You could access more information and updates after signing up for an account. Please read through the BOCHK API User Conditions before signing up for an account.
Fill up the required information (i.e Name, Organization, Email, Contact Number, Mobile No. for two-factor authentication)
Once your account is created, an email containing the verification code will be sent to your registered email account. Please go to login page and click "Account Activation" to input the verification code in order to activate your account.
After your email has been verified, your account will be activated. You can now sign in with your account and browser our API catalog.
When your application had completed the acceptance test, you can request for Client ID and Client Secret by submitting "Move to Production" request in the application page. To complete the application, additional document or information may be required for approval of the Production Client ID and Client Secret application.
Your Client ID would be the Public Identifier of your app and an unique Client ID and a Client Secret are assigned to each app.
Your Client Secret would be your Private Identifier, which allows us to verify your identity in the authentication step of our APIs.
Client ID and Client Secret are crucially for protecting your company and your customers, please keep in safely.
You can register multiple apps in your account.
OAuth 2.0 authentication for requests is used in testing our APIs.
Client Credentials Grant
When you are trying to access resources, you need to request an access token using only your client credentials.
To obtain an access token, an API request to /auth/oauth/v2/token is required with specifying the Grant Type as “client_credentials” and providing your Client ID and your Client Secret in request body in an URL encoded form.
Example:
Sandbox OAuth Access Token
https://apisandbox.bochk.com/auth/oauth/v2/token
| Parameter Name | Parameter Value |
|---|---|
| grant_type | client_credentials |
| client_id | {your Client ID} |
| client_secret | {your Client Secret} |
With successful authorization, the service will respond with the following:
| access_token | The access token value received after exchanging the authorization token. This field should be passed as Authorization header in API request calls. |
| expires_in | The duration of access token being valid (in millisecond) after receiving. |
Example
{
"token_type": "bearer",
"access_token": "theAccessToken",
"expires_in": 1800,
"scope": "/api"
}
The access token can then be used to access functional APIs before it’s expired.
In order to using Application Type of APIs, you are required to upload SSL Certificate for public key exchange. Please login your account and click “My Profile” page, select and upload your certificate via the “Upload SSL Certificate” function under SSL Certificate section.
You can manage the details of your SSL Certificate under SSL Certificate maintenance page.
For the Application Type of APIs, the data will be encrypted into 3 input parameters included “token”, “checksum” and “digest” by Public Key Infrastructure (PKI) technology for secure communication.
token – encrypted input data that required by the API
digest – encrypted identity data
checksum – signed message
Please contact us by api@bochk.com for further information on Application Type of APIs
1) Choose an API and start testing. Documentations within "APIs" will show you how to format your HTTPS request after your app registration.
2) Access tokens (Client ID and Client Secret) have to be included with the information needed for that API during the API request calls.
3) The response for your application will be replied accordingly to the request.
4) Start building applications with our API sandbox data.
When the prototype is fully tested in "Sandbox", an email can be sent to api@bochk.com for further collaboration. We are looking forward to partnering with you.