API Reference

This page will help you get started with Job Offer Single Submission (JOSS) APIs

After reading this doc and its sub-docs, you will know how to:

  • Generate signature as authentication method
  • Integrate your application with JOSS APIs

Prerequisites

To use the information in this doc, you need to know:

  • How RESTful APIs work, how to call them, and interpret their responses.
  • Basic knowledge of how API authentication works.

General Background Details

This section covers common aspects to all JOSS APIs.

API Endpoints

As JOSS APIs are RESTful, users send HTTPS requests to URL addresses to call a command. JOSS APIs have two endpoints (common address prefixes for command URLs), one for staging calls and one for production calls. You also use different signature for authenticating staging and production requests, which we’ll cover in the Signature section.

  • Staging: <https://sandbox.joss.kemnaker.go.id>
  • Production: <https://joss.kemnaker.go.id>

❗️

All JOSS API requests must use HTTPS. Any HTTP calls will be force redirect to HTTPS.

Request Headers

Every request to JOSS API have to have the following request headers

Http HeaderRequired
AcceptFor now only support for application/json and application/xml
Content-TypeThis header required when use methods POST, PATCH, PUT. Currently only supported for application/json
Client-IdClient ID retrieved from Indonesia Ministry of Man Power
Request-IdUnique random string generated from client side to protect duplicate request
Request-TimestampTimestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed with the transaction on UTC+7 (WIB), the client needs to subtract time with 7. Ex: to proceed with the transaction on September 22th 2022 at 08:51:00 WIB, the timestamp should be 2022-09-22T01:51:00Z
SignatureSecurity parameter that needs to be generated on client Backend and placed to the header request to ensure that the request is coming from a valid client

📘

Please refer to this section to generate the signature.

Http Response Code

Status CodeReason
200 OKWhen request is as per expectation
201 CreatedWhen request is as per expectation
400 Bad RequestThere is logic error
401 UnauthorizedInvalid signature or the given signature has been expired
403 ForbiddenThe access token permission does not have permission to process the request
404 Not FoundThe specified resource does not exist
422 Unprocessable EntityValidation error
429 Too Many RequestsToo many requests to server
500 Internal Server ErrorA system or application error occurred. Although the client appears to provide a correct request, something unexpected occurred on the server. You may retry the request in this case
503 Service UnavailableThe server cannot handle the request for a service due to temporary maintenance. You may retry a little later in this case
504 Gateway TimeoutThe server cannot handle the request for a service due to loading of lots of data. You may retry a little later or shorten the time interval in this case

❗️

All requests except for GET method should be unique identified by Request-Id header. Any duplicate Request-Id will return http status 409 Conflict.