CIMB Direct Debit
CIMB direct debit offers tokenization scheme that requires customer to input OTP and/or PIN to verify every payment.
Last updated
Was this helpful?
CIMB direct debit offers tokenization scheme that requires customer to input OTP and/or PIN to verify every payment.
Last updated
Was this helpful?
Overview of integration process with CIMB Direct Debit.
Account Binding process should be done before payment can be made and processed. Merchant will send account binding request from customer to DOKU. The request includes customer's phone number that is registered to customer's CIMB account.
Each CIMB account can only be bind to one customer on one merchant. Customer needs to do verification for account binding process by inputting OTP and PIN.
Account Binding Flow
HTTP Method
POST
API Sandbox
API Production
Path
.../direct-debit/core/v1/registration-account-binding
Sample of Request Header, Request Body and Response Body
Notes:
Parameter with (*) is mandatory
Paramater without (*) is optional/conditional
After customer's account is bind/linked and customer has enough balance for payment, merchant can send payment request from customer to DOKU by bringing customer's token.
Payment Flow
HTTP Method
POST
API Sandbox
API Production
Path
.../direct-debit/core/v1/debit/payment-host-to-host
Sample of Request Header, Request Body and Response Body
Notes:
Parameter with (*) is mandatory
Paramater without (*) is optional/conditional
Once customer has submitted their payment request along with the OTP, merchant needs to verify the payment. Merchant can hit this API to verify the OTP.
OTP Verification Flow
HTTP Method
POST
API Sandbox
API Production
Path
.../direct-debit/core/v1/otp-verification
Sample of Request Header, Request Body and Response Body
Notes:
Parameter with (*) is mandatory
Paramater without (*) is optional/conditional
After payment is completed, DOKU will send HTTP Notification to merchant's defined Notification URL
. Learn how to handle the notification from DOKU.
This endpoint is used to create refund request for previous successful payment. Merchant can request a transaction refund to DOKU. Full refund and partial refund are available to be requested.
Online Refund Flow
HTTP Method
POST
API Sandbox
API Production
Path
.../direct-debit/core/v1/debit/refund
Sample of Request Header, Request Body and Response Body
Notes:
Parameter with (*) is mandatory
Paramater without (*) is optional/conditional
If a registered customer no longer wants their account/card to be bind/linked and wish to remove themself from DOKU's and merchant’s system, merchant can send account unbinding request that is initiated by customer.
HTTP Method
POST
API Sandbox
API Production
Path
.../direct-debit/v1/registration-account-unbinding
Sample of Request Header, Request Body and Response Body
Notes:
Parameter with (*) is mandatory
Paramater without (*) is optional/conditional
Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format
2020-12-21T07:56:11.000Z
Algorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)
85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
Unique ID for a partner (DOKU'S Client ID)
821508239190
Numeric String. Reference number that should be unique in the same day (request-id)
418075533589
Default value: DH(DOKU Hosted) Value: DH/H2H
H2H
Access token obtained from B2B2C API
Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a
Access Token obtained from Get B2B Token API
Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Reference No From Partner | max: 12 | Mandatory
INV-0001
Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format
2020-12-21T07:56:11.000Z
Algorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)
85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
Unique ID for a partner (DOKU'S Client ID)
821508239190
Numeric String. Reference number that should be unique in the same day (request-id)
418075533589
Access Token obtained from Get B2B Token API
Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Phone Number Customer | Format: 628238748728423 | min length: 9 max length: 16 | Mandatory
628238748728423
Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format
2020-12-21T07:56:11.000Z
Algorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)
85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
Unique ID for a partner (DOKU'S Client ID)
821508239190
Numeric String. Reference number that should be unique in the same day (request-id)
418075533589
Access token obtained from B2B2C API
Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a
Access Token obtained from Get B2B Token API
Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Partner Reference No Payment | max: 36 | Mandatory
INV-0001
OTP sent to customer | min: 6 max: 6 | Mandatory
111000
Value should always be otpPayment | Mandatory
otpPayment
Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format
2020-12-21T07:56:11.000Z
Algorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)
85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
Unique ID for a partner (DOKU'S Client ID)
821508239190
Numeric String. Reference number that should be unique in the same day (request-id)
418075533589
Access token obtained from B2B2C API
Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a
Access Token obtained from Get B2B Token API
Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Partner Reference No Purchase Transaction | max: 12 | Mandatory
INV-0001
External ID Purchase Transaction | max: 36 |
REQ-0001
Reason from customer | max: 255
Request by Customer
Partner Refund No| max: 12 | Mandatory
INV-REF-0001
Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format
2020-12-21T07:56:11.000Z
Algorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)
85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
Unique ID for a partner (DOKU'S Client ID)
821508239190
Numeric String. Reference number that should be unique in the same day (request-id)
418075533589
Access Token obtained from Get B2B Token API
Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
format: Value from getTokenB2B2C | max: 2048 | Mandatory
eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTg4MjI3NTQsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjAyLTE2OTAyNzUzNTM3OTgiLCJhY2NvdW50SWQiOiJjZTBhZWIyM2YyMmZhOTgxZWViNTE1MjFmZmNkYmUzNyJ9.QZ2z0p2PoCYbuBSId7LleLqTUwNyNIeM1PUSaV4DwGKO05l7xQ3EbpdAPK62hxKNcczKqQqGY2Om6rzS78s2Tj88dkDD2vl46o3xEPd_plqQW8ayFqS74Z_HcFJfdo-egqFv9rAX7qgiE5AJHSx_hFolET9B3o3Jx82lmQutnXOjYb5gW9PV0FCPIZRWOaXppOSJSVcmTvXZxF0KUID9-2QVmQ5aPZroHjShYJKGyUu-1tCPClD_CbZMCi3TxhKLnI3e2oIoK7VjXEsrJjuil8O1zZTT7_aXAGgTu5UcPCrc0U9_3Nj-wQlEjDpedMVypKAWATWBUVpMo2MAsBRDAw