Payment Page Integration Guide
Last updated
Last updated
DOKU API
Legacy DocumentationIf you are non-PCI DSS compliance, you can use this type of integration to ensure that the Cards data of the customer is securely processed by DOKU.
Here is the overview of how to integrate with Cards channel:
Generate payment URL (Cards payment page)
Display payment URL (Cards payment page)
Create test payment
Acknowledge payment result
To generate a payment URL, you will need to hit this API through your backend:
API Request
HTTP Method
POST
API endpoint (Sandbox)
https://api-sandbox.doku.com/credit-card/v1/payment-page
API endpoint (Production)
https://api.doku.com/credit-card/v1/payment-page
Here is the sample of request header to generate the payment URL:
client-id
Client ID retrieved from DOKU Back Office
request-id
Unique random string (max 128 characters) generated from merchant side to protect duplicate request
request-timestamp
Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
signature
Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature
Here is the sample request body to generate payment URL:
order.amount
number
Mandatory
In IDR Currency and without decimal
order.invoice_number
string
Mandatory
Generated by merchant to identify the order
Allowed chars: alphabetic, numeric, special chars
Max length: 64
(27 If you have Mandiri Acquirer)
order.callback_url
string
Conditional
Merchant URL that will redirected to after the order success. Mandatory if merchant set order.auto_redirect to true
Allowed chars: alphabetic, numeric, special chars
order.failed_url
string
Conditional
Merchant URL that will redirected to after the order failed. If not set, then will redirect to callback_url
Allowed chars: alphabetic, numeric, special chars
order.auto_redirect
string
Mandatory
Redirection to defined callback_url after payment process completed
Possible value: true, false
Default value: false
order.line_items.name
string
Optional
Name of the product item.
Max Length: 255
order.line_items.price
number
Conditional
Price of the product item. Total price and quantity must match with the order.amount.
order.line_items.quantity
number
Conditional
Quantity of the product item.
order.descriptor
string
Optional
Custom string to be printed on Customer's billing statement history on issuing side, Please contact DOKU team to manually configure this feature first
card.token
string
optional
Card token generated by DOKU. If you sent this, then the customer's Card will be pre-filled in the Card Number field.
card.save
boolean
Optional
Set true if you want to force customer to save the card token for the next payment
customer.id
string
Conditional
Unique customer identifier generated by merchant. Mandatory if merchant wants to use tokenization feature.
customer.name
string
Recommended
Customer Name
customer.email
string
Conditional
Customer email.
Mandatory if customer phone value blank.
Bringing the proper email will improve Credit Card Approval Rate
customer.phone
string
Conditional
Customer phone number. Format: {calling_code}{phone_number}. Example: 6281122334455.
Mandatory if customer email value blank.
One of them must be filled in between customer email and customer phone
customer.address
string
Optional
Customer address
customer.country
string
Optional
2 alphabetic country code ISO 3166-1
override_configuration.themes.
language
string
Optional
Default language that will be displayed on the Payment Page
Possible value: English EN, Indonesia ID
Default: English EN
override_configuration.themes.
background_color
string
Optional
HEX color code for the payment page background color. Example: FFFFFF
Default: Light gray F5F8FB
override_configuration.themes.
font_color
string
Optional
HEX color code for the payment page font color. Example: 000000
Default: Soft black 1A1A1A
override_configuration.themes.
button_background_color
string
Optional
HEX color code for the payment page button background color. Example: 000000
Default: Red E1251B
override_configuration.themes.
button_font_color
string
Optional
HEX color code for the payment page button font color. Example: FFFFFF
Default: White FFFFFF
override_configuration.promo[].
bin
string
Optional
BIN that will get the promo
override_configuration.promo[].
discount_amount
number
Optional
Promo Discount if BIN input matched
(final amount = order.amount - override_configuration.promo[].discount_amount)
override_configuration.allow_bin
number
Optional
Transaction only accept BIN listed here
override_configuration.allow_tenor
number
Optional
Transaction only accept installment tenor listed here
additional_info.override_notification_url
string
Optional
This parameter is intended to override the configured Notification URL with another URL. Click here for more information.
additional_info.disclaimer
object
Optional
Bring this if you want to customer to opt-in customer has agreed to the payment disclaimer
additional_info.disclaimer.id
object
Optional
disclaimer message in Indonesian
additional_info.disclaimer.en
object
v
disclaimer message in English(default)
payment.type
string
Conditional
Bring this if you have more than 1 type of Cards payment type to specify how you want this transaction to be processed (Possible Values : INSTALLMENT, AUTHORIZE, SALE, MOTO, RECURRING)
payment.auto_capture
string
Optional
Brings this if the payment type is 'authorize' but you wish to capture the transaction right away as if it was a SALE transaction
eg : "auto_capture"=:true
payment.acquirer
string
Conditional
Becomes mandatory if transaction type is INSTALLMENT, to specify to which acquirer you want this transaction to be processed to (Possible Values: BNI, BRI, BANK_CIMB, BANK_MANDIRI, BCA, BANK_PERMATA, DANAMON, BUKOPIN, HSBC, OCBC_NISP)
payment.tenor
number
Conditional
Becomes mandatory if transaction type is INSTALLMENT, to specify which tenor you want this transaction to be processed with
Payment Type
Sale: A transaction where funds are immediately transferred from the customer's account to the merchant's account.
Authorize-Capture: A two-step transaction where funds are first reserved (authorized) and later transferred (captured) from the customer's account to the merchant's account.
Installment: A transaction where the total amount is split into multiple smaller payments over a specified period.
MOTO (Mail Order/Telephone Order): A transaction where payment does not require CVV or OTP, suitable for subscription payment type.
Recurring: A transaction where payment does not require CVV or OTP, suitable for subscription payment type, with the latest specification more secure compared to MOTO.
API Response
After hitting the above API request, DOKU will give the response.
HTTP Status
200
Result
SUCCESS
Here is the sample response header:
client-id
Client ID retrieved from DOKU Back Office
request-id
Unique random string (max 128 characters) generated from merchant side to protect duplicate request
request-timestamp
Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
signature
Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature
Here is the sample of response body:
order.invoice_number
string
Mandatory
Same as the request
order.line_items.name
string
Optional
Same as the request
order.line_items.price
number
Optional
Same as the request
order.line_items.quantity
number
Optional
Same as the request
order.session_id
number
Optional
Transaction session id
credit_card_payment_page.url
string
Mandatory
Cards Payment Page URL generated by DOKU that merchant displays to the customer
additional_info.override_notification_url
string
Optional
Same as the request
INFO
DOKU provides risk assessment for card transactions, your customer data sent to us will help manage your risk of every transaction.
You can display the payment URL as an iFrame or as a dedicated page to your customer by using credit_card_payment_page.url the retrieved from API Response. Here is the sample of Cards on the iFrame:
You can try the payment with various Cards listed here:
After the payment is made by your customer, DOKU will send HTTP Notification to your defined Notification URL. Learn how to handle the notification from DOKU:
INFO
You can check the list of possible response code and how to handle them here
We provide various additional features to suit your needs. Learn more here.
If you bring payment.type ='AUTHORIZATION' you need to capture the transaction within 7 days to have the amount actually transferred to your settlement balance.
After you get the payment.authorize_idin notification HTTP, then your backend must trigger the API Charge to DOKU:
API Request
HTTP Method
POST
API endpoint (Sandbox)
https://api-sandbox.doku.com/credit-card/capture
API endpoint (Production)
https://api.doku.com/credit-card/capture
Here is the sample of request header to capture the transaction:
client-id
Client ID retrieved from DOKU Back Office
request-id
Unique random string (max 128 characters) generated from merchant side to protect duplicate request
request-timestamp
Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
signature
Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature
Here is the sample request body to capture the transaction:
Request Body Explanation
payment.authorize_id
string
Mandatory
Authorize ID from the Charge API Response / HTTP Notification
payment.capture_amount
string
Optional
The value of transactions which will be paid by the customer. If undefined, capture full transaction.
API Response
After hitting the above API request, DOKU will give the response.
HTTP Status
200
Result
SUCCESS
Here is the sample response header:
client-id
Client ID retrieved from DOKU Back Office
request-id
Unique random string (max 128 characters) generated from merchant side to protect duplicate request
request-timestamp
Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
signature
Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature
Here is the sample of response body:
Response Body Explanation
order.invoice_number
string
Mandatory
Same as the request
order.amount
number
Mandatory
Same as the request
customer.id
string
Optional
Same as the request
payment.type
string
Mandatory
Same as the request
payment.identifier.name
string
Mandatory
Additional payment info name
payment.identifier.value
string
Mandatory
Additional payment info value
payment.request_id
string
Mandatory
Request ID sent on merchant's request header
payment.authorize_id
string
Mandatory
Authorize ID for authorize transaction. Mandatory if payment.type is AUTHORIZE
payment.response_code
string
Mandatory
Reponse code generated by DOKU / Acquirer
payment.response_message
string
Mandatory
Response message generated by DOKU / Acquirer
payment.status
string
Mandatory
Payment status
Possible value: SUCCESS, FAILED, PENDING
payment.eci
string
Mandatory
ECI for this transaction
payment.approval_code
string
Optional
Approval code for success transaction generated by acquirer
three_dsecure.authentication_id
string
Mandatory
Same as the request
card.masked
string
Optional
Card masked number
card.type
string
Mandatory
Card type
Possible value: CREDIT, DEBIT
card.issuer
string
Mandatory
Card issuer
card.brand
string
Mandatory
Principal brand
VISA, MASTER, JCB, AMEX
card.token
string
Optional
Card token generated by DOKU if card.save is true
You can request void or refund using this API, or via the Dashboard .
Requirement
If you are using Cards Aggregator service, you can process Void or Refund.
If you are using Cards Direct service, please consult with your acquiring bank to learn more about whether your credential (MID) supports online refund or not, otherwise refund will be processed manually.
To request a refund, you will need to hit this API through your backend:
API Request
HTTP Method
POST
API endpoint (Sandbox)
https://api-sandbox.doku.com/cancellation/credit-card/refund
API endpoint (Production)
https://api.doku.com/cancellation/credit-card/refund
Here is the sample of request header to generate payment URL:
Request Header Explanation
Client-Id
Client ID retrieved from DOKU Back Office
Request-Id
Unique random string (max 128 characters) generated from merchant side to protect duplicate request
Request-Timestamp
Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
Signature
Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature
Here is the sample request body to request a refund:
Request Body Explanation
order.invoice_number
string
Mandatory
Invoice number of the transaction that being refunded
payment.original_request_id
string
Mandatory
Request ID from payment initiation of the transaction that being refunded
refund.amount
number
Mandatory
Transaction amount that wants to be refunded
API Response
After hitting the above API request, DOKU will give the response.
HTTP Status
200
Result
SUCCESS
Here is the sample response header:
Response Header Explanation
Client-Id
Same as the request
Request-Id
Same as the request
Response-Timestamp
Timestamp Response on UTC with format ISO8601 UTC+0 from DOKU
Signature
Signature generated by DOKU based on the response body
Here is the sample of response body:
Response Body Explanation
order.invoice_number
string
Mandatory
Same as the request
payment.original_request_id
string
Mandatory
Same as the request
refund.amount
number
Mandatory
Same as the request
refund.type
string
Mandatory
Refund type based on the transaction
Possible value: VOID, PARTIAL_REFUND, FULL_REFUND, MANUAL_PARTIAL_REFUND, MANUAL_FULL_REFUND
refund.status
string
Mandatory
Refund status
Possible value: SUCCESS, FAILED
refund.message
string
Optional
Refund message description
refund.approval_code
string
Optional
Acquiring approval code for the refund transaction if the refund.status = SUCCESS
Refund Type
Online Refund
Amount will be returned automatically by system to customer's balance
VOID: If the funds has not settled to your bank account. The refund.amount must equal to order.amount, otherwise will fail
PARTIAL_REFUND: If the funds has settled to your bank account, and the refund.amount is less than order.amount
FULL_REFUND: If the funds has settled to your bank account, and the refund.amount is equal to order.amount
Manual Refund
Amount will be processed manually by DOKU's Refund Ops, may take longer than Online Refund to process
MANUAL_PARTIAL_REFUND: If the funds has settled to your bank account, and the refund.amount is less than order.amount
MANUAL_FULL_REFUND: If the funds has settled to your bank account, and the refund.amount is equal to order.amount
Installment ON US
BCA, Bank Mandiri, BNI only allow for ON US Installment. You must request an Installment MID from each respective acquirer.
Installment OFF US
Bukopin, Danamon, Permata, HSBC, OCBC allows OFF US Installment. you must have at least one SALE MID.
You can activate installment features on Service Activation page to let your customers pay in terms, you will receive full payment ahead and issuer Bank will charge the customer each month depending on tenor and amount of the transaction.
There are minimal transaction amounts for each installment (depending on the issuer) and you can see the details in the installment configuration page.
Testing Installment Payment
If you wish to try installment, make sure that you specific bank dummy credit card presented here and make sure that your transaction amount is equal to more than the minimum transaction required
Want to make your checkout experience faster? You can combine this integration with the Tokenization, so the next time your customers purchase, they don't need to input the credit card anymore.
Tokenization
Unbind Token
If you want to unbind the token, you can use the delete tokenization API below :
API Request
HTTP Method
POST
API endpoint (Sandbox)
https://api-sandbox.doku.com/credit-card/delete-tokenization
API endpoint (Production)
https://api.doku.com/credit-card/delete-tokenization
Here is the sample of request header to capture the transaction:
Request Header Explanation
Client-Id
Client ID retrieved from DOKU Back Office
Request-Id
Unique random string (max 128 characters) generated from merchant side to protect duplicate request
Request-Timestamp
Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
Signature
Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature
Here is the sample request body to unbind the token:
Request Body Explanation
token_id
string
Mandatory
Token ID that want to unbind or delete
customer_id
string
Optional
The value of Customer ID from API Tokenization
API Response
After hitting the above API request, DOKU will give the response.
HTTP Status
200
Result
SUCCESS
Here is the sample response header:
Response Header Explanation
Client-Id
Same as the request
Request-Id
Same as the request
Response-Timestamp
Timestamp Response on UTC with format ISO8601 UTC+0 from DOKU
Signature
Signature generated by DOKU based on the response body
Here is the sample of response body:
Response Body Explanation
status
string
Mandatory
Delete Process Status
Possible Value: DELETE SUCCESS or DELETE FAILED
Info
To make sure the token has been unbinded, you can hit API Get token List.
If you are a platform or a marketplace, you can use this feature to settle the funds to your sellers or partners programmatically, save many operational efforts.
Make a test payment in the Sandbox environment using the dummy credit card that we have prepared to ensure that your application has been successfully integrated.
