BRI Direct Debit
BRI offers 2 payment schemes, which are; 1) Tokenization scheme, and 2) Recurring scheme.
Last updated
Was this helpful?
BRI offers 2 payment schemes, which are; 1) Tokenization scheme, and 2) Recurring scheme.
Last updated
Was this helpful?
Overview of integration process with BRI Direct Debit
Card Registration process should be done before payment can be made and processed. Merchant will send card registration request from customer to DOKU. The request includes customer's card number that is registered to customer's BRI account.
Each card/account can only registered/bind to one customer on one merchant. Customer needs to verify OTP and input PIN on BRI page.
CBC Encryption
To request card registration process, merchant requires to bring object cardData which value should be encrypted using CBC Algorithm.
CBC Encryption - Steps:
Prepare shared key from DOKU as Secret Key
Substring shared key only 16 digits
Example code:
Generate Initial Value (IV)
Generate initial value with 16 bytes and then encode using Base 64
Example code:
Using Cipher CBC
Value that will be encrypted combine with secret key generated before
After that encode the value using Base 64
Example code:
Combine CBC and IV
Combine value CBC Cipher with IV value with separator (|)
Example code:
Tools Using Java - Steps:
Install JDK 17
Go to folder
Run with command java -jar cbc-tools.jar
Card Registration Flow
HTTP Method
POST
API Sandbox
API Production
Path
.../direct-debit/core/v1/registration-card-bind
Sample of Request Header, Request Body and Response Body
Notes:
Parameter with (*) is mandatory
Paramater without (*) is optional/conditional
Once customer has registered their card through the platform, merchant needs to verify the card. Merchant can hit this API to verify the OTP.
OTP Verification Flow
HTTP Method
POST
API Sandbox
API Production
Path
.../direct-debit/core/v1/otp-verification
Sample of Request Header, Request Body and Response Body
Notes:
Parameter with (*) is mandatory
Paramater without (*) is optional/conditional
After customer's card is registered, payment process can be requested by bringing the card token generated in card registration process. After merchant hit payment API, DOKU will deduct customer's balance.
In tokenization scheme, every payment needs to be verified by customer with inputting OTP and/or PIN. In order to do that, merchant needs to bring parameter paymentType : "SALE"in payment request body.
And as the response, merchant will receive parameter webRedirectUrl to redirect the customer to merchant's page/platform to complete the payment by inputting OTP and/or PIN. After the payment is completed, merchant then will receive the notification.
In recurring scheme, the payment process will be scheduled. Hence, verification using OTP and/or PIN is not required in every payment. Customers only need to do the verification during card registration process and it will give merchant the authorization to run scheduled payment. In order to do that, merchant needs to bring parameter CHANNEL-ID : "H2H" in request header andpaymentType : "RECURRING"in payment request body.
And as the response, merchant will not receive parameter webRedirectUrl to redirect the customer to merchant's page/platform to complete the payment. Payment request will be directly processed by acquirer and merchant will receive the notification.
Payment Flow
This below payment flow is for tokenization scheme.
HTTP Method
POST
API Sandbox
API Production
Path
.../direct-debit/core/v1/debit/payment-host-to-host
Sample of Request Header, Request Body and Response Body
Notes:
Parameter with (*) is mandatory
Paramater without (*) is optional/conditional
This endpoint is used to create refund request for previous successful payment. Merchant can request a transaction refund to DOKU. Full refund and partial refund are available to be requested.
Online Refund Flow
HTTP Method
POST
API Sandbox
API Production
Path
.../direct-debit/core/v1/debit/refund
Sample of Request Header, Request Body and Response Body
Notes:
Parameter with (*) is mandatory
Paramater without (*) is optional/conditional
If a registered customer no longer wants their account/card to be bind/linked and wish to remove themself from DOKU's and merchant’s system, merchant can send account unbinding request that is initiated by customer.
HTTP Method
POST
API Sandbox
API Production
Path
.../direct-debit/core/v1/registration-card-unbind
Sample of Request Header, Request Body and Response Body
Notes:
Parameter with (*) is mandatory
Paramater without (*) is optional/conditional
After payment is completed, DOKU will send HTTP Notification to merchant's defined Notification URL. Learn how to .
Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format
2020-12-21T07:56:11.000ZAlgorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)
85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5Unique ID for a partner (DOKU'S Client ID)
821508239190Numeric String. Reference number that should be unique in the same day (request-id)
418075533589Enum: DH/H2H (Default: DH) | Max: 3
DHAccess Token obtained from Get B2B Token API
Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQFormat Object: { "bankCardNo": "13763689649826892", "bankCardType": "D", "expiryDate": "0129" } Encrypt using CBC Algorithm Value: encryptedValue + ivString
5cg2G2719+jxU1RfcGmeCyQrLagUaAWJWWhLpm/mbkiTIrb9qA5kQgAZ4jTsMWOgMxB7lJX6k1hiv5Mq4ltG5g==|GbD2PwzJIgpPijLs14BwZQ==Customer id from merchant | Alphanumeric | max length: 64 |
cust001Phone Number Customer | Format: 628238748728423 | min length: 9 max length: 16 | Mandatory
628238748728423Successful
Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format
2020-12-21T07:56:11.000ZAlgorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)
85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5Unique ID for a partner (DOKU'S Client ID)
821508239190Numeric String. Reference number that should be unique in the same day (request-id)
418075533589Access Token obtained from Get B2B Token API
Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQformat: Value from getTokenB2B2C | max: 2048 | Mandatory
eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTg4MjI3NTQsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjAyLTE2OTAyNzUzNTM3OTgiLCJhY2NvdW50SWQiOiJjZTBhZWIyM2YyMmZhOTgxZWViNTE1MjFmZmNkYmUzNyJ9.QZ2z0p2PoCYbuBSId7LleLqTUwNyNIeM1PUSaV4DwGKO05l7xQ3EbpdAPK62hxKNcczKqQqGY2Om6rzS78s2Tj88dkDD2vl46o3xEPd_plqQW8ayFqS74Z_HcFJfdo-egqFv9rAX7qgiE5AJHSx_hFolET9B3o3Jx82lmQutnXOjYb5gW9PV0FCPIZRWOaXppOSJSVcmTvXZxF0KUID9-2QVmQ5aPZroHjShYJKGyUu-1tCPClD_CbZMCi3TxhKLnI3e2oIoK7VjXEsrJjuil8O1zZTT7_aXAGgTu5UcPCrc0U9_3Nj-wQlEjDpedMVypKAWATWBUVpMo2MAsBRDAwSuccessful
Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format
2020-12-21T07:56:11.000ZAlgorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)
85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5Unique ID for a partner (DOKU'S Client ID)
821508239190Numeric String. Reference number that should be unique in the same day (request-id)
418075533589Access token obtained from B2B2C API
Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9aAccess Token obtained from Get B2B Token API
Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQPartner Reference No Payment | max: 36 | Mandatory
INV-0001OTP sent to customer | min: 6 max: 6 | Mandatory
111000Value should always be otpPayment | Mandatory
otpPaymentSuccessful
Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format
2020-12-21T07:56:11.000ZAlgorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)
85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5Unique ID for a partner (DOKU'S Client ID)
821508239190Numeric String. Reference number that should be unique in the same day (request-id)
418075533589Default value: DH(DOKU Hosted) Value: DH/H2H
H2HAccess token obtained from B2B2C API
Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9aAccess Token obtained from Get B2B Token API
Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQReference No From Partner | max: 64 | Mandatory
INV-0001Successful
Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format
2020-12-21T07:56:11.000ZAlgorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)
85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5Unique ID for a partner (DOKU'S Client ID)
821508239190Numeric String. Reference number that should be unique in the same day (request-id)
418075533589Access token obtained from B2B2C API
Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9aAccess Token obtained from Get B2B Token API
Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQPartner Reference No Purchase Transaction | max: 12 | Mandatory
INV-0001External ID Purchase Transaction | max: 36 |
REQ-0001Reason from customer | max: 255
Request by CustomerPartner Refund No| max: 12 | Mandatory
INV-REF-0001Successful