Update _business_flow.md

source/includes/_authentication.md

@@ -1,22 +1,36 @@
 # Authentication
 
-OY! API uses pair of `API Key` and `IP Address` to authenticate a partner request. Partner needs to register a unique `IP Address` which will be used as originating request for the API Services.
+OY! API uses pair of `API Key` and `IP Address` to authenticate a partner's request. Always ensure that you keep your API keys secure. Do not share your secret API keys in publicly accessible areas.
+
+Here are the steps for the authentication;  
+
+1) Submit your IPs and callback URLs (both for staging and production environment) to your business representative or to [partner@oyindonesia.com](mailto:partner@oyindonesia.com)
+
+2) Request your staging and production API Keys to our business representative (note: you are not required to upgrade your account to request staging API Key. Upgrade is only required if you want to request Production API Key).
+
+3) You have to include your API keys as part of the HTTPS headers when you make a call to OY! API  
+
+All API requests must be made over [HTTPS](http://en.wikipedia.org/wiki/HTTP_Secure). Calls made over HTTP will fail. API requests without authentication will also fail.
 
 <aside class="warning">
 Note: Your machine which call request to OY! API Services should be originating from the registered IP Address
 </aside>
 
 ## HTTPS Request
 
-Disbursement API can be requested through HTTPS Request to OY! API Base URL endpoint. The HTTPS Header has to be used to allow proper authentication, additionally HTTPS Request should only be made from IP Address which has been registered in OY! System.
+* HTTPS Request should only be made from IP Address that has been registered in OY! System.  
+* The HTTPS Header should always be included as part of the request in order for us to do authentication
+
 
 ### API Base URL
 
 Production Environment: `https://partner.oyindonesia.com`
 
+Test/Staging Environment: `https://api-stg.oyindonesia.com/`
+
 ## HTTPS Header
 
-Use following HTTPS Headers when you make a call to OY! API
+Use the following HTTPS Headers when you make a call to OY! API
 
 Header | Type | Description
 ------ | ----- | -----------

source/includes/_business_flow.md

@@ -1,7 +1,13 @@
 # Business Flow
 ![Signup for Trial](images/img_business_flow.png)
 
-After partner has acquired access to OY! API Services, then:
+Once you’re ready to execute real money-in and money-out transactions or integrate with OY!, follow the below check-list to ensure you’re all set up:  
 
-1. Partner can topup OY! Account Deposit via Virtual Accounts
-2. Once Deposit balance is active, Partner can use the API services provided
+1.  Create an account
+2.  Upgrade your account by submitting the required documentations
+3.  Have your upgrade request approved
+4.  Set up your receiving bank account information (note: ensure that the receiving bank account information is accurate as it cannot be changed via OY! dashboard for security reasons)
+5.  (Required if you want to use our API) Submit your IPs and callback URLs (both for staging and production environment) to your business representative or to [partner@oyindonesia.com](mailto:partner@oyindonesia.com)
+6.  (Required if you want to use our API) Request your staging and production API Key to our business representative (note: you are not required to upgrade your account to request staging API Key. Upgrade is only required if you want to request Production API Key).
+7.  (Optional) Perform testing. We recommend that you thoroughly test before going live. We’ve provided a Staging Mode in our dashboard, where you can test transactions to understand how our products work, without using real money. If you are a developer, you can also test your integrations.
+8.  (Optional) If your company wants to have multiple users: Create additional sub-account users under User Management

source/includes/_static_va_response_code.md

@@ -8,17 +8,19 @@ Response Code | State | Description
 207 | Final | Request is Rejected (Request IP Address is not Registered)
 208 | Final | Request is Rejected (API Key is not Valid)
 211 | Final | Request is Rejected (Bank code is not available for this service)
-212 | Final | Request is Rejected (Given amount are lesser than allowed value for static va)
+212 | Final | Request is Rejected (The amount paid by the user is lesser than allowed value for static va)
 214 | Final | Request is Rejected (Failed to generate static va)
-216 | Final | Request is Rejected (VA Id is empty)
+216 | Final | Request is Rejected (VA ID is empty)
 217 | Final | Request is Rejected (VA Number is still active for this partner user id)
 999 | Non-Final | Internal Server Error
 
+
 IMPORTANT! The following response codes mean that your request is not received by OY! and do not represent any information related to your transaction activity/status:
 
 Response Code | Description
 ---------- | -------
 201 | Request is Rejected (User ID is not Found)
 202 | Request is Rejected (User ID is not Active)
-429 | Request Rejected (Too Many Request to specific endpoint)
+429 | Request Rejected (Too Many Request to a specific endpoint)
 990 | Request is Rejected (Invalid Format)
+