Dokumentasi LPD Seminyak API

30+

Endpoint API

7

Helper Classes

4

Grup Layanan

11

Middleware

25+

Tabel Database

Tentang Sistem LPD Seminyak

LPD Seminyak adalah backend API berbasis Laravel 5.5 yang melayani transaksi perbankan digital untuk Lembaga Perkreditan Desa (LPD) Seminyak, Bali. Sistem ini bertindak sebagai gateway antara aplikasi mobile nasabah (iOS mBanking), mesin ATM cardless, dan sistem perbankan BPD Bali (via protokol SNAP BI).

Fungsi Utama:

Mobile Banking iOS (registrasi, login, tabungan)
Transfer antar nasabah LPD
Transfer ke bank lain (via BPD)
Pembayaran PPOB (PLN, PDAM, BPJS, Pulsa)
Transfer-In via Virtual Account (SNAP BI)
Layanan ATM Cardless (setor/tarik tanpa kartu)

Teknologi Stack:

Framework: Laravel 5.5.* (PHP >= 7.0)
Database: Microsoft SQL Server (sqlsrv)
Autentikasi: JWT (tymon/jwt-auth)
HTTP Client: GuzzleHTTP ~6.0
Enkripsi: AES-256-CBC + RSA (OpenSSL)
Signing: HMAC-SHA512 / SHA-256

Topologi Integrasi

Sistem Eksternal	Protokol	Tujuan
BPD Bali iBank	HTTPS REST	Transfer antar bank (Inquiry + Posting)
BPD SNAP BI	SNAP ISO-8583	Terima transfer masuk via Virtual Account
FastPay / RajaBiller	HTTPS JSON	Pembayaran PPOB (tagihan, pulsa)
IAK Prepaid/Postpaid	HTTPS JSON	Isi ulang pulsa, cek tagihan
Lamanuna (SmartIndo)	HTTPS REST	Get Token, Insert IP, Insert User
LPD Core (giosoftech.com)	HTTPS REST	Core banking data nasabah

Alur Layanan

Mobile Banking iOS:

App Mobile

→

iosAccessMdw
(Validasi Token/IP/AES)

→

Controller

→

Helper Class

→

SQL Server DB

SNAP Transfer-In BPD:

BPD Bank

→

SNAPCheckTransferIn

→

SNAPTransferIn

→

Post ke DB

→

Nasabah +Saldo

ATM Cardless:

Mesin ATM

→

MachineCheck
(IP + Hash)

→

MachineController

→

Update Folio/Mutasi

Struktur Direktori

lpd_seminyak/
├── app/
│   ├── Helpers/          # 7 helper class utama
│   │   ├── MBankingHelper.php    # Validasi akses, posting VA, enkripsi
│   │   ├── MobileHelper.php      # Login, register, ATM token
│   │   ├── SNAPHelper.php        # Validasi signature SNAP BPD
│   │   ├── TabunganHelper.php    # Saldo, folio, PIN, daftar rek
│   │   ├── TransferHelper.php    # Validasi & log transfer antar bank
│   │   ├── iosHelper.php         # Helper utama iOS mBanking (AES)
│   │   └── iosTransferHelper.php # Transfer LPD, log, cek saldo
│   ├── Http/
│   │   ├── Controllers/          # 13 controller
│   │   │   ├── iosTokenCtrl.php          # Get access token iOS
│   │   │   ├── iosAccessCtrl.php         # Register/Login/Logout
│   │   │   ├── iosTabunganCtrl.php       # Daftar rek & mutasi
│   │   │   ├── iosTransferLPDCtrl.php    # Transfer sesama LPD
│   │   │   ├── iosTransferBankCtrl.php   # Transfer ke bank lain
│   │   │   ├── iosPPOBController.php     # Bayar PPOB FastPay
│   │   │   ├── iosPPOBIAKController.php  # PPOB via IAK
│   │   │   ├── iosMachineCtrl.php        # Token cardless iOS
│   │   │   ├── MachineController.php     # ATM Cardless
│   │   │   ├── PPOBController.php        # Callback PPOB
│   │   │   ├── SNAPTransferIn.php        # SNAP Inquiry & Payment
│   │   │   └── SNAPTokenTransferIn.php   # SNAP Access Token
│   │   ├── Middleware/          # 11 middleware
│   │   └── Kernel.php
├── config/app.php       # Load PEM keys + SNAP response codes
├── keys/
│   └── public_key.pem       # Public key LPD
├── routes/api.php       # Semua route API
├── .env                 # Konfigurasi environment
├── bank.list            # Daftar kode bank nasional
├── ppob.list            # Produk PPOB tersedia
└── display.list         # Konfigurasi tampilan app

Peta Route API Lengkap

Path	Controller@Method	Middleware	Fungsi
/v1.0/access-token/b2b	SNAPTokenTransferIn@AccessToken	snapTokenIn	Token SNAP BPD
/v1.0/transfer-va/inquiry	SNAPTransferIn@Inquiry	snapTransferIn	SNAP Inquiry VA
/v1.0/transfer-va/payment	SNAPTransferIn@Payment	snapTransferIn	SNAP Payment VA
/cardless/create-token	MachineController@CreateToken	machineCheck	Buat token ATM
/cardless/get-token	MachineController@GetToken	machineCheck	Validasi token ATM
/cardless/check-balance	MachineController@CekSaldo	machineCheck	Cek saldo ATM
/cardless/cash-debit	MachineController@Penarikan	machineCheck	Tarik tunai
/cardless/cash-credit	MachineController@Penyetoran	machineCheck	Setor tunai
/cardless/reversal-debit	MachineController@BatalTarik	machineCheck	Batal tarik
/cardless/reversal-credit	MachineController@BatalSetor	machineCheck	Batal setor
/ppob/callback	PPOBController@Callback	—	Callback PPOB
/smart/access-token	iosTokenCtrl@AccessToken	iosCheckToken	Token iOS
/smart/access-key	iosTokenCtrl@AccessKey	iosCheckToken	Upload public key
/smart/register	iosAccessCtrl@Register	iosCheckAccess	Registrasi nasabah
/smart/login	iosAccessCtrl@Login	iosCheckAccess	Login nasabah
/smart/logout	iosAccessCtrl@Logout	iosCheckAccess	Logout
/smart/update-pass	iosAccessCtrl@UpdatePass	iosCheckAccess	Ganti password
/smart/update-pin	iosAccessCtrl@UpdatePin	iosCheckAccess	Ganti PIN
/smart/tabungan/account-list	iosTabunganCtrl@ListAccount	iosCheckAccess	Daftar rekening
/smart/tabungan/transaction-history	iosTabunganCtrl@HistoryTransaction	iosCheckAccess	Riwayat transaksi
/smart/tabungan/mutasi-history	iosTabunganCtrl@HistoryMutasi	iosCheckAccess	Mutasi rekening
/smart/transfer-lpd/check	iosTransferLPDCtrl@Check	iosCheckAccess	Cek rek tujuan
/smart/transfer-lpd/inquiry	iosTransferLPDCtrl@Inquiry	iosCheckAccess	Inquiry transfer LPD
/smart/transfer-lpd/post	iosTransferLPDCtrl@Posting	iosCheckAccess	Posting transfer LPD
/smart/transfer-bank/check	iosTransferBankCtrl@Check	iosCheckAccess	Cek rek bank tujuan
/smart/transfer-bank/inquiry	iosTransferBankCtrl@Inquiry	iosCheckAccess	Inquiry ke BPD
/smart/transfer-bank/post	iosTransferBankCtrl@Posting	iosCheckAccess	Posting ke BPD
/smart/ppob/check	iosPPOBController@Check	iosCheckAccess	Cek tagihan PPOB
/smart/ppob/request	iosPPOBController@Request	iosCheckAccess	Bayar PPOB
/smart/iak/check	iosPPOBIAKController@Check	iosCheckAccess	Cek tagihan IAK
/smart/iak/request	iosPPOBIAKController@Request	iosCheckAccess	Bayar via IAK

Persyaratan Sistem

Komponen	Versi
PHP	7.0 – 7.4 Wajib 7.4
Microsoft SQL Server	2014 / 2016+
Composer	2.x
Web Server	Apache / Nginx
PHP Extension	pdo_sqlsrv, mbstring, openssl, curl
ODBC Driver	Microsoft ODBC Driver 17/18

Penting: PHP 8.x TIDAK kompatibel! Gunakan PHP 7.4. IP server harus terdaftar di whitelist BPD Bali dan GIO.

Database hanya mendukung Microsoft SQL Server. MySQL/MariaDB/PostgreSQL tidak didukung.

Langkah Instalasi Lengkap

1

Install PHP 7.4 dan ekstensi yang dibutuhkan

Sistem memerlukan PHP 7.x. PHP 8.x tidak kompatibel.

# Ubuntu/Debian:
sudo apt-get install -y software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt-get update
sudo apt-get install -y php7.4 php7.4-cli php7.4-mbstring php7.4-xml \
  php7.4-curl php7.4-zip php7.4-json php7.4-pdo php7.4-intl

# Verifikasi:
php7.4 --version

2

Install ODBC Driver dan ekstensi PHP SQL Server

Driver Microsoft ODBC wajib untuk koneksi ke SQL Server.

# Install ODBC Driver 17 (Ubuntu):
curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
curl https://packages.microsoft.com/config/ubuntu/20.04/prod.list \
  > /etc/apt/sources.list.d/mssql-release.list
sudo apt-get update
sudo ACCEPT_EULA=Y apt-get install -y msodbcsql17 unixodbc-dev

# Install ekstensi PHP sqlsrv:
sudo pecl install sqlsrv pdo_sqlsrv
echo "extension=sqlsrv.so" >> /etc/php/7.4/cli/php.ini
echo "extension=pdo_sqlsrv.so" >> /etc/php/7.4/cli/php.ini

3

Extract Source Code ke Server

# Extract dari zip:
unzip lpd_seminyak.zip -d /var/www/html/

# Atau clone dari repository (jika ada):
git clone https://your-repo.git /var/www/html/lpd_seminyak

# Masuk ke direktori:
cd /var/www/html/lpd_seminyak

4

Install Dependency via Composer

# Install composer (jika belum ada):
curl -sS https://getcomposer.org/installer | php7.4
mv composer.phar /usr/local/bin/composer

# Install dependencies:
cd /var/www/html/lpd_seminyak
COMPOSER_ALLOW_SUPERUSER=1 composer install --no-dev \
  --no-interaction --ignore-platform-reqs

# Jika ada error autoload, jalankan:
composer dump-autoload --no-scripts --optimize

5

Siapkan File .env

cp .env.example .env

# Generate application key:
php7.4 artisan key:generate

# Edit file .env:
nano .env

Konfigurasi minimal yang harus diubah:

APP_URL=https://your-domain.com
DB_HOST=your-sqlserver-host
DB_DATABASE=Giosoft_LPD
DB_USERNAME=sa
DB_PASSWORD=your-password

# Path key absolut sesuai OS:
PUBLIC_KEY_LPD=/var/www/html/lpd_seminyak/keys/public_key.pem
PUBLIC_KEY_BPD=/var/www/html/lpd_seminyak/public_key_bpd.pem
MASTER_BANK_LIST=/var/www/html/lpd_seminyak/bank.list
MASTER_PPOB_LIST=/var/www/html/lpd_seminyak/ppob.list
MASTER_DISPLAY_LIST=/var/www/html/lpd_seminyak/display.list

6

Setup Folder Keys (Kunci Kriptografi)

mkdir -p /var/www/html/lpd_seminyak/keys
cp public_key_lpd.pem keys/public_key.pem
chmod 644 keys/public_key.pem

7

Set Permission Storage dan Bootstrap

chmod -R 775 /var/www/html/lpd_seminyak/storage
chmod -R 775 /var/www/html/lpd_seminyak/bootstrap/cache
chown -R www-data:www-data /var/www/html/lpd_seminyak/storage

Buat direktori log yang diperlukan:

mkdir -p storage/logs/token storage/logs/transfer-in/inquiry
mkdir -p storage/logs/transfer-in/posting storage/logs/access
mkdir -p storage/logs/tabungan storage/logs/transfer-AR
mkdir -p storage/logs/transfer-AB storage/logs/ppob

8

Setup Database SQL Server

Buat database dan semua tabel yang diperlukan di SQL Server:

-- Di SQL Server Management Studio:
CREATE DATABASE Giosoft_LPD;
USE Giosoft_LPD;

-- Tabel utama yang diperlukan:
-- gmob_nasabah, gmob_token, gmob_request, gmob_transfer,
-- gmob_transferlog, gmob_payment, gmob_log, gmob_access,
-- gmob_rekening, gmob_responcode, gmob_counter, gmob_listaccount,
-- gtb_nasabah, gtb_folio, gak_mutasi, gak_ledger,
-- gum_config, gak_bookstatus, gcore_bankcode, gcore_transfer,
-- gcore_log, gppob_produk, gppob_inquiry, gppob_transaction

9

Konfigurasi Web Server Apache

# /etc/apache2/sites-available/lpd_seminyak.conf

    ServerName your-domain.com
    DocumentRoot /var/www/html/lpd_seminyak/public
    
    
        AllowOverride All
        Require all granted
    
    
    ErrorLog ${APACHE_LOG_DIR}/lpd_error.log
    CustomLog ${APACHE_LOG_DIR}/lpd_access.log combined


# Aktifkan:
a2ensite lpd_seminyak.conf
a2enmod rewrite
systemctl restart apache2

10

Verifikasi Instalasi

# Cek bootstrap Laravel:
php7.4 artisan env

# Test koneksi database:
php7.4 artisan tinker
# Di dalam tinker:
DB::connection()->getPdo()

# Test akses API:
curl -X POST https://your-domain.com/v1.0/access-token/b2b \
  -H "Content-Type: application/json" \
  -d '{"grantType":"client_credentials"}'

Instalasi di Windows (XAMPP)

1

Install XAMPP PHP 7.4 + SQL Server Driver

1. Download XAMPP dengan PHP 7.4
2. Download php_sqlsrv_74_nts.dll dan php_pdo_sqlsrv_74_nts.dll
   dari: https://docs.microsoft.com/en-us/sql/connect/php/
3. Letakkan DLL di C:\xampp\php\ext\
4. Tambahkan di php.ini:
   extension=php_sqlsrv_74_nts.dll
   extension=php_pdo_sqlsrv_74_nts.dll
5. Install Microsoft ODBC Driver 17 for SQL Server

2

Tempatkan Project dan Konfigurasi .env

1. Ekstrak ke C:\xampp\htdocs\lpd_seminyak
2. Buat .env dari .env.example
3. Update path di .env (gunakan forward slash):
   PUBLIC_KEY_LPD=c:/xampp/htdocs/lpd_seminyak/keys/public_key.pem
   MASTER_BANK_LIST=c:/xampp/htdocs/lpd_seminyak/bank.list
4. Jalankan: composer install --ignore-platform-reqs
5. Jalankan: php artisan key:generate

Referensi Lengkap Variabel .env

Aplikasi

Key	Contoh	Keterangan
APP_NAME	LPD Seminyak	Nama aplikasi
APP_ENV	local / production	Environment
APP_KEY	base64:xxx	Generate dengan php artisan key:generate
APP_DEBUG	false	false di production
APP_URL	https://lpdseminyak.biz.id:8000	URL dasar aplikasi
APP_STATUS	Production	Indikator status

Database SQL Server

Key	Nilai	Keterangan
DB_CONNECTION	sqlsrv	WAJIB sqlsrv (bukan mysql)
DB_HOST	localhost	Hostname SQL Server
DB_PORT	1433	Port default SQL Server
DB_DATABASE	Giosoft_LPD	Nama database
DB_USERNAME	sa	Username SQL Server
DB_PASSWORD	#sa?seminyak	Password SQL Server

Path File Kunci dan List

Key	Keterangan
PUBLIC_KEY_LPD	Path absolut public_key.pem LPD – untuk verifikasi tanda tangan iOS
PUBLIC_KEY_BPD	Path absolut public_key_bpd.pem – verifikasi SNAP signature
MASTER_BANK_LIST	Path ke bank.list – daftar kode bank nasional
MASTER_PPOB_LIST	Path ke ppob.list – daftar produk PPOB tersedia
MASTER_DISPLAY_LIST	Path ke display.list – konfigurasi menu tampilan app

BPD Bali Integration

Key	Keterangan
BPD_URL	Base URL production BPD: https://ibank.bpdbali.id/virtualAccount/
BPD_URL_DEV	Base URL dev BPD: https://dev.bpdbali.id:8443/openapi
BPD_PREFIX	989191 – Prefix VA production
BPD_PREFIX_DEV	989067 – Prefix VA dev
BPD_HASHCODE	Secret hashcode untuk signing request ke BPD
BPD_STATICIP1..7	IP statis BPD yang diizinkan
BPD_WHITE_LIST	Format: \|ip1\|ip2\|ip3\|
CLIENT_SECRET	Secret untuk HMAC-SHA512 SNAP signing

Limit Transaksi

Key	Default	Keterangan
SALDO_MIN	50000	Saldo minimum tersisa setelah transaksi (Rp)
MIN_TRANSFER	10000	Minimum nominal transfer (Rp)
MAX_TRANSFER	1000000	Maksimum transfer per transaksi (Rp)

PPOB

Key	Keterangan
PPOB_USER / PPOB_PIN	Kredensial FastPay
IAK_USER / IAK_KEY	Kredensial IAK production
IAK_PREPAID_URL	https://prepaid.iak.id/api/top-up
IAK_POSTPAID_URL	https://mobilepulsa.net/api/v1/bill/check

Sistem Autentikasi

1. iOS mBanking Token

Dibuat di endpoint /smart/access-token
Disimpan di tabel gmob_token
Valid selama 3 menit
Header: Authorization: Bearer <token>
Divalidasi oleh middleware iosCheckAccess

2. SNAP BPD Token (OAuth2 B2B)

Endpoint: /v1.0/access-token/b2b
Signature: HMAC-SHA512 dari (method:endpoint:token:bodyHash:timestamp)
IP whitelist BPD Bali wajib cocok
Divalidasi middleware snapTransferIn

Endpoint: GET ACCESS TOKEN (iOS)

POST /smart/access-token Dapatkan token akses sesi iOS

Middleware: iosCheckToken

Header	Format	Keterangan
X-CLIENT-ID	Terenkripsi	Device ID nasabah
X-TIMESTAMP	ISO 8601	Waktu request
X-SIGNATURE	Base64 RSA-SHA256	Signature dengan private key app

// Respon sukses:
{
  "status": "00",
  "message": "Sukses",
  "token": "eyJhbGciOiJIUzI1NiJ9...",
  "signature": "base64_signature"
}

iOS – Registrasi, Login, Logout

POST/smart/register Daftarkan perangkat nasabah

Nasabah harus sudah ada di gmob_nasabah dengan status 'R' (Registered belum aktif). Saat registrasi, IMEI device disimpan dan status diubah ke 'A'.

// Request Headers:
Authorization: Bearer <access_token>
X-TIMESTAMP: 2025-01-01T10:00:00+07:00
X-SIGNATURE: <hmac_sha512>
X-CLIENT-ID: <device_imei_encrypted>

// Respon sukses:
{
  "status": "00",
  "message": "Sukses",
  "customer_id": "enc_noid",
  "customer_name": "Nama Nasabah",
  "customer_pin": "enc_pin",
  "account_list": "enc_[norek#nama#saldo#produk]",
  "bank_key": "enc_BPD_PREFIX<>BPD_HASHCODE",
  "bank_list": "kode1-nama1#kode2-nama2#...",
  "ppob_list": "TYPE;CODE;NAME;NOMINAL;ADMIN#..."
}

Status	Keterangan
00	Sukses – status berubah ke A
10	Data tidak ditemukan / status bukan R
68	Timeout

POST/smart/login Login nasabah

// Validasi: imei_code + username + pass_crypto dari gmob_nasabah
// Respon sukses:
{
  "status": "00",
  "message": "Sukses",
  "account_list": "enc_daftar_rekening",
  "bank_key": "enc_key",
  "bank_list": "...",
  "ppob_list": "..."
}

Status	Keterangan
00	Login berhasil
21	Username/password salah
43	Akun diblokir (status B)

POST/smart/logout

// Update gmob_token: status = 'closed', end_time = CURRENT_TIMESTAMP
{ "status": "00", "message": "Logout berhasil." }

POST/smart/update-pass Ganti password

// Query params (terenkripsi AES):
?pass_old=enc_old&pass_new=enc_new
// Sukses: {"status":"00","message":"Sukses"}
// Gagal:  {"status":"01","message":"Kata sandi tidak sama."}

POST/smart/update-pin Ganti PIN transaksi

// Query params (terenkripsi AES):
?pin_old=enc_old&pin_new=enc_new
// Sukses: {"status":"00","message":"Sukses"}
// Gagal:  {"status":"01","message":"PIN tidak sama."}

iOS – Layanan Tabungan

Semua endpoint tabungan memerlukan middleware iosCheckAccess. Data yang dikembalikan dienkripsi AES-256-CBC.

POST/smart/tabungan/account-list

// Mengambil semua rekening dari gmob_rekening berdasarkan noid
// Saldo diambil real-time dari gtb_folio (SUM credit-debit)
// Format data setelah dekripsi:
[norek#nama_nasabah#saldo#jenis_produk]
// Contoh: [01234567890#I KETUT WIRA#2500000#Tabungan]

// Status error: 84 = data tidak ada, 01 = tidak aktif

POST/smart/tabungan/transaction-history

// Request: account_no (enc), start_date, end_date
// Query ke gtb_folio JOIN gum_kdtrs
// Format respon: [tgl#debval#trans_no#amount#keterangan]

POST/smart/tabungan/mutasi-history

// Mengambil mutasi dari gak_mutasi / tabel dinamis gte_folio, gtf_folio, dll
// berdasarkan prefix nomor rekening (10/11=Takamas, 20=Sipura, dll)
// Respon terenkripsi AES

iOS – Transfer Sesama Nasabah LPD

3 tahap: Check → Inquiry → Posting. Setiap tahap memvalidasi hash SHA-256.

POST/smart/transfer-lpd/check

// Request: account_to (enc nomor rekening tujuan)
// Respon: { "status":"00", "product_type":"Tabungan", "customer_name":"Nama" }
// Error: 01 = rekening tujuan tidak aktif

POST/smart/transfer-lpd/inquiry

// Hash formula: SHA-256(from+to+amount+namaDari+namaTujuan+remark+BPD_HASHCODE)
{
  "account_from": "enc_norek_asal",
  "account_to": "enc_norek_tujuan",
  "amount": "enc_nominal",
  "name_from": "enc_nama_pengirim",
  "name_to": "enc_nama_penerima",
  "remark": "enc_keterangan",
  "hash_code": "sha256_hash"
}
// Sukses: { "status":"00", "balance": 2500000 }
// Error: 62=hash salah, 01=tdk aktif, 04=saldo kurang, 25=min, 26=limit

POST/smart/transfer-lpd/post

// Tambahan field: ref_no (referensi unik), pin (enc)
// Proses: insert ke gmob_transfer, update folio & mutasi
// Sukses: { "status":"00", "trans_no":"REF123", "amount":500000, "balance":2000000 }
// Error: 63=hash salah, 23=duplikat ref, 24=gagal proses

iOS – Transfer ke Bank Lain via BPD

Transfer dari rekening LPD ke bank lain (BNI, BRI, Mandiri, dll) melalui jaringan BPD Bali. Biaya transfer dari tabel gcore_bankcode.

POST/smart/transfer-bank/check

// Request: bank_code, account_to (enc), hash_code
// Proses: request ke BPD Account Inquiry External
// Respon: { "status":"00", "account_name":"NAMA PENERIMA", "bank_name":"BNI" }

POST/smart/transfer-bank/inquiry

// Hash: SHA-256(from+bankCode+to+amount+BPD_HASHCODE)
// Respon: { "status":"00", "transfer_cost":6500, "balance":2500000 }
// Error: 51/52/53=hash salah, 40=saldo kurang

POST/smart/transfer-bank/post

// Alur: Debit folio LPD -> Kirim ke BPD API -> Catat gcore_transfer
// BPD response code sukses: 2001800
// Error: 45=duplikat ref, 68=BPD timeout

iOS – PPOB (Pembayaran Tagihan & Pulsa)

Gateway: FastPay (RajaBiller) dan IAK. Fee admin: Rp 2.000/transaksi.

Produk yang didukung:

PLN Prabayar/Pascabayar PDAM BPJS Kesehatan Telkom Paket Internet Pulsa (Prepaid)

POST/smart/ppob/check

// Request: account_no (enc), product_code, customer_id (enc)
// Endpoint FastPay: POST https://rajabiller.fastpay.co.id/transaksi/api_json.php
// Respon: { "status":"00", "tagihan":250000, "admin":2000, "customer_name":"NAMA" }
// Error: 04=saldo kurang, 05=deposit PPOB kurang, 26=limit harian

POST/smart/ppob/request

// Tambahan: nominal (enc), hash_code, pin (enc)
// Proses: validasi -> create gmob_payment -> call FastPay API -> update folio
// Respon: { "status":"00", "tagihan":250000, "admin":2000, "remark":"PLN|ID|TOKEN" }

POST/smart/iak/check & /smart/iak/request

// IAK API (idalamat.com):
// Prepaid: POST https://prepaid.iak.id/api/top-up
// Postpaid: POST https://mobilepulsa.net/api/v1/bill/check
// Signature IAK: MD5(username + apikey + ref_id)
// Respon format sama dengan /ppob/*

SNAP BI – Transfer Masuk via VA BPD

Implementasi SNAP BI (Standar Nasional Open API Pembayaran) untuk menerima transfer dari bank lain menggunakan Virtual Account BPD. Prefix VA production: 989191.

POST/v1.0/access-token/b2b

// Headers: X-TIMESTAMP, X-CLIENT-KEY, X-SIGNATURE
// Body: { "grantType": "client_credentials" }
// Respon: {
//   "responseCode": "2002500",
//   "accessToken": "token_string",
//   "tokenType": "BearerToken",
//   "expiresIn": 900
// }

POST/v1.0/transfer-va/inquiry Service Code 24

// Headers: Authorization: Bearer <token>, X-TIMESTAMP, X-SIGNATURE
// X-PARTNER-ID, X-EXTERNAL-ID
// HMAC-SHA512: POST:/v1.0/transfer-va/inquiry:token:sha256(body):timestamp

// Body:
{
  "partnerServiceId": "  989191",
  "customerNo": "012345678901234",
  "virtualAccountNo": "989191012345678901234",
  "inquiryRequestId": "unique-id",
  "amount": { "value": "500000.00", "currency": "IDR" },
  "additionalInfo": { "terminalType": "01", "terminalId": "ATM001" }
}

// Sukses (200): responseCode: "2002400"
// virtualAccountName: nama nasabah, inquiryStatus: "00"

POST/v1.0/transfer-va/payment Service Code 25

// Proses: kredit nasabah di gtb_folio + gak_mutasi + gcore_transfer
// Body: paymentRequestId, paidAmount, sourceAccountNo, referenceNo
// Sukses (200): responseCode: "2002500", paymentFlagStatus: "00"

Kode Respons SNAP:

Code	Arti
2002400 / 2002500	Sukses inquiry / payment
4002400	Missing mandatory field
4012400	Invalid signature
4012401	Invalid access token
4032400	IP tidak dikenal
4032415	Rekening tidak aktif
4092401	Duplicate reference

ATM Cardless – Setor & Tarik Tanpa Kartu

Hash: SHA-256(ATM_HASHCODE + token + account_no + transaction_datetime). IP harus ada di ATM_WHITE_LIST.

POST/cardless/create-token

// Dari app mobile iOS, buat token 6 digit untuk digunakan di ATM
// Request: account_no, token, hash_code
// Proses: insert/update gmob_token status='open'
// Respon: { "status":"00", "data":"TOKEN6DIGIT" }

POST/cardless/get-token

// Dari ATM, validasi token yang dimasukkan nasabah
// Request: token, transaction_code (01=tarik, 02=setor), hash_code
// Respon: { "status":"00", "account_no":"norek", "customer_name":"NAMA" }
// Error: 30=hash salah, 40=IP tidak dikenal

POST/cardless/cash-debit Tarik tunai

// Request: account_no, token, amount, transaction_datetime, hash_code
// Proses: kurangi saldo, update gtb_folio & gak_mutasi
// Respon: { "responseCode":"00", "balance":2000000 }
// Error: 61=saldo kurang, 14=rekening tidak aktif

POST/cardless/cash-credit Setor tunai

// Proses: tambah saldo, update gtb_folio & gak_mutasi
// Respon: { "responseCode":"00", "balance":3000000 }

POST/cardless/reversal-debit & /reversal-credit Batal transaksi

// Hapus record folio & mutasi yang sudah diproses
// Request: account_no, token, trans_no, hash_code
// Respon: { "responseCode": "00" }

PPOB Callback

POST/ppob/callback

// Menerima callback dari FastPay / provider PPOB
// Selalu mengembalikan:
{ "status": "99", "rc": "<rc_dari_provider>" }

Skema Database SQL Server: Giosoft_LPD

Beberapa query lintas database: Giosoft_Dev.dbo.gtb_folio

gmob_nasabah

noidvarchar PKID unik nasabah

namavarcharNama nasabah

norekvarcharNomor rekening utama

usernamevarcharUsername login

pass_cryptovarcharPassword (md5)

pin_cryptovarcharPIN transaksi

imei_codevarcharIMEI / device ID

statuschar(1)R=Register A=Aktif B=Blokir

aes_keyvarcharKunci AES-256 per perangkat

aes_ivvarcharIV AES

max_transferbigintLimit transfer harian

scramble_codevarcharKode scramble enkripsi

versionvarcharVersi app iOS nasabah

gmob_token

idint PKAuto increment

account_novarcharIMEI / noid nasabah

tokenvarcharToken string

date_timedatetimeWaktu pembuatan

statusvarcharopen/closed

end_timedatetimeWaktu logout

gtb_folio

linkervarcharNomor rekening

mutasi_datedateTanggal audit

trans_datedatetimeTanggal transaksi

debitdecimalJumlah debit

creditdecimalJumlah kredit

saldodecimalSaldo setelah transaksi

trans_novarcharNomor referensi

remarkvarcharKeterangan (max 50)

debit_valchar(1)T=debit F=kredit

gcore_transfer

transfer_codevarchar PKKode unik transfer

transfer_typevarcharIN/OUT

norekvarcharRekening LPD

amountdecimalNominal

referenceNumbervarcharNomor referensi BPD

responseCodevarcharKode respons

destinationBankCodevarcharKode bank tujuan

Tabel Pendukung Lainnya:

Tabel	Fungsi
gmob_transfer	Transfer sesama LPD (AR)
gmob_payment	Transaksi PPOB
gmob_rekening	Daftar rekening per nasabah
gmob_responcode	Master kode dan pesan respons
gmob_counter	Counter nomor referensi per periode
gum_config	Tanggal audit + limit transfer global
gak_mutasi	Mutasi GL akuntansi
gak_bookstatus	Status buka/tutup buku harian
gcore_bankcode	Kode bank + biaya transfer
gcore_log	Log detail transaksi VA
gppob_produk	Master produk PPOB
gtb_nasabah	Data nasabah tabungan core
gkr_debitor	Data debitur (pinjaman)
gdp_deposan	Data deposito

Daftar Kode Respons Sistem

iOS mBanking:

Kode	Arti
00	Sukses
01	Rekening tidak aktif
04	Saldo tidak cukup
05	Deposit PPOB kurang
10	Data tidak ditemukan
21	Username/password salah
23	Referensi duplikat
24	Gagal memproses
25	Nominal di bawah minimum
26	Melebihi limit harian
43	Akun diblokir
51/52/53	Hash mismatch (check/inquiry/post)
54	PIN salah
62/63	Hash LPD (inquiry/posting)
68	Timeout / error internal
84	Data tidak ditemukan

ATM Cardless:

Kode	Arti
00	Sukses
14	Status rekening tidak valid
30	Hash code salah
40	IP tidak ada di whitelist
61	Saldo tidak cukup

SNAP BI:

Code	Arti
2002400/2002500	Sukses inquiry/payment
4002400	Missing mandatory field
4012400	Invalid signature
4012401	Invalid access token
4032415	Rekening tidak aktif
4092401	Duplicate reference
5002500	General error

Mekanisme Keamanan & Enkripsi

1. AES-256-CBC per Perangkat (iOS)

// Key dibuat saat registrasi, disimpan di gmob_nasabah:
$key = md5($timestamp . $clientID . "KEY");
$iv  = md5($timestamp . $clientID . "IV");
$cs  = md5($timestamp . $clientID . "CS");

// Enkripsi: openssl_encrypt(data, AES-256-CBC, key, RAW, iv) -> base64
// Dekripsi: base64_decode -> openssl_decrypt(...)

2. RSA Signature Verifikasi (iosTokenCtrl)

// Saat get access token:
$strToSign = $clientID . "|" . $timestamp;
$isValid = openssl_verify($strToSign, base64_decode($signature),
  config('app.public_key_lpd'), OPENSSL_ALGO_SHA256);
// Public key dimuat dari env PUBLIC_KEY_LPD saat boot

3. HMAC-SHA512 (SNAP & mBanking)

// SNAP Transfer VA:
$strToSign = "POST:" . $endpoint . ":" . $token . ":" . sha256(body) . ":" . $timestamp;
$signHash = base64_encode(hash_hmac("sha512", $strToSign, CLIENT_SECRET, true));

// mBanking access:
$strToSign = $partnerID . "|" . $accessToken;
$signHash = base64_encode(hash_hmac("sha512", $strToSign, CLIENT_SECRET));

4. SHA-256 Hash Validasi Transfer

// Transfer LPD Inquiry:
SHA-256(fromNorek + toNorek + amount + fromName + toName + remark + BPD_HASHCODE)

// Transfer Bank:
SHA-256(fromNorek + bankCode + toNorek + amount + BPD_HASHCODE)

// ATM:
SHA-256(ATM_HASHCODE + token + accountNo + datetime)

5. Whitelist IP per Layanan

Layanan	Env Variable	Middleware
SNAP BPD	BPD_STATICIP1..7	SNAPCheckTransferIn
Mobile Banking	BPD_WHITE_LIST + GIO_WHITE_LIST	iosAccessMdw
ATM Cardless	GIO_WHITE_LIST + ATM_WHITE_LIST	MachineCheck

6. Pembatasan Waktu Layanan

// Di iosAccessMdw::check_access():
// Transfer diblokir: 00:00 - 05:00 (jam 0-4)
// PPOB diblokir:     01:00 - 03:00 (jam 1-2)

Daftar Middleware

Alias	Class	Digunakan Untuk	Validasi
iosCheckToken	iosTokenMdw	/smart/access-token	Signature RSA, client ID, IP
iosCheckAccess	iosAccessMdw	Semua /smart/*	Token 3 menit, IP, URL, jam, AES keys
snapTokenIn	SNAPCheckTokenIn	/v1.0/access-token/b2b	Field grantType
snapTransferIn	SNAPCheckTransferIn	/v1.0/transfer-va/*	HMAC-SHA512, token, IP BPD
machineCheck	MachineCheck	/cardless/*	IP whitelist ATM, SHA-256 hash

Alur iosAccessMdw:

Init global params via iosHelper::Gio_SetParam()
Tentukan log path berdasarkan URI
Insert log request ke file harian (storage/logs/)
Buat atau ambil AES key/IV/CS dari DB per device
Ekstrak headers: X-CLIENT-ID, X-TIMESTAMP, X-PARTNER-ID
Validasi via check_access(): partner, token(3mnt), IP, URL, jam
Set $_POST['status'] dan $_POST['message']
Teruskan request ke controller
Tambahkan CORS headers ke response

Deskripsi Helper Classes

Helper	Ukuran	Fungsi Utama
MBankingHelper	~25KB	checkAccess() SNAP/mBanking, Gio_PostTransferVA(), enkripsi Gio_Encrypt/Decrypt/Decode(), Gio_InsertIntoFolio/Mutasi(), logging
MobileHelper	~16KB	Check_Register/Login/OTP(), Change_Password/PIN(), ATM_GetToken/ValidToken(), Gio_InsertIntoFolio/Mutasi(), Gio_GetNoReferensi()
SNAPHelper	~16KB	checkTransferVA() validasi SNAP, Gio_PostTransferVA(), log per external ID, Gio_CheckToken(), Gio_GetReferenceVA()
TabunganHelper	~14KB	Check_StatusTabungan/Rekening(), Get_FolioTabungan/Pinjaman/Deposito(), Gio_CheckSaldo/Pin(), GetModulCode(), Gio_InsTransaksiPPOB()
TransferHelper	~9KB	checkTransferIn() (legacy), Gio_GetNasabah() cari by VA, Gio_InqTransferIn/PostTransferIn(), Ins_TransferAR(), logging
iosHelper	~14KB	Gio_CheckToken() 3 menit, Gio_CreateKeyAndIv/GetKeyAndIv(), Gio_Encrypt/Decrypt() AES, Get_DaftarRek(), Gio_GetConfig(), Gio_SetParam()
iosTransferHelper	~7KB	Ins_TransferAR(), Gio_CheckSaldo() + limit, Gio_CheckPIN(), Gio_InsTransferARLog(), Gio_InsTransferVALog(), Get_TransferCost()

Modul Rekening (GetModulCode / prefix norek):

Prefix	Kode Modul	Jenis Rekening
01, 02, 03 (lainnya)	b	Tabungan
10, 11	e	Takamas (tabungan khusus)
20	f	Sipura
30	g	Sitirta
40	h	Simapan
33, 34	D	Deposito

Panduan Troubleshooting

Error: "could not find driver" (SQL Server)

// Install ODBC Driver 17 + ekstensi PHP sqlsrv:
curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
sudo ACCEPT_EULA=Y apt-get install msodbcsql17 unixodbc-dev
sudo pecl install sqlsrv pdo_sqlsrv
echo "extension=sqlsrv.so" >> /etc/php/7.4/cli/php.ini

Error: file_get_contents() saat boot (config/app.php)

// Penyebab: Path PUBLIC_KEY_LPD / MASTER_BANK_LIST tidak valid
// Pastikan file ada dan .env menggunakan path absolut yang benar:
ls -la /path/to/keys/public_key.pem
chmod 644 keys/public_key.pem

Warning: Deprecated PHP 8.x

// SOLUSI: Gunakan PHP 7.4 (sangat disarankan, jangan PHP 8.x)
sudo update-alternatives --config php
# Pilih php7.4

Error: Composer autoload Helper not found

// Penyebab: case-sensitive path di Linux
// Path di composer.json: "App/Helpers/..." (huruf A besar)
// Path aktual: "app/Helpers/..." (huruf a kecil)
// Solusi: composer dump-autoload --no-scripts

Error 403: IP tidak dikenal

// Tambahkan IP development ke .env:
GIO_WHITE_LIST=|103.66.86.234|127.0.0.1|YOUR_DEV_IP

// Atau di iosAccessMdw.php check_access():
// Tambahkan kondisi || $noip == "127.0.0.1"

Token selalu expired / invalid

// Token valid 3 menit dari pembuatan (iosHelper::Gio_CheckToken)
// Solusi: 
sudo ntpdate -u pool.ntp.org  // Sinkronkan waktu server
// Pastikan ada record di gmob_token yang masih fresh

Storage / log permission error

sudo chmod -R 775 storage/ bootstrap/cache/
sudo chown -R www-data:www-data storage/
mkdir -p storage/logs/{token,transfer-in/inquiry,transfer-in/posting,access,tabungan,transfer-AR,transfer-AB,ppob}

Lokasi Log Files

Path Log	Isi
storage/logs/token/request.log	Log request get access token (harian)
storage/logs/access.txt	Log akses umum iOS (harian)
storage/logs/tabungan.txt	Log request endpoint tabungan
storage/logs/transfer-AR.txt	Log transfer sesama LPD
storage/logs/transfer-AB.txt	Log transfer antar bank
storage/logs/ppob.txt	Log request PPOB
storage/logs/transfer-in/inquiry/	Log SNAP inquiry (per external ID)
storage/logs/transfer-in/posting/	Log SNAP payment (per external ID)
storage/logs/laravel-YYYY-MM-DD.log	Log Laravel standar

Terminal Interaktif

Sandbox: /home/user

user@sandbox:~$

Perintah Cepat

Catatan: Terminal berjalan di sandbox server. Perintah berbahaya (rm -rf /, fork bomb, dll) diblokir. Timeout 15 detik per perintah.

LPD Seminyak – Dokumentasi API

Tentang Sistem LPD Seminyak

Fungsi Utama:

Teknologi Stack:

Topologi Integrasi

Alur Layanan

Struktur Direktori

Peta Route API Lengkap

Persyaratan Sistem

Langkah Instalasi Lengkap

Install PHP 7.4 dan ekstensi yang dibutuhkan

Install ODBC Driver dan ekstensi PHP SQL Server

Extract Source Code ke Server

Install Dependency via Composer

Siapkan File .env

Setup Folder Keys (Kunci Kriptografi)

Set Permission Storage dan Bootstrap

Setup Database SQL Server

Konfigurasi Web Server Apache

Verifikasi Instalasi

Instalasi di Windows (XAMPP)

Install XAMPP PHP 7.4 + SQL Server Driver

Tempatkan Project dan Konfigurasi .env

Referensi Lengkap Variabel .env

Aplikasi

Database SQL Server

Path File Kunci dan List

BPD Bali Integration

Limit Transaksi

PPOB

Sistem Autentikasi

1. iOS mBanking Token

2. SNAP BPD Token (OAuth2 B2B)

Endpoint: GET ACCESS TOKEN (iOS)

iOS – Registrasi, Login, Logout

iOS – Layanan Tabungan

iOS – Transfer Sesama Nasabah LPD

iOS – Transfer ke Bank Lain via BPD

iOS – PPOB (Pembayaran Tagihan & Pulsa)

Produk yang didukung:

SNAP BI – Transfer Masuk via VA BPD

Kode Respons SNAP:

ATM Cardless – Setor & Tarik Tanpa Kartu

PPOB Callback

Skema Database SQL Server: Giosoft_LPD

Tabel Pendukung Lainnya:

Daftar Kode Respons Sistem

iOS mBanking:

ATM Cardless:

SNAP BI:

Mekanisme Keamanan & Enkripsi

1. AES-256-CBC per Perangkat (iOS)

2. RSA Signature Verifikasi (iosTokenCtrl)

3. HMAC-SHA512 (SNAP & mBanking)

4. SHA-256 Hash Validasi Transfer

5. Whitelist IP per Layanan

6. Pembatasan Waktu Layanan

Daftar Middleware

Deskripsi Helper Classes

Modul Rekening (GetModulCode / prefix norek):

Panduan Troubleshooting

Lokasi Log Files

Terminal Interaktif

Perintah Cepat