B2B2C
API Endpoint
To get access token, you need to hit this API endpoint :
Service Code
74
HTTP Method
POST
Path
/authorization/v1/access-token/b2b2c
API Request Header to get Token
X-SIGNATURE: Pxlv2IIUVdlzdUnbSQqug8YeghmKXJ7Rw5P4xBOOB/tC457UsoZXkO4S1R3oszVcjZDSh38+==
X-TIMESTAMP: 2022-10-07T14:18:39+07:00
X-CLIENT-KEY: MCH-0008-1296507211683
Content-Type: application/json
Request Header Explanation
X-Signature
string
Mandatory
Non-Repudiation & Integrity checking X-Signature : with asymmetric signature algorithm SHA256withRSA (Private_Key, stringToSign)
stringToSign = client_ID + “|” + X- TIMESTAMP
X-Timestamp
string
Mandatory
Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
X- Client-Key
string
Mandatory
Client’s client_id (PJP Name) (given at completion registration process)
Merchant to DOKU : client_id merchant
Acquirer to DOKU : client_key given by DOKU
DOKU to Acquirer : client_key given by acquirer.
content-type
string
Mandatory
application/json
API Request Body
Here is the sample of request body to Get Token :
{
"grantType":"authorization_code",
"authCode":"a6975f82-d00a-4ddc-9633-087fefb6275e",
"refreshToken":"83a58570-6795-11ec-90d6-0242ac120003",
"additionalInfo":{
}
}
Request Body Explanation
grantType
String
Mandatory
There are 2 options for grantType
authorization_code
refresh_token
Use this for get token B2B2C
authCode
String
Conditional
The authorization code received after the User provides the consent. Mandatory if grantType = AUTHORIZATION_CODE
refreshToken
String
Conditional
Refresh token to get a new accessToken where the User doesn't need to provide the consent again. Mandatory if grantType = REFRESH_TOKEN. Refresh Token should be less than access token validity and will be manage by the PJP’s application to generate a new access_token
additionalInfo
Object
Optional
Additional Information
API Response Body
API Response Header
After hitting the above API Request, DOKU will give the response below
HTTP Status
200
Result
Success
X-CLIENT-KEY: "MCH-0008-1296507211683",
X-TIMESTAMP: "2022-10-07T14:26:50+07:00"
X-Timestamp
String
Mandatory
Client's current local time in YYYY-MM-DDTHH:mm:ssZ format
X-Client-Key
String
Mandatory
Client’s client_id (PJP Name) (given at completion registration process)
Merchant to DOKU : client_id merchant.
DOKU to Acquirer : client_key given by acquirer.
Acquirer to DOKU : client_key given by DOKU
API Response Body
{
"responseCode":"2007400",
"responseMessage":"Successful",
"accessToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIyMTFlZThiMi1hN2FlLTRhZGUtYmJlYS1mNzI3MDk3ZmQ0NmEiLCJjbGllbnRJZCI6IjZhZTk1N2M0LTI4NjMtNDcxMy1hY2NlLWJhMTJkZTYzNmNmYyIsIm5iZiI6MTYxMTQ2ODk3OCwiZXhwIjoxNjExNDY5ODc4LCJpYXQiOjE2MTE0Njg5Nzh9.KM7yz9GvuUaDR1bXwei4iO0h4e3g4o1Hct5Ie9VoBdo",
"tokenType":"Bearer",
"accessTokenExpiryTime":"2020-01-01T00:00:00+07:00",
"refreshToken":"57d21fe3-ba9c-4f2d-9fde-eae669bbf80d",
"refreshTokenExpiryTime":"2020-01-01T00:00:00+07:00",
"additionalInfo":{
}
}
responseCode
String (6)
Mandatory
Response Code :
HTTP status code + service code + case code
responseMessage
String
Mandatory
Response Description
accessToken
String (2048)
Mandatory
A string representing an authorization issued to the client that used to access protected resources.
tokenType
String
Mandatory
The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). Token Type Value: “Bearer”: includes the access token. string in the request “Mac”: issuing a Message. Authentication Code (MAC) key together with the access token that is used to sign certain components of the HTTP requests. Reference: OAuth2.0 RFC 6749 & 6750
accessTokenExpiryTime
String
Mandatory
Session expiry in seconds : 900 (15 minute )
refreshToken
String
Mandatory
A random string that can be used by specific client to get a refreshed accessToken to prolong the access to the User's resources.
refreshTokenExpiryTime
String
Mandatory
A random string that can be used by specific client to get a refreshed accessToken to prolong the access to the User's resources.
additionalInfo
String
Optional
Additional Information
Error Response
For several error cases, the response appear would be like below :
"responseCode": "4017400",
"responseMessage": "Unauthorized. Unknown Client"
Last updated
Was this helpful?