BRI Direct Debit

BRI offers 2 payment schemes, which are; 1) Tokenization scheme, and 2) Recurring scheme.

PreviousAllo Bank Direct Debit NextCIMB Direct Debit

Last updated 4 months ago

Was this helpful?

BRI Direct Debit

BRI offers 2 payment schemes, which are; 1) Tokenization scheme, and 2) Recurring scheme.

Integration Steps

Overview of integration process with BRI Direct Debit

1. Card Registration

Card Registration process should be done before payment can be made and processed. Merchant will send card registration request from customer to DOKU. The request includes customer's card number that is registered to customer's BRI account.

Each card/account can only registered/bind to one customer on one merchant. Customer needs to verify OTP and input PIN on BRI page.

CBC Encryption

To request card registration process, merchant requires to bring object cardData which value should be encrypted using CBC Algorithm.

CBC Encryption - Steps:

Prepare shared key from DOKU as Secret Key

Substring shared key only 16 digits
Example code:

private String getSharedKey(String sharedKey) {
    if (sharedKey.length() != 16) {
sharedKey = sharedKey.length() > 16 ? sharedKey.substring(0, 16) : String.format("%-16s", sharedKey).replace(' ', '-');
    }
    return sharedKey;
}

Generate Initial Value (IV)

Generate initial value with 16 bytes and then encode using Base 64
Example code:

byte[] iv = new byte[16];
new SecureRandom().nextBytes(iv);
IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
String ivString = Base64.getEncoder().encodeToString(ivParameterSpec.getIV());

Using Cipher CBC

Value that will be encrypted combine with secret key generated before
After that encode the value using Base 64
Example code:

Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); //NOSONAR
cipher.init(Cipher.ENCRYPT_MODE, key, ivParameterSpec);
byte[] cipherText = cipher.doFinal(input.getBytes());
String cipherString = Base64.getEncoder().encodeToString(cipherText);

Combine CBC and IV
- Combine value CBC Cipher with IV value with separator (|)
- Example code:
```
String value = cipherString + "|" + ivString;
```

Tools Using Java - Steps:

Install JDK 17
Go to folder
Run with command java -jar cbc-tools.jar

Card Registration Flow

API Endpoint

Environment

Endpoint

HTTP Method

POST

API Sandbox

API Production

Path

.../direct-debit/core/v1/registration-card-bind

Sample of Request Header, Request Body and Response Body

Notes:

Parameter with (*) is mandatory

Paramater without (*) is optional/conditional

2. OTP Verification

Once customer has registered their card through the platform, merchant needs to verify the card. Merchant can hit this API to verify the OTP.

OTP Verification Flow

API Endpoint

Environment

Endpoint

HTTP Method

POST

API Sandbox

API Production

Path

.../direct-debit/core/v1/otp-verification

Sample of Request Header, Request Body and Response Body

Notes:

Parameter with (*) is mandatory

Paramater without (*) is optional/conditional

3. Payment

After customer's card is registered, payment process can be requested by bringing the card token generated in card registration process. After merchant hit payment API, DOKU will deduct customer's balance.

Payment - Tokenization

In tokenization scheme, every payment needs to be verified by customer with inputting OTP and/or PIN. In order to do that, merchant needs to bring parameter paymentType : "SALE"in payment request body.

And as the response, merchant will receive parameter webRedirectUrl to redirect the customer to merchant's page/platform to complete the payment by inputting OTP and/or PIN. After the payment is completed, merchant then will receive the notification.

Payment - Recurring

In recurring scheme, the payment process will be scheduled. Hence, verification using OTP and/or PIN is not required in every payment. Customers only need to do the verification during card registration process and it will give merchant the authorization to run scheduled payment. In order to do that, merchant needs to bring parameter CHANNEL-ID : "H2H" in request header andpaymentType : "RECURRING"in payment request body.

And as the response, merchant will not receive parameter webRedirectUrl to redirect the customer to merchant's page/platform to complete the payment. Payment request will be directly processed by acquirer and merchant will receive the notification.

Payment Flow

This below payment flow is for tokenization scheme.

API Endpoint

Environment

Endpoint

HTTP Method

POST

API Sandbox

API Production

Path

.../direct-debit/core/v1/debit/payment-host-to-host

Sample of Request Header, Request Body and Response Body

Notes:

Parameter with (*) is mandatory

Paramater without (*) is optional/conditional

4. Payment Notification

5. Additional Feature

Online Refund

This endpoint is used to create refund request for previous successful payment. Merchant can request a transaction refund to DOKU. Full refund and partial refund are available to be requested.

Online Refund Flow

API Endpoint

Environment

Endpoint

HTTP Method

POST

API Sandbox

API Production

Path

.../direct-debit/core/v1/debit/refund

Sample of Request Header, Request Body and Response Body

Notes:

Parameter with (*) is mandatory

Paramater without (*) is optional/conditional

Card Registration Unbinding

If a registered customer no longer wants their account/card to be bind/linked and wish to remove themself from DOKU's and merchant’s system, merchant can send account unbinding request that is initiated by customer.

API Endpoint

Environment

Endpoint

HTTP Method

POST

API Sandbox

API Production

Path

.../direct-debit/core/v1/registration-card-unbind

Sample of Request Header, Request Body and Response Body

Notes:

Parameter with (*) is mandatory

Paramater without (*) is optional/conditional

PreviousAllo Bank Direct Debit NextCIMB Direct Debit

Last updated 4 months ago

Was this helpful?

POST /direct-debit/core/v1/registration-card-unbind HTTP/1.1 Host: {api-domain} X-TIMESTAMP: 2020-12-21T07:56:11.000Z X-SIGNATURE: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5 X-PARTNER-ID: 821508239190 X-EXTERNAL-ID: 418075533589 Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ Content-Type: application/json Accept: */* Content-Length: 583 { "tokenId": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTg4MjI3NTQsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjAyLTE2OTAyNzUzNTM3OTgiLCJhY2NvdW50SWQiOiJjZTBhZWIyM2YyMmZhOTgxZWViNTE1MjFmZmNkYmUzNyJ9.QZ2z0p2PoCYbuBSId7LleLqTUwNyNIeM1PUSaV4DwGKO05l7xQ3EbpdAPK62hxKNcczKqQqGY2Om6rzS78s2Tj88dkDD2vl46o3xEPd_plqQW8ayFqS74Z_HcFJfdo-egqFv9rAX7qgiE5AJHSx_hFolET9B3o3Jx82lmQutnXOjYb5gW9PV0FCPIZRWOaXppOSJSVcmTvXZxF0KUID9-2QVmQ5aPZroHjShYJKGyUu-1tCPClD_CbZMCi3TxhKLnI3e2oIoK7VjXEsrJjuil8O1zZTT7_aXAGgTu5UcPCrc0U9_3Nj-wQlEjDpedMVypKAWATWBUVpMo2MAsBRDAw", "additionalInfo": { "channel": "DIRECT_DEBIT_BRI_SNAP" } }

POST /direct-debit/core/v1/registration-card-bind HTTP/1.1 Host: {api-domain} X-TIMESTAMP: 2020-12-21T07:56:11.000Z X-SIGNATURE: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5 X-PARTNER-ID: 821508239190 X-EXTERNAL-ID: 418075533589 Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ Content-Type: application/json Accept: */* Content-Length: 490 { "cardData": "5cg2G2719+jxU1RfcGmeCyQrLagUaAWJWWhLpm/mbkiTIrb9qA5kQgAZ4jTsMWOgMxB7lJX6k1hiv5Mq4ltG5g==|GbD2PwzJIgpPijLs14BwZQ==", "custIdMerchant": "cust001", "phoneNo": "628238748728423", "additionalInfo": { "channel": "DIRECT_DEBIT_BRI_SNAP", "customerName": "John Doe", "email": "john.doe@doku.com", "idCard": "12345", "country": "Indonesia", "address": "Bali", "dateOfBirth": "19990101", "successRegistrationUrl": "https://merchant.doku.com/success", "failedRegistrationUrl": "https://www.merchant.com/failed" } }

{ "responseCode": "2000700", "responseMessage": "Successful", "referenceNo": "129260743966", "redirectUrl": "https://doku.com/direct-debit/ui/binding/2238230713001534401107183161486001168389", "additionalInfo": { "custIdMerchant": 12345679504, "status": "PENDING", "authCode": 2.23823090518282e+39 } }

POST /direct-debit/core/v1/debit/refund HTTP/1.1 Host: {api-domain} X-TIMESTAMP: 2020-12-21T07:56:11.000Z X-SIGNATURE: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5 X-PARTNER-ID: 821508239190 X-EXTERNAL-ID: 418075533589 Authorization-customer: Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ Content-Type: application/json Accept: */* Content-Length: 243 { "additionalInfo": { "channel": "DIRECT_DEBIT_BRI_SNAP" }, "originalPartnerReferenceNo": "INV-0001", "originalExternalId": "REQ-0001", "refundAmount": { "value": "10000.00", "currency": "IDR" }, "reason": "Request by Customer", "partnerRefundNo": "INV-REF-0001" }

{ "responseCode": "2000700", "responseMessage": "Successful", "refundAmount": { "value": "10000.00", "currency": "IDR" }, "originalPartnerReferenceNo": "Ra7o1bLJAh2oV9eb33129stQc5xFm5s7", "originalReferenceNo": "Ra7o1bLJAh2oV9eb33129stQc5xFm5s7", "refundNo": "Ra7o1bLJAh2oV9eb33129stQc5xFm5s7", "partnerRefundNo": "Ra7o1bLJAh2oV9eb33129stQc5xFm5s7", "refundTime": "2024-01-01T09:09:00.123" }

POST /direct-debit/core/v1/otp-verification HTTP/1.1 Host: {api-domain} X-TIMESTAMP: 2020-12-21T07:56:11.000Z X-SIGNATURE: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5 X-PARTNER-ID: 821508239190 X-EXTERNAL-ID: 418075533589 Authorization-customer: Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ Content-Type: application/json Accept: */* Content-Length: 222 { "originalPartnerReferenceNo": "INV-0001", "otp": "111000", "action": "otpPayment", "additionalInfo": { "channel": "DIRECT_DEBIT_BRI_SNAP", "bankCardToken": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnR" } }

POST /direct-debit/core/v1/debit/payment-host-to-host HTTP/1.1 Host: {api-domain} X-TIMESTAMP: 2020-12-21T07:56:11.000Z X-SIGNATURE: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5 X-PARTNER-ID: 821508239190 X-EXTERNAL-ID: 418075533589 Authorization-customer: Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ Content-Type: application/json Accept: */* Content-Length: 246 { "partnerReferenceNo": "INV-0001", "amount": { "value": "10000.00", "currency": "IDR" }, "additionalInfo": { "channel": "DIRECT_DEBIT_BRI_SNAP", "successPaymentUrl": "www.merchant.com/success", "failedPaymentUrl": "www.merchant.com/failed", "paymentType": "SALE" } }

BRI Direct Debit

BRI Direct Debit

Integration Steps

1. Card Registration

API Endpoint

2. OTP Verification

API Endpoint

3. Payment

Payment - Tokenization

Payment - Recurring

API Endpoint

4. Payment Notification

5. Additional Feature

Online Refund

API Endpoint

Card Registration Unbinding

API Endpoint

Integration Steps

1. Card Registration

API Endpoint

2. OTP Verification

API Endpoint

3. Payment

Payment - Tokenization

Payment - Recurring

API Endpoint

4. Payment Notification

5. Additional Feature

Online Refund

API Endpoint

Card Registration Unbinding

API Endpoint

Unbinding process from Merchant

Register card for direct debit BRI

Request Refund From Merchant for Direct Debit Transaction

OTP Verification for Payment BRI

Request Payment From Merchant for Direct Debit BRI