B2B2C

API Endpoint

To get access token, you need to hit this API endpoint :

Type Value

Type	Value
Service Code	74
HTTP Method	POST
Path	`/api/v1/access-token/b2b2c`

Service Code

HTTP Method

POST

Path

/api/v1/access-token/b2b2c

API Request Header to get Token

X-SIGNATURE: Pxlv2IIUVdlzdUnbSQqug8YeghmKXJ7Rw5P4xBOOB/tC457UsoZXkO4S1R3oszVcjZDSh38+==
X-TIMESTAMP: 2022-10-07T14:18:39+07:00
X-CLIENT-KEY: MCH-0008-1296507211683
Content-Type: application/json

Request Header Explanation

Parameter Data Type Type Description

Parameter	Data Type	Type	Description
X-Signature	`string`	Mandatory	Non-Repudiation & Integrity checking X-Signature : with asymmetric signature algorithm SHA256withRSA (Private_Key, stringToSign) `stringToSign = client_ID + “\|” + X- TIMESTAMP`
X-Timestamp	`string`	Mandatory	Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
X- Client-Key	`string`	Mandatory	Client’s client_id (PJP Name) (given at completion registration process) Merchant to DOKU : client_id merchant `Acquirer to DOKU : client_key given by DOKU` `DOKU to Acquirer : client_key given by acquirer.`
content-type	`string`	Mandatory	String represents indicate the media type of the resource (e.g. application/json, application/pdf)

X-Signature

string

Mandatory

Non-Repudiation & Integrity checking X-Signature : with asymmetric signature algorithm SHA256withRSA (Private_Key, stringToSign) stringToSign = client_ID + “|” + X- TIMESTAMP

X-Timestamp

string

Mandatory

Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z

X- Client-Key

string

Mandatory

Client’s client_id (PJP Name) (given at completion registration process)
Merchant to DOKU : client_id merchant

Acquirer to DOKU : client_key given by DOKU

DOKU to Acquirer : client_key given by acquirer.

content-type

string

Mandatory

String represents indicate the media type of the resource (e.g. application/json, application/pdf)

API Request Body

Here is the sample of request body to Get Token :

{
   "grantType":"authorization_code",
   "authCode":"a6975f82-d00a-4ddc-9633-087fefb6275e",
   "refreshToken":"83a58570-6795-11ec-90d6-0242ac120003",
   "additionalInfo":{
  
   }
}

Request Body Explanation

Parameter Data Type Type Description

Parameter	Data Type	Type	Description
`grantType`	String	Mandatory	“client_credentials” : The client can request an access token using only its client credentials (or other supported means of authentication) when the client is requesting access to the protected resources under its control (OAuth 2.0: RFC 6749 & 6750)
`authCode`	String	Conditional	The authorization code received after the User provides the consent. Mandatory if grantType = AUTHORIZATION_CODE
`refreshToken`	String	Conditional	Refresh token to get a new accessToken where the User doesn't need to provide the consent again. Mandatory if grantType = REFRESH_TOKEN. Refresh Token should be less than access token validity and will be manage by the PJP’s application to generate a new access_token
`additionalInfo`	Object	Optional	Additional Information

grantType

String

Mandatory

“client_credentials” : The client can request an access token using only its client credentials (or other supported means of authentication) when the client is requesting access to the protected resources under its control (OAuth 2.0: RFC 6749 & 6750)

authCode

String

Conditional

The authorization code received after the User provides the consent. Mandatory if grantType = AUTHORIZATION_CODE

refreshToken

String

Conditional

Refresh token to get a new accessToken where the User doesn't need to provide the consent again. Mandatory if grantType = REFRESH_TOKEN. Refresh Token should be less than access token validity and will be manage by the PJP’s application to generate a new access_token

additionalInfo

Object

Optional

Additional Information

API Response Body

API Response Header

After hitting the above API Request, DOKU will give the response below

Type	Value
HTTP Status	200
Result	Success

Type

Value

HTTP Status

200

Result

Success

X-CLIENT-KEY: "MCH-0008-1296507211683",
X-TIMESTAMP: "2022-10-07T14:26:50+07:00"

Parameter Data Type Type Description

Parameter	Data Type	Type	Description
X-Timestamp	String	Mandatory	Client's current local time in YYYY-MM-DDTHH:mm:ssZ format
X-Client-Key	String	Mandatory	Client’s client_id (PJP Name) (given at completion registration process) `Merchant to DOKU : client_id merchant.` `DOKU to Acquirer : client_key given by acquirer.` `Acquirer to DOKU : client_key given by DOKU`

X-Timestamp

String

Mandatory

Client's current local time in YYYY-MM-DDTHH:mm:ssZ format

X-Client-Key

String

Mandatory

Client’s client_id (PJP Name) (given at completion registration process)

Merchant to DOKU : client_id merchant.

DOKU to Acquirer : client_key given by acquirer.

Acquirer to DOKU : client_key given by DOKU

API Response Body

{
   "responseCode":"2007400",
   "responseMessage":"Successful",
   "accessToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIyMTFlZThiMi1hN2FlLTRhZGUtYmJlYS1mNzI3MDk3ZmQ0NmEiLCJjbGllbnRJZCI6IjZhZTk1N2M0LTI4NjMtNDcxMy1hY2NlLWJhMTJkZTYzNmNmYyIsIm5iZiI6MTYxMTQ2ODk3OCwiZXhwIjoxNjExNDY5ODc4LCJpYXQiOjE2MTE0Njg5Nzh9.KM7yz9GvuUaDR1bXwei4iO0h4e3g4o1Hct5Ie9VoBdo",
   "tokenType":"Bearer",
   "accessTokenExpiryTime":"2020-01-01T00:00:00+07:00",
   "refreshToken":"57d21fe3-ba9c-4f2d-9fde-eae669bbf80d",
   "refreshTokenExpiryTime":"2020-01-01T00:00:00+07:00",
   "additionalInfo":{
   }
}

Parameter Data Type Type Description

Parameter	Data Type	Type	Description
`responseCode`	String (6)	Mandatory	Response Code : `HTTP status code + service code + case code`
`responseMessage`	String	Mandatory	Response Description
`accessToken`	String (2048)	Mandatory	A string representing an authorization issued to the client that used to access protected resources.
`tokenType`	String	Mandatory	The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). Token Type Value: “Bearer”: includes the access token. string in the request “Mac”: issuing a Message. Authentication Code (MAC) key together with the access token that is used to sign certain components of the HTTP requests. Reference: OAuth2.0 RFC 6749 & 6750
`accessTokenExpiryTime`	String	Mandatory	Session expiry in seconds : 900 (15 minute )
`refreshToken`	String	Mandatory	A random string that can be used by specific client to get a refreshed accessToken to prolong the access to the User's resources.
`refreshTokenExpiryTime`	String	Mandatory	A random string that can be used by specific client to get a refreshed accessToken to prolong the access to the User's resources.
`additionalInfo`	String	Optional	Additional Information

responseCode

String (6)

Mandatory

Response Code :

HTTP status code + service code + case code

responseMessage

String

Mandatory

Response Description

accessToken

String (2048)

Mandatory

A string representing an authorization issued to the client that used to access protected resources.

tokenType

String

Mandatory

The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). Token Type Value: “Bearer”: includes the access token. string in the request “Mac”: issuing a Message. Authentication Code (MAC) key together with the access token that is used to sign certain components of the HTTP requests. Reference: OAuth2.0 RFC 6749 & 6750

accessTokenExpiryTime

String

Mandatory

Session expiry in seconds : 900 (15 minute )

refreshToken

String

Mandatory

A random string that can be used by specific client to get a refreshed accessToken to prolong the access to the User's resources.

refreshTokenExpiryTime

String

Mandatory

A random string that can be used by specific client to get a refreshed accessToken to prolong the access to the User's resources.

additionalInfo

String

Optional

Additional Information

Error Response

For several error cases, the response appear would be like below :

"responseCode": "4017300",
"responseMessage": "Unauthorized. Unknown Client"

"responseCode": "4017300",
"responseMessage": "Unauthorized. Signature"

"responseCode": "4017300",
    "responseMessage": "Unauthorized. Unknown Client"
```

PreviousB2B NextVirtual Account

Last updated 1 month ago