API Reference
DOKU DocsChangelogDOKU Github
  • Getting Started with DOKU API
    • User Registration
    • Idempotency Request
    • Notification
      • Setup Notification URL
      • HTTP Notification Sample for SNAP
      • HTTP Notification Sample - Non SNAP
      • Best Practice
      • Retry Notification
      • Override Notification URL
    • Signature Component
      • Non-SNAP
        • Signature Component from Request Header
        • Signature Componen from Response Header
        • Signature from API Get Method
        • Sample Code
      • SNAP
        • Symmetric Signature
        • Asymmetric Signature
    • Response Code
      • HTTP Status and Case Code
    • Check Status API
      • Non-SNAP
      • SNAP
    • Retrieve Payment Credential
  • Accept Payment
    • DOKU Checkout
      • Integration Guide
        • Backend Integration
        • Frontend Integration
        • Simulate payment and Notification
      • Supported Payment Methods
      • Status Order
      • Additional Feature
        • Tokenization
        • Promo on DOKU Checkout Page
        • Track Campaign Source on Google Analytics
      • Checkout Settings
    • Direct API
      • Non-SNAP
        • Cards
          • Payment Page Integration Guide
          • Host-To-Host Integration Guide
          • Mastercard Automatic Billing Updater (ABU) Integration Guide
            • Backend Integration
        • e-Wallet
          • Overview
          • DOKU e-Wallet
          • OVO Push Payment
          • ShopeePay
          • LinkAja
        • Paylater
          • Akulaku
          • Kredivo
          • Indodana
        • Digital Banking
          • Jenius Pay
        • Convenience Store
          • Alfa Group
          • Indomaret
      • SNAP
        • Integration Guide
          • Get Token API
            • B2B
            • B2B2C
          • Virtual Account
            • CIMB Virtual Account
            • BSI Virtual Account
            • BCA Virtual Account
            • BNC Virtual Account
            • BNI Virtual Account
            • Mandiri Virtual Account
            • BRI Virtual Account
            • BTN Virtual Account
            • Permata Virtual Account
            • Danamon Virtual Account
            • BSS Virtual Account
          • E-Wallet
            • DOKU Wallet
            • DANA
            • OVO
            • ShopeePay
          • Direct Debit
            • Allo Bank Direct Debit
            • BRI Direct Debit
            • CIMB Direct Debit
            • Mandiri Direct Debit
          • Kartu Kredit Indonesia Cepat Secure(KKI CPTS)
            • Host to Host Integration
          • QRIS
    • Finance and Settlement
      • Split Settlement
      • Custom Settlement Report
      • Hold and Release Settlement
      • Bulk Registration Bank
    • Test on DOKU Demo Site
    • DOKU Payment Simulator
  • Developer Kit
    • Postman Collection
    • Libraries and SDK
  • Wallet As A Service
    • Sub Account
  • Partnership
    • Partner API
      • Check Requirements API
      • Generate Token API
      • Upload File API
      • Business Registration API
      • Create Business Lite API
      • Get Business Data API
  • Payout
    • Kirim DOKU
  • FLEXIBILL
    • Account Billing
      • Batch Upload
    • DOKU Biller
      • Response Code
      • Samples
  • PAYCHAT API
    • Send WhatsApp Message
  • Archive
    • Non-SNAP
      • Tokenization V1
      • e-Wallet
        • OVO Recurring
        • OVO Open API
    • SNAP
      • Virtual Account
        • BCA v1.0
        • BRI v1.0
        • BNI v1.0
        • BNC v1.0
        • Mandiri v1.0
        • BTN v1.0
        • Permata v1.0
        • Danamon Virtual Account
      • e-Wallet
        • OVO Open API
        • DANA
        • ShopeePay
      • Direct Debit
        • CIMB Direct Debit
        • BRI Direct Debit
        • Allobank
Powered by GitBook

DOKU API

  • Legacy Documentation
On this page
  • Background​
  • Architecture Type of API​

Was this helpful?

  1. Accept Payment
  2. Direct API
  3. SNAP

Integration Guide

PreviousSNAPNextGet Token API

Last updated 10 months ago

Was this helpful?

This document provides an overview of the SNAP format, which has been introduced as part of the new rules mandated by the Bank Indonesia. As a Payment Provider, understanding the technical aspects of the SNAP format is crucial for implementing compliant payment systems. This overview will help you familiarize yourself with the key concepts and requirements related to the SNAP format.

Background

Bank Indonesia has recently implemented new rules to standardize payment system in Indonesia. The primary objective is to streamline payment processing, enhance security, and improve interoperability among various payment service providers.

Purpose of SNAP format

The SNAP format aims to provide a uniform structure for exchanging payment information between different participants in the payment ecosystem.

Architecture Type of API

The architecture type used is Representational State Transfer (REST) API.

Data Format

The data format used in the request body and response body is JavaScript Object Notation (JSON).

Character Encoding

The standard character encoding used is UTF-8.

Komponen HTTP Method

The HTTP method functions as an identifier for the action to be performed on a resource, using the commonly used HTTP verbs. The HTTP verb used is:

  1. POST Request

  2. GET Request

  3. DELETE Request

  4. PUT Request

For security considerations, the Access Token retrieval utilizes a POST request. For other services, the appropriate HTTP verb is used based on the operation type and accessed resource. The usage of HTTP methods for each service is specified in the general information table within the SNAP technical specification document.

The standards employed are:

  1. OAuth 2.0 sesuai RFC6749

  2. Bearer token sesuai RFC6750

In granting access to Service Users, the Service Provider conducts authentication to validate Service Users. The means employed are the exchanged credentials during the collaboration setup process, which include client secret and a pair of public/private keys, used in conjunction with specific cryptographic algorithms.

The encryption model applied to messages involves both asymmetric and symmetric encryption, utilizing a combination of Private Key and Public Key, adhering to the following standards:

  1. Standard Asymmetric Encryption Signature: SHA256withRSA dengan Private Key ( Kpriv ) dan Public Key ( Kpub ) (256 bits)

  2. Standard Symmetric Encryption Signature HMAC_SHA512 (512 bits)

  3. Standard Symmetric Encryption AES-256 dengan client secret sebagai encryption key.

Server Authorization and Authentication Method Components

Encryption Standard Components

​
​
​
​
​
​
​
​