API Reference
DOKU DocsChangelogDOKU Github
  • Getting Started with DOKU API
    • User Registration
    • Idempotency Request
    • Notification
      • Setup Notification URL
      • HTTP Notification Sample for SNAP
      • HTTP Notification Sample - Non SNAP
      • Best Practice
      • Retry Notification
      • Override Notification URL
    • Signature Component
      • Non-SNAP
        • Signature Component from Request Header
        • Signature Componen from Response Header
        • Signature from API Get Method
        • Sample Code
      • SNAP
        • Symmetric Signature
        • Asymmetric Signature
    • Response Code
      • HTTP Status and Case Code
    • Check Status API
      • Non-SNAP
      • SNAP
    • Retrieve Payment Credential
  • Accept Payment
    • DOKU Checkout
      • Integration Guide
        • Backend Integration
        • Frontend Integration
        • Simulate payment and Notification
      • Supported Payment Methods
      • Status Order
      • Additional Feature
        • Tokenization
        • Promo on DOKU Checkout Page
        • Track Campaign Source on Google Analytics
      • Checkout Settings
    • Direct API
      • Non-SNAP
        • Cards
          • Payment Page Integration Guide
          • Host-To-Host Integration Guide
          • Mastercard Automatic Billing Updater (ABU) Integration Guide
            • Backend Integration
        • e-Wallet
          • Overview
          • DOKU e-Wallet
          • OVO Push Payment
          • ShopeePay
          • LinkAja
        • Paylater
          • Akulaku
          • Kredivo
          • Indodana
        • Digital Banking
          • Jenius Pay
        • Convenience Store
          • Alfa Group
          • Indomaret
      • SNAP
        • Integration Guide
          • Get Token API
            • B2B
            • B2B2C
          • Virtual Account
            • CIMB Virtual Account
            • BSI Virtual Account
            • BCA Virtual Account
            • BNC Virtual Account
            • BNI Virtual Account
            • Mandiri Virtual Account
            • BRI Virtual Account
            • BTN Virtual Account
            • Permata Virtual Account
            • Danamon Virtual Account
            • BSS Virtual Account
          • E-Wallet
            • DOKU Wallet
            • DANA
            • OVO
            • ShopeePay
          • Direct Debit
            • Allo Bank Direct Debit
            • BRI Direct Debit
            • CIMB Direct Debit
            • Mandiri Direct Debit
          • Kartu Kredit Indonesia Cepat Secure(KKI CPTS)
            • Host to Host Integration
          • QRIS
    • Finance and Settlement
      • Split Settlement
      • Custom Settlement Report
      • Hold and Release Settlement
      • Bulk Registration Bank
    • Test on DOKU Demo Site
    • DOKU Payment Simulator
  • Developer Kit
    • Postman Collection
    • Libraries and SDK
  • Wallet As A Service
    • Sub Account
  • Partnership
    • Partner API
      • Check Requirements API
      • Generate Token API
      • Upload File API
      • Business Registration API
      • Create Business Lite API
      • Get Business Data API
  • Payout
    • Kirim DOKU
  • FLEXIBILL
    • Account Billing
      • Batch Upload
    • DOKU Biller
      • Response Code
      • Samples
  • PAYCHAT API
    • Send WhatsApp Message
  • Archive
    • Non-SNAP
      • Tokenization V1
      • e-Wallet
        • OVO Recurring
        • OVO Open API
    • SNAP
      • Virtual Account
        • BCA v1.0
        • BRI v1.0
        • BNI v1.0
        • BNC v1.0
        • Mandiri v1.0
        • BTN v1.0
        • Permata v1.0
        • Danamon Virtual Account
      • e-Wallet
        • OVO Open API
        • DANA
        • ShopeePay
      • Direct Debit
        • CIMB Direct Debit
        • BRI Direct Debit
        • Allobank
Powered by GitBook

DOKU API

  • Legacy Documentation
On this page

Was this helpful?

  1. Accept Payment
  2. Direct API
  3. SNAP
  4. Integration Guide
  5. Direct Debit

BRI Direct Debit

BRI offers 2 payment schemes, which are; 1) Tokenization scheme, and 2) Recurring scheme.

PreviousAllo Bank Direct DebitNextCIMB Direct Debit

Last updated 4 months ago

Was this helpful?

Integration Steps

Overview of integration process with BRI Direct Debit


1. Card Registration

Card Registration process should be done before payment can be made and processed. Merchant will send card registration request from customer to DOKU. The request includes customer's card number that is registered to customer's BRI account.

Each card/account can only registered/bind to one customer on one merchant. Customer needs to verify OTP and input PIN on BRI page.

CBC Encryption

To request card registration process, merchant requires to bring object cardData which value should be encrypted using CBC Algorithm.

CBC Encryption - Steps:

  1. Prepare shared key from DOKU as Secret Key

    • Substring shared key only 16 digits

    • Example code:

    private String getSharedKey(String sharedKey) {
        if (sharedKey.length() != 16) {
    sharedKey = sharedKey.length() > 16 ? sharedKey.substring(0, 16) : String.format("%-16s", sharedKey).replace(' ', '-');
        }
        return sharedKey;
    }
  2. Generate Initial Value (IV)

    • Generate initial value with 16 bytes and then encode using Base 64

    • Example code:

    byte[] iv = new byte[16];
    new SecureRandom().nextBytes(iv);
    IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
    String ivString = Base64.getEncoder().encodeToString(ivParameterSpec.getIV());
  3. Using Cipher CBC

    • Value that will be encrypted combine with secret key generated before

    • After that encode the value using Base 64

    • Example code:

    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); //NOSONAR
    cipher.init(Cipher.ENCRYPT_MODE, key, ivParameterSpec);
    byte[] cipherText = cipher.doFinal(input.getBytes());
    String cipherString = Base64.getEncoder().encodeToString(cipherText);
  4. Combine CBC and IV

    • Combine value CBC Cipher with IV value with separator (|)

    • Example code:

    String value = cipherString + "|" + ivString;

Tools Using Java - Steps:

  • Install JDK 17

  • Go to folder

  • Run with command java -jar cbc-tools.jar

Card Registration Flow

API Endpoint

Environment
Endpoint

HTTP Method

POST

API Sandbox

API Production

Path

.../direct-debit/core/v1/registration-card-bind

Sample of Request Header, Request Body and Response Body

Notes:

Parameter with (*) is mandatory

Paramater without (*) is optional/conditional


2. OTP Verification

Once customer has registered their card through the platform, merchant needs to verify the card. Merchant can hit this API to verify the OTP.

OTP Verification Flow

API Endpoint

Environment
Endpoint

HTTP Method

POST

API Sandbox

API Production

Path

.../direct-debit/core/v1/otp-verification

Sample of Request Header, Request Body and Response Body

Notes:

Parameter with (*) is mandatory

Paramater without (*) is optional/conditional


3. Payment

After customer's card is registered, payment process can be requested by bringing the card token generated in card registration process. After merchant hit payment API, DOKU will deduct customer's balance.

Payment - Tokenization

In tokenization scheme, every payment needs to be verified by customer with inputting OTP and/or PIN. In order to do that, merchant needs to bring parameter paymentType : "SALE"in payment request body.

And as the response, merchant will receive parameter webRedirectUrl to redirect the customer to merchant's page/platform to complete the payment by inputting OTP and/or PIN. After the payment is completed, merchant then will receive the notification.

Payment - Recurring

In recurring scheme, the payment process will be scheduled. Hence, verification using OTP and/or PIN is not required in every payment. Customers only need to do the verification during card registration process and it will give merchant the authorization to run scheduled payment. In order to do that, merchant needs to bring parameter CHANNEL-ID : "H2H" in request header andpaymentType : "RECURRING"in payment request body.

And as the response, merchant will not receive parameter webRedirectUrl to redirect the customer to merchant's page/platform to complete the payment. Payment request will be directly processed by acquirer and merchant will receive the notification.

Payment Flow

This below payment flow is for tokenization scheme.

API Endpoint

Environment
Endpoint

HTTP Method

POST

API Sandbox

API Production

Path

.../direct-debit/core/v1/debit/payment-host-to-host

Sample of Request Header, Request Body and Response Body

Notes:

Parameter with (*) is mandatory

Paramater without (*) is optional/conditional


4. Payment Notification


5. Additional Feature

Online Refund

This endpoint is used to create refund request for previous successful payment. Merchant can request a transaction refund to DOKU. Full refund and partial refund are available to be requested.

Online Refund Flow

API Endpoint

Environment
Endpoint

HTTP Method

POST

API Sandbox

API Production

Path

.../direct-debit/core/v1/debit/refund

Sample of Request Header, Request Body and Response Body

Notes:

Parameter with (*) is mandatory

Paramater without (*) is optional/conditional

Card Registration Unbinding

If a registered customer no longer wants their account/card to be bind/linked and wish to remove themself from DOKU's and merchant’s system, merchant can send account unbinding request that is initiated by customer.

API Endpoint

Environment
Endpoint

HTTP Method

POST

API Sandbox

API Production

Path

.../direct-debit/core/v1/registration-card-unbind

Sample of Request Header, Request Body and Response Body

Notes:

Parameter with (*) is mandatory

Paramater without (*) is optional/conditional

After payment is completed, DOKU will send HTTP Notification to merchant's defined Notification URL. Learn how to .

handle the notification from DOKU
Card Registration
OTP Verification
Payment
Payment Notification
Additional Feature
https://api-sandbox.doku.com
https://api.doku.com
https://api-sandbox.doku.com
https://api.doku.com
https://api-sandbox.doku.com
https://api.doku.com
https://api-sandbox.doku.com
https://api.doku.com
https://api-sandbox.doku.com
https://api.doku.com
4KB
cbc-tools.jar.zip
archive
CBC Encryption Tools
Card Registration Flow - BRI Direct Debit
OTP Verification Flow - BRI Direct Debit
Payment Flow - BRI Direct Debit - Tokenization Scheme
Online Refund Flow - BRI Direct Debit

Unbinding process from Merchant

post
Header parameters
X-TIMESTAMPstring · utc timestampRequired

Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format

Example: 2020-12-21T07:56:11.000Z
X-SIGNATUREstringRequired

Algorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)

Example: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-IDstringRequired

Unique ID for a partner (DOKU'S Client ID)

Example: 821508239190
X-EXTERNAL-IDstringRequired

Numeric String. Reference number that should be unique in the same day (request-id)

Example: 418075533589
AuthorizationstringRequired

Access Token obtained from Get B2B Token API

Example: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Body
tokenIdstringOptional

format: Value from getTokenB2B2C | max: 2048 | Mandatory

Example: eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTg4MjI3NTQsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjAyLTE2OTAyNzUzNTM3OTgiLCJhY2NvdW50SWQiOiJjZTBhZWIyM2YyMmZhOTgxZWViNTE1MjFmZmNkYmUzNyJ9.QZ2z0p2PoCYbuBSId7LleLqTUwNyNIeM1PUSaV4DwGKO05l7xQ3EbpdAPK62hxKNcczKqQqGY2Om6rzS78s2Tj88dkDD2vl46o3xEPd_plqQW8ayFqS74Z_HcFJfdo-egqFv9rAX7qgiE5AJHSx_hFolET9B3o3Jx82lmQutnXOjYb5gW9PV0FCPIZRWOaXppOSJSVcmTvXZxF0KUID9-2QVmQ5aPZroHjShYJKGyUu-1tCPClD_CbZMCi3TxhKLnI3e2oIoK7VjXEsrJjuil8O1zZTT7_aXAGgTu5UcPCrc0U9_3Nj-wQlEjDpedMVypKAWATWBUVpMo2MAsBRDAw
Responses
200
Successful
application/json
post
POST /direct-debit/core/v1/registration-card-unbind HTTP/1.1
Host: {api-domain}
X-TIMESTAMP: 2020-12-21T07:56:11.000Z
X-SIGNATURE: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-ID: 821508239190
X-EXTERNAL-ID: 418075533589
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Content-Type: application/json
Accept: */*
Content-Length: 583

{
  "tokenId": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTg4MjI3NTQsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjAyLTE2OTAyNzUzNTM3OTgiLCJhY2NvdW50SWQiOiJjZTBhZWIyM2YyMmZhOTgxZWViNTE1MjFmZmNkYmUzNyJ9.QZ2z0p2PoCYbuBSId7LleLqTUwNyNIeM1PUSaV4DwGKO05l7xQ3EbpdAPK62hxKNcczKqQqGY2Om6rzS78s2Tj88dkDD2vl46o3xEPd_plqQW8ayFqS74Z_HcFJfdo-egqFv9rAX7qgiE5AJHSx_hFolET9B3o3Jx82lmQutnXOjYb5gW9PV0FCPIZRWOaXppOSJSVcmTvXZxF0KUID9-2QVmQ5aPZroHjShYJKGyUu-1tCPClD_CbZMCi3TxhKLnI3e2oIoK7VjXEsrJjuil8O1zZTT7_aXAGgTu5UcPCrc0U9_3Nj-wQlEjDpedMVypKAWATWBUVpMo2MAsBRDAw",
  "additionalInfo": {
    "channel": "DIRECT_DEBIT_BRI_SNAP"
  }
}
200

Successful

{
  "responseCode": "2000500",
  "responseMessage": "Successful",
  "referenceNo": "UNB-0001",
  "redirectUrl": "https://doku.com/direct-debit/ui/binding/2238230713001534401107183161486001168389"
}

Register card for direct debit BRI

post
Header parameters
X-TIMESTAMPstring · utc timestampRequired

Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format

Example: 2020-12-21T07:56:11.000Z
X-SIGNATUREstringRequired

Algorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)

Example: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-IDstringRequired

Unique ID for a partner (DOKU'S Client ID)

Example: 821508239190
X-EXTERNAL-IDstringRequired

Numeric String. Reference number that should be unique in the same day (request-id)

Example: 418075533589
CHANNEL-IDstringOptional

Enum: DH/H2H (Default: DH) | Max: 3

Example: DH
AuthorizationstringRequired

Access Token obtained from Get B2B Token API

Example: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Body
cardDatastringRequired

Format Object: { "bankCardNo": "13763689649826892", "bankCardType": "D", "expiryDate": "0129" } Encrypt using CBC Algorithm Value: encryptedValue + ivString

Example: 5cg2G2719+jxU1RfcGmeCyQrLagUaAWJWWhLpm/mbkiTIrb9qA5kQgAZ4jTsMWOgMxB7lJX6k1hiv5Mq4ltG5g==|GbD2PwzJIgpPijLs14BwZQ==
custIdMerchantstringRequired

Customer id from merchant | Alphanumeric | max length: 64 |

Example: cust001
phoneNostringOptional

Phone Number Customer | Format: 628238748728423 | min length: 9 max length: 16 | Mandatory

Example: 628238748728423
Responses
200
Successful
application/json
post
POST /direct-debit/core/v1/registration-card-bind HTTP/1.1
Host: {api-domain}
X-TIMESTAMP: 2020-12-21T07:56:11.000Z
X-SIGNATURE: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-ID: 821508239190
X-EXTERNAL-ID: 418075533589
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Content-Type: application/json
Accept: */*
Content-Length: 490

{
  "cardData": "5cg2G2719+jxU1RfcGmeCyQrLagUaAWJWWhLpm/mbkiTIrb9qA5kQgAZ4jTsMWOgMxB7lJX6k1hiv5Mq4ltG5g==|GbD2PwzJIgpPijLs14BwZQ==",
  "custIdMerchant": "cust001",
  "phoneNo": "628238748728423",
  "additionalInfo": {
    "channel": "DIRECT_DEBIT_BRI_SNAP",
    "customerName": "John Doe",
    "email": "john.doe@doku.com",
    "idCard": "12345",
    "country": "Indonesia",
    "address": "Bali",
    "dateOfBirth": "19990101",
    "successRegistrationUrl": "https://merchant.doku.com/success",
    "failedRegistrationUrl": "https://www.merchant.com/failed"
  }
}
200

Successful

{
  "responseCode": "2000700",
  "responseMessage": "Successful",
  "referenceNo": "129260743966",
  "redirectUrl": "https://doku.com/direct-debit/ui/binding/2238230713001534401107183161486001168389",
  "additionalInfo": {
    "custIdMerchant": 12345679504,
    "status": "PENDING",
    "authCode": 2.23823090518282e+39
  }
}

Request Refund From Merchant for Direct Debit Transaction

post
Header parameters
X-TIMESTAMPstring · utc timestampRequired

Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format

Example: 2020-12-21T07:56:11.000Z
X-SIGNATUREstringRequired

Algorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)

Example: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-IDstringRequired

Unique ID for a partner (DOKU'S Client ID)

Example: 821508239190
X-EXTERNAL-IDstringRequired

Numeric String. Reference number that should be unique in the same day (request-id)

Example: 418075533589
Authorization-customerstringRequired

Access token obtained from B2B2C API

Example: Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a
AuthorizationstringRequired

Access Token obtained from Get B2B Token API

Example: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Body
originalPartnerReferenceNostringRequired

Partner Reference No Purchase Transaction | max: 12 | Mandatory

Example: INV-0001
originalExternalIdstringOptional

External ID Purchase Transaction | max: 36 |

Example: REQ-0001
reasonstringOptional

Reason from customer | max: 255

Example: Request by Customer
partnerRefundNostringRequired

Partner Refund No| max: 12 | Mandatory

Example: INV-REF-0001
Responses
200
Successful
application/json
post
POST /direct-debit/core/v1/debit/refund HTTP/1.1
Host: {api-domain}
X-TIMESTAMP: 2020-12-21T07:56:11.000Z
X-SIGNATURE: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-ID: 821508239190
X-EXTERNAL-ID: 418075533589
Authorization-customer: Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Content-Type: application/json
Accept: */*
Content-Length: 243

{
  "additionalInfo": {
    "channel": "DIRECT_DEBIT_BRI_SNAP"
  },
  "originalPartnerReferenceNo": "INV-0001",
  "originalExternalId": "REQ-0001",
  "refundAmount": {
    "value": "10000.00",
    "currency": "IDR"
  },
  "reason": "Request by Customer",
  "partnerRefundNo": "INV-REF-0001"
}
200

Successful

{
  "responseCode": "2000700",
  "responseMessage": "Successful",
  "refundAmount": {
    "value": "10000.00",
    "currency": "IDR"
  },
  "originalPartnerReferenceNo": "Ra7o1bLJAh2oV9eb33129stQc5xFm5s7",
  "originalReferenceNo": "Ra7o1bLJAh2oV9eb33129stQc5xFm5s7",
  "refundNo": "Ra7o1bLJAh2oV9eb33129stQc5xFm5s7",
  "partnerRefundNo": "Ra7o1bLJAh2oV9eb33129stQc5xFm5s7",
  "refundTime": "2024-01-01T09:09:00.123"
}
  • Integration Steps
  • 1. Card Registration
  • POSTRegister card for direct debit BRI
  • 2. OTP Verification
  • POSTOTP Verification for Payment BRI
  • 3. Payment
  • POSTRequest Payment From Merchant for Direct Debit BRI
  • 4. Payment Notification
  • 5. Additional Feature
  • Online Refund
  • POSTRequest Refund From Merchant for Direct Debit Transaction
  • Card Registration Unbinding
  • POSTUnbinding process from Merchant

OTP Verification for Payment BRI

post
Header parameters
X-TIMESTAMPstring · utc timestampRequired

Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format

Example: 2020-12-21T07:56:11.000Z
X-SIGNATUREstringRequired

Algorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)

Example: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-IDstringRequired

Unique ID for a partner (DOKU'S Client ID)

Example: 821508239190
X-EXTERNAL-IDstringRequired

Numeric String. Reference number that should be unique in the same day (request-id)

Example: 418075533589
Authorization-customerstringRequired

Access token obtained from B2B2C API

Example: Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a
AuthorizationstringRequired

Access Token obtained from Get B2B Token API

Example: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Body
originalPartnerReferenceNostringRequired

Partner Reference No Payment | max: 36 | Mandatory

Example: INV-0001
otpstringRequired

OTP sent to customer | min: 6 max: 6 | Mandatory

Example: 111000
actionstringRequired

Value should always be otpPayment | Mandatory

Example: otpPayment
Responses
200
Successful
application/json
post
POST /direct-debit/core/v1/otp-verification HTTP/1.1
Host: {api-domain}
X-TIMESTAMP: 2020-12-21T07:56:11.000Z
X-SIGNATURE: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-ID: 821508239190
X-EXTERNAL-ID: 418075533589
Authorization-customer: Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Content-Type: application/json
Accept: */*
Content-Length: 222

{
  "originalPartnerReferenceNo": "INV-0001",
  "otp": "111000",
  "action": "otpPayment",
  "additionalInfo": {
    "channel": "DIRECT_DEBIT_BRI_SNAP",
    "bankCardToken": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnR"
  }
}
200

Successful

{
  "responseCode": 2000400,
  "responseMessage": "Successful",
  "originalReferenceNo": "GuJNX01wKYMdEGNUJ1k"
}

Request Payment From Merchant for Direct Debit BRI

post
Header parameters
X-TIMESTAMPstring · utc timestampRequired

Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format

Example: 2020-12-21T07:56:11.000Z
X-SIGNATUREstringRequired

Algorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)

Example: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-IDstringRequired

Unique ID for a partner (DOKU'S Client ID)

Example: 821508239190
X-EXTERNAL-IDstringRequired

Numeric String. Reference number that should be unique in the same day (request-id)

Example: 418075533589
CHANNEL-IDstringOptional

Default value: DH(DOKU Hosted) Value: DH/H2H

Example: H2H
Authorization-customerstringRequired

Access token obtained from B2B2C API

Example: Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a
AuthorizationstringRequired

Access Token obtained from Get B2B Token API

Example: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Body
partnerReferenceNostringRequired

Reference No From Partner | max: 64 | Mandatory

Example: INV-0001
Responses
200
Successful
application/json
post
POST /direct-debit/core/v1/debit/payment-host-to-host HTTP/1.1
Host: {api-domain}
X-TIMESTAMP: 2020-12-21T07:56:11.000Z
X-SIGNATURE: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-ID: 821508239190
X-EXTERNAL-ID: 418075533589
Authorization-customer: Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Content-Type: application/json
Accept: */*
Content-Length: 246

{
  "partnerReferenceNo": "INV-0001",
  "amount": {
    "value": "10000.00",
    "currency": "IDR"
  },
  "additionalInfo": {
    "channel": "DIRECT_DEBIT_BRI_SNAP",
    "successPaymentUrl": "www.merchant.com/success",
    "failedPaymentUrl": "www.merchant.com/failed",
    "paymentType": "SALE"
  }
}
200

Successful

{
  "responseCode": "2005400",
  "responseMessage": "Successful",
  "webRedirectUrl": "https://app-uat.doku.com/link/283702597342040",
  "partnerReferenceNo": "INV-0001"
}