B2B2C
API Endpoint
To get access token, you need to hit this API endpoint :
Type | Value |
---|---|
Service Code | 74 |
HTTP Method | POST |
Path |
API Request Header to get Token
Request Header Explanation
Parameter | Data Type | Type | Description |
---|---|---|---|
X-Signature | Mandatory | Non-Repudiation & Integrity checking X-Signature : with asymmetric signature algorithm SHA256withRSA (Private_Key, stringToSign)
| |
X-Timestamp | Mandatory | Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z | |
X- Client-Key | Mandatory |
| |
content-type | Mandatory | String represents indicate the media type of the resource (e.g. application/json, application/pdf) |
API Request Body
Here is the sample of request body to Get Token :
Request Body Explanation
Parameter | Data Type | Type | Description |
---|---|---|---|
String | Mandatory | “client_credentials” : The client can request an access token using only its client credentials (or other supported means of authentication) when the client is requesting access to the protected resources under its control (OAuth 2.0: RFC 6749 & 6750) | |
String | Conditional | The authorization code received after the User provides the consent. Mandatory if grantType = AUTHORIZATION_CODE | |
String | Conditional | Refresh token to get a new accessToken where the User doesn't need to provide the consent again. Mandatory if grantType = REFRESH_TOKEN. Refresh Token should be less than access token validity and will be manage by the PJP’s application to generate a new access_token | |
Object | Optional | Additional Information |
API Response Body
API Response Header
After hitting the above API Request, DOKU will give the response below
Type | Value |
---|---|
HTTP Status | 200 |
Result | Success |
Parameter | Data Type | Type | Description |
---|---|---|---|
X-Timestamp | String | Mandatory | Client's current local time in YYYY-MM-DDTHH:mm:ssZ format |
X-Client-Key | String | Mandatory | Client’s client_id (PJP Name) (given at completion registration process) |
API Response Body
Parameter | Data Type | Type | Description |
---|---|---|---|
String (6) | Mandatory | Response Code : | |
String | Mandatory | Response Description | |
String (2048) | Mandatory | A string representing an authorization issued to the client that used to access protected resources. | |
String | Mandatory | The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). Token Type Value: “Bearer”: includes the access token. string in the request “Mac”: issuing a Message. Authentication Code (MAC) key together with the access token that is used to sign certain components of the HTTP requests. Reference: OAuth2.0 RFC 6749 & 6750 | |
String | Mandatory | Session expiry in seconds : 900 (15 minute ) | |
String | Mandatory | A random string that can be used by specific client to get a refreshed accessToken to prolong the access to the User's resources. | |
String | Mandatory | A random string that can be used by specific client to get a refreshed accessToken to prolong the access to the User's resources. | |
String | Optional | Additional Information |
Error Response
For several error cases, the response appear would be like below :
Last updated