Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
midtrans-client
Advanced tools
Midtrans ❤️ Node JS!
This is the Official Node JS API client/library for Midtrans Payment API. Visit https://midtrans.com. More information about the product and see documentation at http://docs.midtrans.com for more technical details.
npm install --save midtrans-client
If you are not using NPM, you can clone or download this repository.
Then require from index.js
file.
let midtransClient = require('./midtrans-client-nodejs/index.js');
We have 2 different products of payment that you can use:
Choose one that you think best for your unique needs.
Get your client key and server key from Midtrans Dashboard
Create API client object
const midtransClient = require('midtrans-client');
// Create Core API instance
let coreApi = new midtransClient.CoreApi({
isProduction : false,
serverKey : 'YOUR_SERVER_KEY',
clientKey : 'YOUR_CLIENT_KEY'
});
const midtransClient = require('midtrans-client');
// Create Snap API instance
let snap = new midtransClient.Snap({
isProduction : false,
serverKey : 'YOUR_SERVER_KEY',
clientKey : 'YOUR_CLIENT_KEY'
});
You can also re-set config using Snap.apiConfig.set( ... )
example:
const midtransClient = require('midtrans-client');
// Create Snap API instance, empty config
let snap = new midtransClient.Snap();
snap.apiConfig.set({
isProduction : false,
serverKey : 'YOUR_SERVER_KEY',
clientKey : 'YOUR_CLIENT_KEY'
});
// You don't have to re-set using all the options,
// i.e. set serverKey only
snap.apiConfig.set({serverKey : 'YOUR_SERVER_KEY'});
You can also set config directly from attribute
const midtransClient = require('midtrans-client');
// Create Snap API instance, empty config
let snap = new midtransClient.Snap();
snap.apiConfig.isProduction = false;
snap.apiConfig.serverKey = 'YOUR_SERVER_KEY';
snap.apiConfig.clientKey = 'YOUR_CLIENT_KEY';
You can see Snap example here.
Available methods for Snap
class
// return Snap API /transaction response as Promise of Object
createTransaction(parameter)
// return Snap API /transaction token as Promise of String
createTransactionToken(parameter)
// return Snap API /transaction redirect_url as Promise of String
createTransactionRedirectUrl(parameter)
parameter
is Object or String of JSON of SNAP Parameter
const midtransClient = require('midtrans-client');
// Create Snap API instance
let snap = new midtransClient.Snap({
isProduction : false,
serverKey : 'YOUR_SERVER_KEY',
clientKey : 'YOUR_CLIENT_KEY'
});
let parameter = {
"transaction_details": {
"order_id": "test-transaction-123",
"gross_amount": 200000
}, "credit_card":{
"secure" : true
}
};
snap.createTransaction(parameter)
.then((transaction)=>{
// transaction token
let transactionToken = transaction.token;
console.log('transactionToken:',transactionToken);
})
// alternative way to create transactionToken
// snap.createTransactionToken(parameter)
// .then((transactionToken)=>{
// console.log('transactionToken:',transactionToken);
// })
On frontend / html:
Replace PUT_TRANSACTION_TOKEN_HERE
with transactionToken
acquired above
<html>
<body>
<button id="pay-button">Pay!</button>
<pre><div id="result-json">JSON result will appear here after payment:<br></div></pre>
<!-- TODO: Remove ".sandbox" from script src URL for production environment. Also input your client key in "data-client-key" -->
<script src="https://app.sandbox.midtrans.com/snap/snap.js" data-client-key="<Set your ClientKey here>"></script>
<script type="text/javascript">
document.getElementById('pay-button').onclick = function(){
// SnapToken acquired from previous step
snap.pay('PUT_TRANSACTION_TOKEN_HERE', {
// Optional
onSuccess: function(result){
/* You may add your own js here, this is just example */ document.getElementById('result-json').innerHTML += JSON.stringify(result, null, 2);
},
// Optional
onPending: function(result){
/* You may add your own js here, this is just example */ document.getElementById('result-json').innerHTML += JSON.stringify(result, null, 2);
},
// Optional
onError: function(result){
/* You may add your own js here, this is just example */ document.getElementById('result-json').innerHTML += JSON.stringify(result, null, 2);
}
});
};
</script>
</body>
</html>
Also available as examples here.
const midtransClient = require('midtrans-client');
// Create Snap API instance
let snap = new midtransClient.Snap({
isProduction : false,
serverKey : 'YOUR_SERVER_KEY',
clientKey : 'YOUR_CLIENT_KEY'
});
let parameter = {
"transaction_details": {
"order_id": "test-transaction-123",
"gross_amount": 200000
}, "credit_card":{
"secure" : true
}
};
snap.createTransaction(parameter)
.then((transaction)=>{
// transaction redirect_url
let redirectUrl = transaction.redirect_url;
console.log('redirectUrl:',redirectUrl);
})
// alternative way to create redirectUrl
// snap.createTransactionRedirectUrl(parameter)
// .then((redirectUrl)=>{
// console.log('redirectUrl:',redirectUrl);
// })
You can see some Core API examples here.
Available methods for CoreApi
class
/**
* Do `/charge` API request to Core API
* @param {Object} parameter - object of Core API JSON body as parameter, will be converted to JSON (more params detail refer to: https://api-docs.midtrans.com)
* @return {Promise} - Promise contains Object from JSON decoded response
*/
charge(parameter={})
/**
* Do `/capture` API request to Core API
* @param {Object} parameter - object of Core API JSON body as parameter, will be converted to JSON (more params detail refer to: https://api-docs.midtrans.com)
* @return {Promise} - Promise contains Object from JSON decoded response
*/
capture(parameter={})
/**
* Do `/card/register` API request to Core API
* @param {Object} parameter - object of Core API JSON body as parameter, will be converted to JSON (more params detail refer to: https://api-docs.midtrans.com)
* @return {Promise} - Promise contains Object from JSON decoded response
*/
cardRegister(parameter={})
/**
* Do `/token` API request to Core API
* @param {Object} parameter - object of Core API JSON body as parameter, will be converted to JSON (more params detail refer to: https://api-docs.midtrans.com)
* @return {Promise} - Promise contains Object from JSON decoded response
*/
cardToken(parameter={})
/**
* Do `/point_inquiry/<tokenId>` API request to Core API
* @param {String} tokenId - tokenId of credit card (more params detail refer to: https://api-docs.midtrans.com)
* @return {Promise} - Promise contains Object from JSON decoded response
*/
cardPointInquiry(tokenId)
parameter
is Object or String of JSON of Core API Parameter
Get token should be handled on Frontend please refer to API docs
const midtransClient = require('midtrans-client');
// Create Core API instance
let core = new midtransClient.CoreApi({
isProduction : false,
serverKey : 'YOUR_SERVER_KEY',
clientKey : 'YOUR_CLIENT_KEY'
});
let parameter = {
"payment_type": "credit_card",
"transaction_details": {
"gross_amount": 12145,
"order_id": "test-transaction-54321",
},
"credit_card":{
"token_id": 'CREDIT_CARD_TOKEN', // change with your card token
"authentication": true
}
};
// charge transaction
core.charge(parameter)
.then((chargeResponse)=>{
console.log('chargeResponse:');
console.log(chargeResponse);
});
The credit card charge result may contains redirect_url
for 3DS authentication. 3DS Authentication should be handled on Frontend please refer to API docs
For full example on Credit Card 3DS transaction refer to:
IMPORTANT NOTE: To update transaction status on your backend/database, DO NOT solely rely on frontend callbacks! For security reason to make sure the status is authentically coming from Midtrans, only update transaction status based on HTTP Notification or API Get Status.
Create separated web endpoint (notification url) to receive HTTP POST notification callback/webhook. HTTP notification will be sent whenever transaction status is changed. Example also available here
const midtransClient = require('midtrans-client');
// Create Core API / Snap instance (both have shared `transactions` methods)
let apiClient = new midtransClient.Snap({
isProduction : false,
serverKey : 'YOUR_SERVER_KEY',
clientKey : 'YOUR_CLIENT_KEY'
});
apiClient.transaction.notification(notificationJson)
.then((statusResponse)=>{
let orderId = statusResponse.order_id;
let transactionStatus = statusResponse.transaction_status;
let fraudStatus = statusResponse.fraud_status;
console.log(`Transaction notification received. Order ID: ${orderId}. Transaction status: ${transactionStatus}. Fraud status: ${fraudStatus}`);
// Sample transactionStatus handling logic
if (transactionStatus == 'capture'){
// capture only applies to card transaction, which you need to check for the fraudStatus
if (fraudStatus == 'challenge'){
// TODO set transaction status on your databaase to 'challenge'
} else if (fraudStatus == 'accept'){
// TODO set transaction status on your databaase to 'success'
}
} else if (transactionStatus == 'settlement'){
// TODO set transaction status on your databaase to 'success'
} else if (transactionStatus == 'deny'){
// TODO you can ignore 'deny', because most of the time it allows payment retries
// and later can become success
} else if (transactionStatus == 'cancel' ||
transactionStatus == 'expire'){
// TODO set transaction status on your databaase to 'failure'
} else if (transactionStatus == 'pending'){
// TODO set transaction status on your databaase to 'pending' / waiting payment
}
});
Also available as examples here
// get status of transaction that already recorded on midtrans (already `charge`-ed)
apiClient.transaction.status('YOUR_ORDER_ID OR TRANSACTION_ID')
.then((response)=>{
// do something to `response` object
});
// get transaction status of VA b2b transaction
apiClient.transaction.statusb2b('YOUR_ORDER_ID OR TRANSACTION_ID')
.then((response)=>{
// do something to `response` object
});
// approve a credit card transaction with `challenge` fraud status
apiClient.transaction.approve('YOUR_ORDER_ID OR TRANSACTION_ID')
.then((response)=>{
// do something to `response` object
});
// deny a credit card transaction with `challenge` fraud status
apiClient.transaction.deny('YOUR_ORDER_ID OR TRANSACTION_ID')
.then((response)=>{
// do something to `response` object
});
apiClient.transaction.cancel('YOUR_ORDER_ID OR TRANSACTION_ID')
.then((response)=>{
// do something to `response` object
});
apiClient.transaction.expire('YOUR_ORDER_ID OR TRANSACTION_ID')
.then((response)=>{
// do something to `response` object
});
let parameter = {
"refund_key": "order1-ref1",
"amount": 5000,
"reason": "Item out of stock"
}
apiClient.transaction.refund('YOUR_ORDER_ID OR TRANSACTION_ID',parameter)
.then((response)=>{
// do something to `response` object
});
let parameter = {
"refund_key": "order1-ref1",
"amount": 5000,
"reason": "Item out of stock"
}
apiClient.transaction.refundDirect('YOUR_ORDER_ID OR TRANSACTION_ID',parameter)
.then((response)=>{
// do something to `response` object
});
When using function that result in Midtrans API call e.g: core.charge(...)
or snap.createTransaction(...)
there's a chance it may throw error (MidtransError
object), the error object will contains below properties that can be used as information to your error handling logic:
snap.createTransaction(parameter)
.then((res)=>{
})
.catch((e)=>{
e.message // basic error message string
e.httpStatusCode // HTTP status code e.g: 400, 401, etc.
e.ApiResponse // JSON of the API response
e.rawHttpClientData // raw Axios response object
})
Under the hood this API wrapper is using Axios as http client. You can override the default config.
You can set via the value of this <api-client-instance>.httpClient.http_client.defaults
object, like described in Axios guide. e.g:
// create instance of api client
let snap = new midtransClient.Snap({
isProduction : false,
serverKey : 'YOUR_SERVER_KEY',
clientKey : 'YOUR_CLIENT_KEY'
});
// set Axios timeout config to 2500
snap.httpClient.http_client.defaults.timeout = 2500;
// set custom HTTP header for every request from this instance
snap.httpClient.http_client.defaults.headers.common['My-Header'] = 'my-custom-value';
As Axios also support interceptor, you can also apply it here. e.g:
// Add a request interceptor
snap.httpClient.http_client.interceptors.request.use(function (config) {
// Do something before request is sent
return config;
}, function (error) {
// Do something with request error
return Promise.reject(error);
});
It can be used for example to customize/manipulate http request's body, header, etc. before it got sent to the destination API url.
As described in API docs, merchant can opt to change or add custom notification urls on every transaction. It can be achieved by adding additional HTTP headers into charge request.
This can be achived by:
// create instance of api client
let snap = new midtransClient.Snap({
isProduction : false,
serverKey : 'YOUR_SERVER_KEY',
clientKey : 'YOUR_CLIENT_KEY'
});
// set custom HTTP header that will be used by Midtrans API to override notification url:
snap.httpClient.http_client.defaults.headers.common['X-Override-Notification'] = 'https://mysite.com/midtrans-notification-handler';
or append notification:
snap.httpClient.http_client.defaults.headers.common['X-Append-Notification'] = 'https://mysite.com/midtrans-notification-handler';
Iris is Midtrans’ cash management solution that allows you to disburse payments to any bank accounts in Indonesia securely and easily. Iris connects to the banks’ hosts to enable seamless transfer using integrated APIs.
For more details please visit: https://iris-docs.midtrans.com
Get your API key from Midtrans Iris Dashboard
Create API client object. Note: the serverKey means your API key.
const midtransClient = require('midtrans-client');
// Create Core API instance
let iris = new midtransClient.Iris({
isProduction : false,
serverKey : 'YOUR_API_KEY'
});
Then perform one of the available functions, using the payload described on Iris docs, e.g:
let iris = new midtransClient.Iris({
isProduction : false,
serverKey : 'YOUR_API_KEY'
});
iris.createBeneficiaries({
"name": "Budi Susantoo",
"account": "0611101146",
"bank": "bca",
"alias_name": "budisusantoo",
"email": "budi.susantoo@example.com"
})
.then((res)=>{
// do something based on the API response
})
.catch((err)=>{
// do something based on the Error object & message
})
/**
* Do `/ping` API request to Iris API
* @return {Promise} - Promise contains String response
*/
ping()
/**
* Do create `/beneficiaries` API request to Iris API
* @param {Object} parameter - object of Iris API JSON body as parameter, will be converted to JSON (more params detail refer to: https://iris-docs.midtrans.com)
* @return {Promise} - Promise contains Object from JSON decoded response
*/
createBeneficiaries(parameter={})
/**
* Do update `/beneficiaries/<alias_name>` API request to Iris API
* @param {String} parameter - alias_name of the beneficiaries that need to be updated
* @param {Object} parameter - object of Iris API JSON body as parameter, will be converted to JSON (more params detail refer to: https://iris-docs.midtrans.com)
* @return {Promise} - Promise contains Object from JSON decoded response
*/
updateBeneficiaries(aliasName,parameter={})
/**
* Do `/beneficiaries` API request to Iris API
* @return {Promise} - Promise contains Object from JSON decoded response
*/
getBeneficiaries()
/**
* Do create `/payouts` API request to Iris API
* @param {Object} parameter - object of Iris API JSON body as parameter, will be converted to JSON (more params detail refer to: https://iris-docs.midtrans.com)
* @return {Promise} - Promise contains Object from JSON decoded response
*/
createPayouts(parameter={})
/**
* Do approve `/payouts/approve` API request to Iris API
* @param {Object} parameter - object of Iris API JSON body as parameter, will be converted to JSON (more params detail refer to: https://iris-docs.midtrans.com)
* @return {Promise} - Promise contains Object from JSON decoded response
*/
approvePayouts(parameter={})
/**
* Do reject `/payouts/reject` API request to Iris API
* @param {Object} parameter - object of Iris API JSON body as parameter, will be converted to JSON (more params detail refer to: https://iris-docs.midtrans.com)
* @return {Promise} - Promise contains Object from JSON decoded response
*/
rejectPayouts(parameter={})
/**
* Do `/payouts/<reference_no>` API request to Iris API
* @param {String} parameter - reference_no of the payout
* @return {Promise} - Promise contains Object from JSON decoded response
*/
getPayoutDetails(referenceNo)
/**
* Do `/statements` API request to Iris API
* @return {Promise} - Promise contains Object from JSON decoded response
*/
getTransactionHistory(parameter={})
/**
* Do `/channels` API request to Iris API
* @return {Promise} - Promise contains Object from JSON decoded response
*/
getTopupChannels()
/**
* Do `/balance` API request to Iris API
* @return {Promise} - Promise contains Object from JSON decoded response
*/
getBalance()
/**
* Do `/bank_accounts` API request to Iris API
* @return {Promise} - Promise contains Object from JSON decoded response
*/
getFacilitatorBankAccounts()
/**
* Do `/bank_accounts/<bank_account_id>/balance` API request to Iris API
* @param {String} parameter - bank_account_id of the bank account
* @return {Promise} - Promise contains Object from JSON decoded response
*/
getFacilitatorBalance(bankAccountId)
/**
* Do `/beneficiary_banks` API request to Iris API
* @return {Promise} - Promise contains Object from JSON decoded response
*/
getBeneficiaryBanks()
/**
* Do `/account_validation` API request to Iris API
* @param {Object} parameter - object of Iris API JSON body as parameter, will be converted to GET Query param (more params detail refer to: https://iris-docs.midtrans.com)
* @return {Promise} - Promise contains Object from JSON decoded response
*/
validateBankAccount(parameter={})
You can also refer to Iris test cases for sample usage for now. Dedicated sample usage might be written later in the future.
Examples are available on /examples folder. There are:
FAQs
Official Midtrans Payment API Client for Node JS
The npm package midtrans-client receives a total of 3,332 weekly downloads. As such, midtrans-client popularity was classified as popular.
We found that midtrans-client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.