change header and body request aproval

[adlylee]

Summary by Sourcery

Adjust approval SEP request handling for VClaim BPJS integration.

Bug Fixes:

• Treat BPJS approval SEP responses with code 201 as successful alongside 200.

Enhancements:

• Change approval SEP request Content-Type header to application/x-www-form-urlencoded.
• Include jnsPengajuan in the approval SEP request payload.
• Stop printing raw BPJS response output and rely on parsed metadata handling.

Documentation:

• Document the VClaim approval SEP request header/body change in the changelog.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Adjusts the VClaim SEP approval request to use form-URL-encoded content type, derives response metadata before decrypting, accepts both 200 and 201 as success codes, adds a new request field, and documents the change in the changelog.

Sequence diagram for updated SEP approval request flow

sequenceDiagram
    participant Admin
    participant BpjsService
    participant BpjsServer

    Admin->>BpjsService: post(url, request_initial_JSON, consid, secretkey, userkey, tStamp)
    Note over Admin,BpjsService: HTTP header Content-Type: application/x-www-form-urlencoded
    BpjsService->>BpjsServer: POST approval request (body is JSON string)
    BpjsServer-->>BpjsService: HTTP response (JSON)
    BpjsService-->>Admin: raw JSON string output

    Admin->>Admin: json_decode(output) to data
    Admin->>Admin: code = data.metaData.code
    Admin->>Admin: message = data.metaData.message
    Admin->>Admin: stringDecrypt(key, data.response)
    Admin->>Admin: decompress decrypted response (if not empty)

    alt code is 200 or 201
        Admin->>Admin: Build follow-up request with noKartu, tglSep, jnsPelayanan, jnsPengajuan, keterangan, user
        Admin->>BpjsService: post(url, followup_request_JSON, consid, secretkey, userkey, tStamp)
        Note over Admin,BpjsService: HTTP header Content-Type: application/x-www-form-urlencoded
        BpjsService->>BpjsServer: POST follow-up approval request
        BpjsServer-->>BpjsService: HTTP response
        BpjsService-->>Admin: raw JSON string output
    else code is not 200 or 201 or response invalid
        Admin->>Admin: Build error response with default message
    end

Loading

Flow diagram for SEP approval success handling (codes 200 and 201)

flowchart TD
    A[Receive BPJS response output] --> B[Decode JSON to data]
    B --> C{Has metaData and response?}
    C -- No --> D[Set error response ADA KESALAHAN ATAU SAMBUNGAN KE SERVER BPJS TERPUTUS]
    C -- Yes --> E[Read code and message from data.metaData]
    E --> F[Decrypt response with stringDecrypt]
    F --> G[Decompress decrypted response if not empty]
    G --> H{code is 200 or 201}
    H -- No --> D
    H -- Yes --> I[Build follow-up request t_sep with noKartu, tglSep, jnsPelayanan, jnsPengajuan, keterangan, user]
    I --> J[Set header Content-Type: application/x-www-form-urlencoded]
    J --> K[JSON-encode follow-up request]
    K --> L[Send POST to BPJS Sep/aprovalSEP via BpjsService]
    L --> M[Process follow-up response as needed]

Loading

File-Level Changes

Change	Details	Files
Update SEP approval request headers and success handling for BPJS API.	Change Content-Type header from text/html to application/x-www-form-urlencoded for both initial approval request and follow-up request. Stop echoing/printing the raw BPJS response, leaving only structured handling. Move extraction of metaData.code and metaData.message to occur immediately after decoding the response so they are always available. Treat both 200 and 201 response codes as success when determining whether to build and send the follow-up SEP request. Include the jnsPengajuan field from POST data in the follow-up SEP request body.	plugins/vclaim/Admin.php
Document the SEP approval request changes.	Add a new dated entry describing the VClaim header and body request changes for SEP approval.	CHANGELOG.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 2 issues, and left some high level feedback:

• The Content-Type header is now set to application/x-www-form-urlencoded while the payload is still JSON-encoded via json_encode($request); consider either URL-encoding the body or reverting the header to application/json to keep them consistent with BPJS expectations.
• By moving $code = $data['metaData']['code']; and $message = $data['metaData']['message']; before the if ($data && isset($data['metaData'])) guard, $code/message may be accessed when $data or metaData is missing, risking notices; consider keeping these assignments inside the guarded block or adding additional checks.
• The new $_POST['jnsPengajuan'] access is not validated, so if the field is missing it will trigger an undefined index notice; consider checking for its presence or providing a sensible default before using it.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The `Content-Type` header is now set to `application/x-www-form-urlencoded` while the payload is still JSON-encoded via `json_encode($request)`; consider either URL-encoding the body or reverting the header to `application/json` to keep them consistent with BPJS expectations.
- By moving `$code = $data['metaData']['code'];` and `$message = $data['metaData']['message'];` before the `if ($data && isset($data['metaData']))` guard, `$code`/`message` may be accessed when `$data` or `metaData` is missing, risking notices; consider keeping these assignments inside the guarded block or adding additional checks.
- The new `$_POST['jnsPengajuan']` access is not validated, so if the field is missing it will trigger an undefined index notice; consider checking for its presence or providing a sensible default before using it.

## Individual Comments

### Comment 1
<location path="plugins/vclaim/Admin.php" line_range="2809-2810" />
<code_context>
-    // echo $data;
-    print_r(htmlspecialchars($output, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'));
+    // print_r(htmlspecialchars($output, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'));
+    $code = $data['metaData']['code'];
+    $message = $data['metaData']['message'];

     if ($data && isset($data['metaData'])) {
</code_context>
<issue_to_address>
**issue (bug_risk):** Accessing `$data['metaData']` before checking it exists can trigger notices and leave `$code`/`$message` undefined.

`$code` and `$message` are read before `if ($data && isset($data['metaData']))`. If `json_decode` fails or `metaData` is absent, this will emit notices and leave `$code` undefined when evaluated in `if ($code == 200 or $code == 201)`. Please assign `$code`/`$message` inside the `if ($data && isset($data['metaData']))` block and provide a sensible default for `$code` in the error path.
</issue_to_address>

### Comment 2
<location path="CHANGELOG.md" line_range="25" />
<code_context>
+## [2026-04-08]
+
+### Changed
+- VClaim: Perubahan header dan body request pada aproval SEP 
\ No newline at end of file
</code_context>
<issue_to_address>
**issue (typo):** Consider correcting the typo "aproval" to "approval".

This occurs in the VClaim changelog line: `Perubahan header dan body request pada aproval SEP`.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): Accessing $data['metaData'] before checking it exists can trigger notices and leave $code/$message undefined.

$code and $message are read before if ($data && isset($data['metaData'])). If json_decode fails or metaData is absent, this will emit notices and leave $code undefined when evaluated in if ($code == 200 or $code == 201). Please assign $code/$message inside the if ($data && isset($data['metaData'])) block and provide a sensible default for $code in the error path.

[sourcery-ai]

issue (typo): Consider correcting the typo "aproval" to "approval".

This occurs in the VClaim changelog line: Perubahan header dan body request pada aproval SEP.