/v1/direct-link/get-authorization-url?bankBin=970418&role=Maker&returnUrl=https://yourdomain.com/callback',
data: null,
headers: {
"x-client-id": "YOUR_CLIENT_ID",
"x-request-timestamp": timestamp,
"x-signature": signature,
"Content-Type": "application/json",
"accept": "application/json"
}
});
console.log(res.data);
}
using System;
using System.Net.Http;
using System.Text;
using System.Text.Json;
using System.Security.Cryptography;
using System.Threading.Tasks;
public class TingeeApiExample
{
private static readonly HttpClient client = new HttpClient();
public static async Task Main()
{
var body = new {};
var timestamp = DateTime.Now.ToString("yyyyMMddHHmmssfff");
var secretKey = "YOUR_SECRET_KEY";
var bodyJson = JsonSerializer.Serialize(body);
var message = $"{timestamp}:{bodyJson}";
var signature = CreateHmacSha512(secretKey, message);
var request = new HttpRequestMessage(HttpMethod.Get, "https://open-api.tingee.vn/v1/direct-link/get-authorization-url?bankBin=970418&role=Maker&returnUrl=https://yourdomain.com/callback");
request.Headers.Add("x-signature", signature);
request.Headers.Add("x-request-timestamp", timestamp);
request.Headers.Add("x-client-id", "YOUR_CLIENT_ID");
request.Headers.Add("accept", "application/json");
var response = await client.SendAsync(request);
string result = await response.Content.ReadAsStringAsync();
Console.WriteLine(result);
}
private static string CreateHmacSha512(string key, string message)
{
using var hmac = new HMACSHA512(Encoding.UTF8.GetBytes(key));
var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(message));
return BitConverter.ToString(hash).Replace("-", "").ToLower();
}
}
import java.net.http.*;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
public class TingeeApiExample {
public static void main(String[] args) throws Exception {
String bodyJson = "{}";
String secretKey = "YOUR_SECRET_KEY";
String timestamp = LocalDateTime.now().format(DateTimeFormatter.ofPattern("yyyyMMddHHmmssSSS"));
String message = timestamp + ":" + bodyJson;
String signature = hmacSha512(secretKey, message);
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://open-api.tingee.vn/v1/direct-link/get-authorization-url?bankBin=970418&role=Maker&returnUrl=https://yourdomain.com/callback"))
.header("accept", "application/json")
.header("x-signature", signature)
.header("x-request-timestamp", timestamp)
.header("x-client-id", "YOUR_CLIENT_ID")
.header("Content-Type", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
private static String hmacSha512(String key, String data) throws Exception {
Mac mac = Mac.getInstance("HmacSHA512");
SecretKeySpec secretKeySpec = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "HmacSHA512");
mac.init(secretKeySpec);
byte[] hash = mac.doFinal(data.getBytes(StandardCharsets.UTF_8));
return toHex(hash);
}
private static String toHex(byte[] bytes) {
StringBuilder hex = new StringBuilder(bytes.length * 2);
for (byte b : bytes) {
hex.append(String.format("%02x", b));
}
return hex.toString();
}
}
function makeApiRequest() {
$body = (object)[];
$jsonBody = json_encode($body);
$timestamp = date("YmdHis") . substr((string)microtime(true), -3);
$secretKey = "YOUR_SECRET_KEY";
$message = $timestamp . ":" . $jsonBody;
$signature = hash_hmac("sha512", $message, $secretKey);
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => "https://open-api.tingee.vn/v1/direct-link/get-authorization-url?bankBin=970418&role=Maker&returnUrl=https://yourdomain.com/callback",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => [
"Accept: application/json",
"Content-Type: application/json",
"x-client-id: YOUR_CLIENT_ID",
"x-request-timestamp: " . $timestamp,
"x-signature: " . $signature
]
]);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
}
makeApiRequest();
Response mẫu
{
"code": "00",
"message": "Success",
"data": "https://www.bidv.net/bidvdirectuat/auth/realms/ibank/protocol/openid-connect/auth?client_id=a2910ceecf2841ac9797aff5312e5530&redirect_uri=https%3A%2F%2Fuat-open-api.tingee.vn%2Fv1%2Fdirect-link%2Fcallback&response_type=code&scope=openid&code_challenge=pqnBhc_OSs0P-GrSa26mNI5dE7kVfACuOgyfngO4JsM&code_challenge_method=S256&app_code=25607354&device_id=f7a3b2c1-9d4e-4f8b-a6c5-3e2d1b0a9f8e&ui_locales=vi-vn&state=4c951682-2285-473c-98e3-0f1a7901c04c"
}
| Trường | Kiểu | Mô tả |
|---|---|---|
code | string | Mã kết quả (00 = Thành công). |
message | string | Thông điệp phản hồi. |
data | string | URL để điều hướng người dùng sang trang xác thực của ngân hàng BIDV. |
Mã lỗi thường gặp
| Code | Mô tả | Hướng xử lý |
|---|---|---|
90 | Sai format timestamp | Kiểm tra format yyyyMMddHHmmssSSS. |
91 | Request quá hạn | Kiểm tra thời gian gửi request. |
97 | Sai chữ ký | Kiểm tra lại Secret Key và logic tạo Signature. |
Others | Lỗi khác | Xem Danh sách mã lỗi. |