# Host-To-Host Integration Guide
## Host to Host Integration Guide
{% hint style="info" %}
You can only use this Integration if you are either
* PCI DSS Certified Merchant, sending Card Number for each transaction
or
* You have previously tokenized a card using our Payment Integration Guide or DOKU Checkout, sending Token for each transaction[](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#sale-integration-steps)
{% endhint %}
DOKU Direct - Credit Card H2H Sequence Diagram
Here is the overview of how to integrate process transaction using H2H API:
1. Prepare credit card form input / [Get token list **(Optional)**](https://developers.doku.com/accept-payments/direct-api/non-snap/cards/tokenization)
2. Hit Check 3DS to Get 3DS authentication ID and 3DS URL **(Conditional)**
3. Hit API Charge
4. Acknowledge payment result
{% hint style="info" %}
Get Token List is **Optional**, only needed if you utilize DOKU's tokenization feature where you can send token instead of cards number to avoid security risk by sending sensitive data
Check 3DS Process is **Conditional,** it is required for payment type **SALE, AUTHORIZE, INSTALLMENT** but not required for **MOTO & RECURRING,** you may skip this process and proceed to Charge API
{% endhint %}
### Check 3D Secure
3D Secure (3DS) is an authentication protocol used in online credit card transactions to enhance security and reduce fraud. It requires the cardholder to complete an additional verification step with their issuing bank before the transaction is approved. This process helps confirm that the legitimate cardholder is making the purchase.
**API Request**[****](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#api-request)
| Type | Value |
| ----------------------------- | --------------------------------------------------------------- |
| **HTTP Method** | POST |
| **API endpoint (Sandbox)** | `https://api-sandbox.doku.com/credit-card/check-three-d-secure` |
| **API endpoint (Production)** | `https://api.doku.com/credit-card/check-three-d-secure` |
Here is the sample of request header to get 3DS authentication:
```
Client-Id: MCH-0001-10791114622547
Request-Id: 6d0bffbd-9246-455e-a1f1-44c1f76ad589
Request-Timestamp: 2021-08-24T08:45:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
```
Request Header Explanation
| Parameter | Description |
| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Client-Id** | Client ID retrieved from DOKU Back Office |
| **Request-Id** | Unique random string (max 128 characters) generated from merchant side to protect duplicate request |
| **Request-Timestamp** | Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z |
| **Signature** | Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to [this section](https://dashboard.doku.com/docs/docs/technical-references/generate-signature) to generate the signature |
Here is the sample request body to get 3DS authentication:
```json
{
"order": {
"amount": 90000,
"invoice_number": "test_invoice"
},
"card": {
"token": "243591d7e49f45109961581718c3ef82",
"number": "5573381011111101",
"expiry": "1225"
},
"three_dsecure": {
"callback_url_success": "https://www.merchant.com/success",
"callback_url_failed": "https://www.merchant.com/failed"
},
"invoice_number": {
"callback_url_success": "https://www.merchant.com/success",
"callback_url_failed": "https://www.merchant.com/failed"
},
}
```
Request Body Explanation
| Parameter | Type | Mandatory | Description |
| ------------------------------------ | -------- | ----------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `order.amount` | `number` | Mandatory | In IDR Currency and without decimal
Allowed chars: numeric
Max length: 12
|
| `order.invoice_number` | string | Optional | Invoice number of the transaction, if brought use consistent invoice number during charge as well
Recommended to bring
Max length: 64
30 for mandiri
|
| `card.token` | `string` | Conditional | Card token generated by DOKU, can be used if you already activate tokenization
either card.token or card.number must be sent
|
| `card.number` | `string` | Conditional | Card numbe printed on card `either card.token or card.number must be sent` |
| `card.expiry` | `string` | Conditional | Card expiry date, can be optional if you sent card.token
Format: MMYY
|
| `three_dsecure.callback_url_success` | `string` | Mandatory | After 3DS process success, customer will be redirected to this page |
| `three_dsecure.callback_url_failed` | `string` | Mandatory | After 3DS process success, customer will be redirected to this page |
**API Response**[****](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#api-response)
After hitting the above API request, DOKU will give the response.
| Type | Value |
| --------------- | ------- |
| **HTTP Status** | 200 |
| **Result** | SUCCESS |
Here is the sample response header:
```
Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
```
Response Header Explanation
| **Client-Id** | Same as the request |
| ---------------------- | ------------------------------------------------------------- |
| **Request-Id** | Same as the request |
| **Response-Timestamp** | Timestamp Response on UTC with format ISO8601 UTC+0 from DOKU |
| **Signature** | Signature generated by DOKU based on the response body |
Here is the sample of successful response body:
```json
{
"order": {
"amount": 90000
},
"three_dsecure": {
"enrollment_status": true,
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e",
"authentication_url": "https://doku.3ds.com?authenticationId=eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e",
"three_ds_version": "2.0"
}
}
```
Here is the sample of **failed** response body:
```json
{
"error": {
"code": "INVALID_PARAMETER",
"message": "Card Number Length must be 15, 16 or 19 Digits",
"type": "Invalid Parameter"
}
}
```
Response Body Explanation
| Parameter | Type | Mandatory | Description |
| ---------------------------------- | --------- | --------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- |
| `order.amount` | `number` | Mandatory | Same as the request |
| `three_dsecure.enrollment_status` | `boolean` | Mandatory | Card 3D Secure enrollment status
Possible value: true, false
|
| `three_dsecure.authentication_id` | `string` | Mandatory | 3DS process ID to use on API Charge |
| `three_dsecure.authentication_url` | `string` | Optional | 3DS page that need to be opened by customer to fill in the OTP (if challanged by issuer) returned if the `three_dsecure.enrollment_status` is `true` |
| `three_dsecure.three_ds_version` | `string` | Optional | 3DS Version used to authenticate, value would be something like "2.x" or "2.x.x" |
[](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#3-hit-api-charge)
### Charge API
After the customer is redirected to the 3DS success page, then your backend must trigger the API Charge to DOKU:
**API Request**[****](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#api-request)
| Type | Value |
| ----------------------------- | ------------------------------------------------- |
| **HTTP Method** | POST |
| **API endpoint (Sandbox)** | `https://api-sandbox.doku.com/credit-card/charge` |
| **API endpoint (Production)** | `https://api.doku.com/credit-card/charge` |
Here is the sample of request header to charge the transaction:
```
Client-Id: MCH-0001-10791114622547
Request-Id: b154c582-4501-436a-8012-0346f2a46b47
Request-Timestamp: 2021-08-24T08:46:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
```
Request Header Explanation
| Parameter | Description |
| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Client-Id** | Client ID retrieved from DOKU Back Office |
| **Request-Id** | Unique random string (max 128 characters) generated from merchant side to protect duplicate request |
| **Request-Timestamp** | Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z |
| **Signature** | Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to [this section](https://dashboard.doku.com/docs/docs/technical-references/generate-signature) to generate the signature |
Here is the sample request body to charge the transaction:
```json
{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000,
"descriptor": "directSALE123456789",
"line_items": [
{
"name": "T-Shirt Red",
"price": 30000,
"quantity": 2
},
{
"name": "Polo Navy",
"price": 30000,
"quantity": 1
},
]
},
"customer": {
"id": "CUST-0001",
"name": "Alisa Mikhailovna",
"email": "alisa_mikhailovna@gmail.com",
"phone": "6285694566147",
"address": "Menara Mulia Lantai 8",
"country": "ID"
},
"three_dsecure": {
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
},
"payment": {
"type": "INSTALLMENT",
"tenor": "12",
"plan_id": "1232131"
},
"card": {
"token": "243591d7e49f45109961581718c3ef82",
"number": "5573381011111101",
"expiry": "1225",
"cvv": "123",
"save": true
}
}
```
{% hint style="info" %}
If you have your own 3DS Authenticator processor you can use our MPI (Merchant Plug-in) Feature by sending additional Authentication object like example below, note that this feature is not available for all merchant, please consult with DOKU team first.
{% endhint %}
```json
{
"customer": {
"name": "Char Aznable",
"email": "char@gmail.com",
"phone": "085313588532",
"country": "ID",
"address": "Side 6"
},
"order": {
"invoice_number": "VHRJ6W4NMMTCPK52",
"descriptor": "testdescriptor",
"line_items": [
{
"name": "potato",
"price": 8325000,
"quantity": 1
}
],
"amount": 8325000
},
"payment": {
"type": "SALE"
},
"card": {
"number": "4512490000000907",
"cvv": "322",
"expiry": "0228",
"save": false
},
"authentication": {
"version": "3DS2",
"3ds": {
"eci": "02",
"cavv": "Y2FyZGluYWxjb21tZXJjZWF1dGg=",
"ds_transaction_id": "52ced05a-38bd-4c35-9aa2-f5df60cbb6c7",
"status": "Y",
"xid" : "251008095048818"
}
}
}
```
Request Body Explanation
| Parameter | Type | Mandatory | Description |
|---|
order.amount | number | Mandatory | In IDR Currency and without decimal
Allowed chars: numeric
Max length: 12 |
order.invoice_number | string | Mandatory | Invoice number of the transaction, if brought use consistent invoice number during charge as well
Recommended to bring
Max length: 64
30 for Acquirer Mandiri |
order.descriptor | String | Optional | Custom string to be printed on Customer's billing statement
Max length: 22
need to be activated, please consult DOKU team first |
order.line_items.name | string | Optional | Name of the product item
Allowed chars: alphabetic, numeric, special chars
Max Length: 255 |
order.line_items.price | number | Optional | Price of the product item. Total price and quantity must match with the order.amount
Allowed chars: numeric
Max Length: 12 |
order.line_items.quantity | number | Optional | Quantity of the product item
Allowed chars: numeric
Max Length: 4 |
customer.id | string | Conditional | Unique customer identifier generated by merchant. Mandatory if merchant wants to use tokenization feature.
Allowed chars: alphabetic, numeric, special chars
Max Length: 50 |
customer.name | string | Optional | Customer name
Allowed chars: alphabetic
Max Length: 255 |
customer.email | string | Optional | Customer email
Allowed chars: alphabetic, numeric, special chars DO NOT SEND STATIC/DUMMY VALUE
Max Length: 128
|
customer.phone | string | Optional | Customer phone number. Format: {calling_code}{phone_number}. Example: 6281122334455
Allowed chars: numeric
Max Length: 16 |
customer.address | string | Optional | Customer address
Allowed chars: alphabetic, numeric, special chars
Max Length: 400 |
customer.country | string | Optional | 2 alphabetic country code ISO 3166-1
Allowed chars: alphabetic
Min-max Length: 2 |
three_dsecure.authentication_id | string | Conditional | Mandatory if 3DS transaction, Obtained from Check 3DS API |
authentication.version | string | Optional | version of the 3ds authentication
example: 3DS2 |
authentication.3ds.eci | string | Optional | a code provided by a indicating the outcome of the authentication attempt, bring for MPI 3DS Allowed chars: numeric Min-max Length: 2 |
authentication.3ds.xid | string | Optional | a unique identifier associated with a specific transaction in the 3D Secure (3DS) authentication process, bring for MPI 3DS Allowed chars: numeric Min-max Length: 20 |
authentication.3ds.cavv | string | Optional | a cryptographic value that links the issuer's authentication, bring for MPI 3DS Allowed chars: alphanumeric Min-max Length: 1024 |
authentication.3ds.status | string | Optional | outcome of the 3D Secure (3DS) authentication process, Y/N Allowed chars: alphabhetic Min-max Length: 1 |
authentication.3ds.ds_transaction_id | string | Optional | outcome of the 3D Secure (3DS) authentication process, Y/N Allowed chars: alpabethic, numberic, symbols Min-max Length: 128 |
payment.type | string | Mandatory | Payment type
Possible value :SALE, A MOTO,AUTHJORIZE, |
payment.plan_id | string | Optional | Promotion ID from the bank for merchant |
card.token | string | Optional | Card token generated by DOKU, for 3ds transaction please bring three_dsecure.authentication_id only |
card.number | string | Mandatory | Card number, can be optional if you sent card.token |
card.expiry | string | Mandatory | Card expiry date, can be optional if you sent card.token
Format: MMYY |
card.cvv | string | Mandatory | Card CVV, Optional if payment.type is MOTO |
card.save | boolean | Optional | Set true if you want to force customer to save the card token for the next payment
Possible value: true, false
Default value: false |
**API Response**[****](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#api-response)
After hitting the above API request, DOKU will give the response.
| Type | Value |
| --------------- | ------- |
| **HTTP Status** | 200 |
| **Result** | SUCCESS |
Here is the sample response header:
```
Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
```
Response Header Explanation
| Parameter | Description |
| ---------------------- | ------------------------------------------------------------- |
| **Client-Id** | Same as the request |
| **Request-Id** | Same as the request |
| **Response-Timestamp** | Timestamp Response on UTC with format ISO8601 UTC+0 from DOKU |
| **Signature** | Signature generated by DOKU based on the response body |
Here is the sample of response body:
```
{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000
{
"customer": {
"name": "Nadeshiko Kagamihara",
"email": "nadeshiko.kamigahara@yuru.com",
"phone": "085313588532",
"country": "ID",
"address": "Kofu"
},
"payment": {
"type": "SALE",
"identifier": [
{
"name": "Acquirer",
"value": "Mandiri"
},
{
"name": "MID",
"value": "71003372992"
},
{
"name": "TID",
"value": "73120903"
}
],
"request_id": "20201026193843836",
"authorize_id": "",
"response_code": "00",
"response_message": "Approved",
"eci": "05",
"status": "SUCCESS",
"approval_code": "123123"
},
"three_dsecure": {
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
},
"card": {
"masked": "557338*******101",
"type": "CREDIT",
"issuer": "Bank Mandiri",
"brand": "MASTER",
"token": "243591d7e49f45109961581718c3ef82"
}
}
```
Here is the sample of response body: - **Rejected by Banks**
```
{
"additional_info": "",
"order": {
"invoice_number": "test_51_insuffiient_amount",
"amount": 300000.00
},
"payment": {
"type": "SALE",
"identifier": [
{
"name": "MID",
"value": "018033035"
},
{
"name": "TID",
"value": "01803503"
}
],
"request_id": "42091",
"response_code": "51",
"response_message": "DECLINED",
"status": "FAILED",
"eci": "02"
},
"card": {
"masked": "557692******0398",
"type": "Debit",
"issuer": "PT BANK CIMB NIAGA Tbk",
"brand": "MASTER"
},
"error": {
"code": "PAYMENT_FAILED",
"message": "DECLINED",
"type": "PAYMENT_FAILED"
},
"verification": {
"status": "APPROVE",
"reason": "Decision BIN Indonesia & 3D Secure"
}
}
```
Here is the sample of response body: - **Invalid Parameters**
```
{
"error": {
"code": "INVALID_PARAMETER",
"message": "Invalid Authentication Id",
"type": "Invalid Parameter"
}
}
```
Response Body Explanation
| Parameter | Type | Mandatory | Description |
| --------------------------------- | -------- | ----------- | ------------------------------------------------------------------------------------------ |
| `order.invoice_number` | `string` | Mandatory | Same as the request |
| `order.amount` | `number` | Mandatory | Same as the request |
| `customer.id` | `string` | Optional | Same as the request |
| `payment.type` | `string` | Mandatory | Same as the request |
| `payment.identifier.name` | `string` | Mandatory | Additional payment info name |
| `payment.identifier.value` | `string` | Mandatory | Additional payment info value |
| `payment.request_id` | `string` | Mandatory | Request ID sent on merchant's request header |
| `payment.authorize_id` | `string` | Conditional | Authorize ID for authorize-capture transaction. Mandatory if `payment.type` is `AUTHORIZE` |
| `payment.response_code` | `string` | Mandatory | Reponse code generated by DOKU / Acquirer |
| `payment.response_message` | `string` | Mandatory | Response message generated by DOKU / Acquirer |
| `payment.status` | `string` | Mandatory | Payment status
Possible value: SUCCESS, FAILED, PENDING
|
| `payment.eci` | `string` | Mandatory | ECI for this transaction |
| `payment.approval_code` | `string` | Optional | Approval code for success transaction generated by acquirer |
| `three_dsecure.authentication_id` | `string` | Mandatory | Same as the request |
| `card.masked` | `string` | Optional | Card masked number |
| `card.type` | `string` | Mandatory | Card type
Possible value: CREDIT, DEBIT
|
| `card.issuer` | `string` | Mandatory | Card issuer |
| `card.brand` | `string` | Mandatory | Principal brand
VISA, MASTER, JCB, AMEX
|
| `card.token` | `string` | Optional | Card token generated by DOKU if `card.save` is `true` |
***
{% hint style="info" %}
**INFO**
You can check the list of possible response code and how to handle them [here](https://developers.doku.com/get-started-with-doku-api/response-code/http-status-and-case-code)
{% endhint %}
#### 4. Acknowledge payment result[](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#4-acknowledge-payment-result)
After the payment is being made by your customer, DOKU will send **HTTP Notification** to your defined `Notification URL`. Learn how to handle the notification from DOKU:
* [Handling DOKU HTTP Notification](https://dashboard.doku.com/docs/docs/http-notification/overview)
***
### MOTO & Recurring Payment Type [](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#sale-integration-steps)
Here is the overview of how to integrate MOTO & Recurring payment type:
1. Prepare credit card form input / Get token list (Optional)
2. Hit API Charge
3. Acknowledge payment result
Jokul Direct - Credit Card H2H MOTO Sequence Diagram
***
#### 1. Prepare credit card form input / Get token list (Optional)[](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#1-prepare-credit-card-form-input--get-token-list-1)
You can create credit card form input on your end, so that your customer can input their credit card number, expiry date, and CVV.
If you save the card token from DOKU side, you can use Get Token List show the saved card of your customers.
***
#### 2. Hit API Charge[](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#2-hit-api-charge)
After the customer input the credit card, then your backend must trigger the API Charge to DOKU:
**API Request**[****](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#api-request)
| Type | Value |
| ----------------------------- | ------------------------------------------------- |
| **HTTP Method** | POST |
| **API endpoint (Sandbox)** | `https://api-sandbox.doku.com/credit-card/charge` |
| **API endpoint (Production)** | `https://api.doku.com/credit-card/charge` |
Here is the sample of request header to charge the transaction:
```
Client-Id: MCH-0001-10791114622547
Request-Id: b154c582-4501-436a-8012-0346f2a46b47
Request-Timestamp: 2021-08-24T08:46:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
```
Request Header Explanation
| Parameter | Description |
| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Client-Id** | Client ID retrieved from DOKU Back Office |
| **Request-Id** | Unique random string (max 128 characters) generated from merchant side to protect duplicate request |
| **Request-Timestamp** | Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z |
| **Signature** | Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to [this section](https://dashboard.doku.com/docs/docs/technical-references/generate-signature) to generate the signature |
Here is the sample request body for MOTO transaction:
```json
{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000,
"descriptor":"descriptortest",
"line_items": [
{
"name": "T-Shirt Red",
"price": 30000,
"quantity": 2
},
{
"name": "Polo Navy",
"price": 30000,
"quantity": 1
}
]
},
"customer": {
"id": "CUST-0001",
"name": "Togawa Sakiko",
"email": "togawa_sakiko@togawagroup.com",
"phone": "6285694566147",
"address": "Menara Mulia Lantai 8",
"country": "ID"
},
"payment": {
"type": "MOTO"
},
"card": {
"token": "243591d7e49f45109961581718c3ef82",
"number": "5573381011111101",
"expiry": "1225",
"save": true
}
}
```
Here is the sample request body for 1st Recurring transaction:
```json
{
"customer": {
"name": "Kaoruko Waguri",
"email": "kaoru@kikyou.com",
"phone": "62215150555",
"country": "ID",
"address": "JakartaJakarta"
},
"additional_info": {
"hold_settlement": true,
"migration_process": true
},
"order": {
"invoice_number": "invoice_recurring_1",
"line_items": [
{
"name": "Payment Billing",
"price": 1144917,
"quantity": 1
}
],
"amount": 1144917
},
"payment": {
"type": "RECURRING"
},
"card": {
"token": "243591d7e49f45109961581718c3ef82",
},
"billing": {
"amount_variability": "FIXED",
"billing_number": "tuition-fee-kikyou-waguri",
"number_of_payments": 1,
"payment_frequency": "MONTHLY"
}
}
```
Here is the sample request body for 2nd Recurring transaction:
```json
{
"customer": {
"name": "Kaoruko Waguri",
"email": "kaoru@kikyouacademy.com",
"phone": "62215150555",
"country": "ID",
"address": "JakartaJakarta"
},
"additional_info": {
"hold_settlement": true,
"migration_process": true
},
"order": {
"invoice_number": "invoice_recurring_2",
"line_items": [
{
"name": "Payment Billing",
"price": 1144917,
"quantity": 1
}
],
"amount": 1144917
},
"payment": {
"type": "RECURRING"
},
"card": {
"token": "243591d7e49f45109961581718c3ef82",
},
"billing": {
"amount_variability": "FIXED",
"billing_number": "tuition-fee-kikyou-waguri",
"billing_transaction_id":"2023112911562800003688",
"number_of_payments": 2,
"payment_frequency": "MONTHLY"
}
}
```
{% hint style="info" %}
if needed billing.billing\_transaction\_id will be returned by DOKU in the API Response in the 1st Payment
If returned, Merchant must save the value and send it in billing.billing\_transaction\_id in the request body for the 2nd transaction and onwards
{% endhint %}
Request Body Explanation
| Parameter | Type | Mandatory | Description |
|---|
order.amount | number | Mandatory | In IDR Currency and without decimal
Allowed chars: numeric
Max length: 12 |
order.invoice_number | string | Mandatory | Generated by merchant to identify the order
Allowed chars: alphabetic, numeric, special chars
Max length: 64
30 for Acquirer Mandiri |
order.descriptor | string | Optional | Custom string to be printed on Customer's billing statement
Max length: 22
need to be activated, please consult DOKU team first |
order.line_items.name | string | Optional | Name of the product item
Allowed chars: alphabetic, numeric, special chars
Max Length: 255 |
order.line_items.price | number | Optional | Price of the product item. Total price and quantity must match with the order.amount
Allowed chars: numeric
Max Length: 12 |
order.line_items.quantity | number | Optional | Quantity of the product item
Allowed chars: numeric
Max Length: 4 |
customer.id | string | Conditional | Unique customer identifier generated by merchant. Mandatory if merchant wants to use tokenization feature.
Allowed chars: alphabetic, numeric, special chars
Max Length: 50 |
customer.name | string | Optional | Customer name
Allowed chars: alphabetic
Max Length: 255 |
customer.email | string | Optional | Customer email
Allowed chars: alphabetic, numeric, special chars
Max Length: 128 |
customer.phone | string | Optional | Customer phone number. Format: {calling_code}{phone_number}. Example: 6281122334455
Allowed chars: numeric
Max Length: 16 |
customer.address | string | Optional | Customer address
Allowed chars: alphabetic, numeric, special chars
Max Length: 400 |
customer.country | string | Optional | 2 alphabetic country code ISO 3166-1
Allowed chars: alphabetic
Min-max Length: 2 |
payment.type | string | Mandatory | Payment type
Possible value: SALE, AUTHORIZE, INSTALLMENT, MOTO, RECURRING |
card.token | string | Conditional | Token generated by DOKU
Either card.token or card.number is mandatory (only 1 needed) |
card.number | string | Conditional | Card number (PAN)
Either card.token or card.number is mandatory (only 1 needed) |
card.expiry | string | Conditional | Card expiry date, not needed if you sent card.token
Format: MMYY |
card.save | boolean | Optional | Set true if you are using card.number andwant to tokenize the card for the next payment
Possible value: true, false
Default value: false |
billing.amount_variability | string | Conditional | Indicates if all the payments within the agreement use the same amount or if the amount differs between the payments. Possible value
FIXED, VARIABLE
Default value: false
|
billing.billing_number | string | Conditional | Unique identifier of the billing transaction
Max Length: 23 |
billing.number_of_payment | number | Conditional | The current number of payment paid for the billing number |
billing.payment_frequency | string | Conditional | The frequency of the payments within the series as agreed with the payer under your agreement with them.
Possible value
MONTHLY, DAILY,WEEKLY,YEARLY,OTHER |
billing.billing_transaction_id | string | Conditional | Only applicable for Mandiri Acquirer
Unique identifier of the billing transaction, If DOKU returned this on 1st payment response need to be forwarded from second payment onward, otherwise optional
Max Length: 100 |
**API Response**[****](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#api-response)
After hitting the above API request, DOKU will give the response.
| Type | Value |
| --------------- | ------- |
| **HTTP Status** | 200 |
| **Result** | SUCCESS |
Here is the sample response header:
```
Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
```
Response Header Explanation
| **Client-Id** | Same as the request |
| ---------------------- | ------------------------------------------------------------- |
| **Request-Id** | Same as the request |
| **Response-Timestamp** | Timestamp Response on UTC with format ISO8601 UTC+0 from DOKU |
| **Signature** | Signature generated by DOKU based on the response body |
Here is the sample of **MOTO** response body:
```json
{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000
},
"customer": {
"id": "CUST-0001"
},
"payment": {
"type": "MOTO",
"identifier": [
{
"name": "Acquirer",
"value": "Mandiri"
},
{
"name": "MID",
"value": "71003372992"
},
{
"name": "TID",
"value": "73120903"
}
],
"request_id": "20201026193843836",
"authorize_id": "",
"response_code": "00",
"response_message": "Approved",
"eci": "",
"status": "SUCCESS",
"approval_code": "123123"
},
"card": {
"masked": "557338*******101",
"type": "CREDIT",
"issuer": "Bank Mandiri",
"brand": "MASTER",
"token": "243591d7e49f45109961581718c3ef82"
}
}
```
Here is the sample of **Recurring** response body:
```json
{
"additional_info": "",
"order": {
"invoice_number": "invoice_recurring_1",
"amount": 9500
},
"payment": {
"type": "RECURRING",
"identifier": [
{
"name": "MID",
"value": "71000537322"
},
{
"name": "Acquirer",
"value": "BANK_MANDIRI"
},
{
"name": "TID",
"value": "73013571"
}
],
"request_id": "82464",
"response_code": "00",
"response_message": "PAYMENT APPROVED",
"status": "SUCCESS",
"eci": "",
"approval_code": "908680"
},
"card": {
"masked": "413719******9000",
"type": "Credit",
"issuer": "PT. BANK MANDIRI (PERSERO), Tbk",
"brand": "VISA"
},
"verification": {
"status": "REVIEW",
"reason": "Decision No Rules Triggered"
},
"billing": {
"billing_number": "tuition-fee-kikyou-waguri",
"number_of_payments": 1,
"billing_transaction_id": "2023112911562800003688",
"amount_variability": "FIXED",
"payment_frequency": "MONTHLY"
}
}
```
Response Body Explanation
| Parameter | Type | Mandatory | Description |
|---|
order.invoice_number | string | Mandatory | Same as the request |
order.amount | number | Mandatory | Same as the request |
customer.id | string | Optional | Same as the request |
payment.type | string | Mandatory | Same as the request |
payment.identifier.name | string | Mandatory | Additional payment info name |
payment.identifier.value | string | Mandatory | Additional payment info value |
payment.request_id | string | Mandatory | Request ID sent on merchant's request header |
payment.authorize_id | string | Optional | Authorize ID for authorize transaction. Mandatory if payment.type is AUTHORIZE |
payment.response_code | string | Mandatory | Reponse code generated by DOKU / Acquirer |
payment.response_message | string | Mandatory | Response message generated by DOKU / Acquirer |
payment.status | string | Mandatory | Payment status
Possible value: SUCCESS, FAILED, PENDING |
payment.eci | string | Mandatory | ECI for this transaction |
payment.approval_code | string | Optional | Approval code for success transaction generated by acquirer |
card.masked | string | Optional | Card masked number |
card.type | string | Mandatory | Card type
Possible value: CREDIT, DEBIT |
card.issuer | string | Mandatory | Card issuer |
card.brand | string | Mandatory | Principal brand
VISA, MASTER, JCB, AMEX |
card.token | string | Optional | Card token generated by DOKU if card.save is true |
billing.billing_number | string | Conditional | Unique identifier of the billing transaction
Max Length: 23 |
billing.number_of_payment | number | Conditional | The current number of payment paid for the billing number |
billing.billing_transaction_id | string | Conditional | Only applicable for Mandiri Acquirer
Unique identifier of the billing transaction, If DOKU returned this on 1st payment response need to be forwarded from second payment onward, otherwise optional
Max Length: 100 |
billing.amount_variability | string | Conditional | Same as request |
billing.payment_frequency | string | Conditional | Same as request |
#### 3. Acknowledge payment result[](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#3-acknowledge-payment-result)
After the payment is being made by your customer, DOKU will send **HTTP Notification** to your defined `Notification URL`. Learn how to handle the notification from DOKU:
* [Handling DOKU HTTP Notification](https://dashboard.doku.com/docs/docs/http-notification/overview)
***
### Authorize Capture Payment Type[](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#sale-integration-steps)[](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#authorize-capture-integration-steps)
Here is the overview of how to integrate AUTHORIZE CAPTURE payment:
1. Prepare credit card form input / Get token list
2. Get 3DS authentication ID and 3DS URL
3. Hit API Charge
4. Hit API Capture
5. Acknowledge payment result
Jokul Direct - Credit Card H2H AUTH CAP Sequence Diagram
***
#### 1. Prepare credit card form input / Get token list[](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#1-prepare-credit-card-form-input--get-token-list-2)
You can create credit card form input on your end, so that your customer can input their credit card number, expiry date, and CVV.
If you save the card token from DOKU side, you can use [Tokenization](https://dashboard.doku.com/docs/docs/jokul-direct/tokenization/jokul-token-overview) to show the saved card of your customers.
***
#### 2. Get 3DS authentication ID and 3DS URL[](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#2-get-3ds-authentication-id-and-3ds-url-1)
To get 3DS authentication, you will need to hit this API through your backend:
**API Request**[****](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#api-request)
| Type | Value |
| ----------------------------- | --------------------------------------------------------------- |
| **HTTP Method** | POST |
| **API endpoint (Sandbox)** | `https://api-sandbox.doku.com/credit-card/check-three-d-secure` |
| **API endpoint (Production)** | `https://api.doku.com/credit-card/check-three-d-secure` |
Here is the sample of request header to get 3DS authentication:
```
Client-Id: MCH-0001-10791114622547
Request-Id: 6d0bffbd-9246-455e-a1f1-44c1f76ad589
Request-Timestamp: 2021-08-24T08:45:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
```
Request Header Explanation
| Parameter | Description |
| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Client-Id** | Client ID retrieved from DOKU Back Office |
| **Request-Id** | Unique random string (max 128 characters) generated from merchant side to protect duplicate request |
| **Request-Timestamp** | Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z |
| **Signature** | Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to [this section](https://dashboard.doku.com/docs/docs/technical-references/generate-signature) to generate the signature |
Here is the sample request body to get 3DS authentication:
```json
{
"order": {
"amount": 90000
},
"card": {
"token": "243591d7e49f45109961581718c3ef82",
"number": "5573381011111101",
"expiry": "1225"
},
"three_dsecure": {
"callback_url_success": "https://www.merchant.com/success",
"callback_url_failed": "https://www.merchant.com/failed"
}
}
```
Request Body Explanation
| Parameter | Type | Mandatory | Description |
| ------------------------------------ | -------- | --------- | ---------------------------------------------------------------------------------------------------------------- |
| `order.amount` | `number` | Mandatory | In IDR Currency and without decimal
Allowed chars: numeric
Max length: 12
|
| `card.token` | `string` | Optional | Card token generated by DOKU, can be used if you already activate tokenization |
| `card.number` | `string` | Mandatory | Card number, can be optional if you sent `card.token` |
| `card.expiry` | `string` | Mandatory | Card expiry date, can be optional if you sent card.token
Format: MMYY
|
| `three_dsecure.callback_url_success` | `string` | Mandatory | After 3DS process success, customer will be redirected to this page |
| `three_dsecure.callback_url_failed` | `string` | Mandatory | After 3DS process success, customer will be redirected to this page |
**API Response**[****](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#api-response)
After hitting the above API request, DOKU will give the response.
| Type | Value |
| --------------- | ------- |
| **HTTP Status** | 200 |
| **Result** | SUCCESS |
Here is the sample response header:
```
Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
```
Response Header Explanation
| **Client-Id** | Same as the request |
| ---------------------- | ------------------------------------------------------------- |
| **Request-Id** | Same as the request |
| **Response-Timestamp** | Timestamp Response on UTC with format ISO8601 UTC+0 from DOKU |
| **Signature** | Signature generated by DOKU based on the response body |
Here is the sample of response body:
```json
{
"order": {
"amount": 90000
},
"three_dsecure": {
"enrollment_status": true,
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e",
"authentication_url": "https://doku.3ds.com?authenticationId=eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
}
}
```
Response Body
| Parameter | Type | Mandatory | Description |
| ---------------------------------- | --------- | --------- | ----------------------------------------------------------------------------------- |
| `order.amount` | `number` | Mandatory | Same as the request |
| `three_dsecure.enrollment_status` | `boolean` | Mandatory | Card 3D Secure enrollment status
Possible value: true, false
|
| `three_dsecure.authentication_id` | `string` | Mandatory | 3DS process ID to use on API Charge |
| `three_dsecure.authentication_url` | `string` | Optional | 3DS page if the `three_dsecure.enrollment_status` is `true` |
#### 3. Hit API Charge[](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#3-hit-api-charge-1)
After the customer is redirected to the 3DS success page, then your backend must trigger the API Charge to DOKU:
**API Request**[****](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#api-request)
| Type | Value |
| ----------------------------- | ------------------------------------------------- |
| **HTTP Method** | POST |
| **API endpoint (Sandbox)** | `https://api-sandbox.doku.com/credit-card/charge` |
| **API endpoint (Production)** | `https://api.doku.com/credit-card/charge` |
Here is the sample of request header to charge the transaction:
```
Client-Id: MCH-0001-10791114622547
Request-Id: b154c582-4501-436a-8012-0346f2a46b47
Request-Timestamp: 2021-08-24T08:46:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
```
Request Header Explanation
| Parameter | Description |
| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Client-Id** | Client ID retrieved from DOKU Back Office |
| **Request-Id** | Unique random string (max 128 characters) generated from merchant side to protect duplicate request |
| **Request-Timestamp** | Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z |
| **Signature** | Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to [this section](https://dashboard.doku.com/docs/docs/technical-references/generate-signature) to generate the signature |
Here is the sample request body to charge the transaction:
```json
{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000,
"line_items": [
{
"name": "T-Shirt Red",
"price": 30000,
"quantity": 2
},
{
"name": "Polo Navy",
"price": 30000,
"quantity": 1
}
]
},
"customer": {
"id": "CUST-0001",
"name": "Arthuria Pendragon",
"email": "arthuria_pendragon@example.com",
"phone": "6285694566147",
"address": "Menara Mulia Lantai 8",
"country": "ID"
},
"three_dsecure": {
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
},
"payment": {
"type": "AUTHORIZE",
"plan_id": "1232131"
},
"card": {
"token": "243591d7e49f45109961581718c3ef82",
"number": "5573381011111101",
"expiry": "1225",
"cvv": "123",
"save": true
}
}
```
Request Body Explanation
| Parameter | Type | Mandatory | Description |
| ---------------------------------------- | --------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `order.amount` | `number` | Mandatory | In IDR Currency and without decimal
Allowed chars: numeric
Max length: 12
|
| `order.invoice_number` | `string` | Mandatory | Generated by merchant to identify the order
Allowed chars: alphabetic, numeric, special chars
Max length: 64
30 for Acquirer Mandiri
|
| `order.line_items.name` | `string` | Optional | Name of the product item
Allowed chars: alphabetic, numeric, special chars
Max Length: 255
|
| `order.line_items.price` | `number` | Optional | Price of the product item. Total price and quantity must match with the order.amount
Allowed chars: numeric
Max Length: 12
|
| `order.line_items.quantity` | `number` | Optional | Quantity of the product item
Allowed chars: numeric
Max Length: 4
|
| `customer.id` | `string` | Conditional | Unique customer identifier generated by merchant. Mandatory if merchant wants to use tokenization feature.
Allowed chars: alphabetic, numeric, special chars
Max Length: 50
|
| `customer.name` | `string` | Optional | Customer name
Allowed chars: alphabetic
Max Length: 255
|
| `customer.email` | `string` | Optional | Customer email
Allowed chars: alphabetic, numeric, special chars
DO NOT SEND STATIC/DUMMY VALUE
Max Length: 128
|
| `customer.phone` | `string` | Optional | Customer phone number. Format: {calling\_code}{phone\_number}. Example: 6281122334455
Allowed chars: numeric
Max Length: 16
|
| `customer.address` | `string` | Optional | Customer address
Allowed chars: alphabetic, numeric, special chars
Max Length: 400
|
| `customer.country` | `string` | Optional | 2 alphabetic country code ISO 3166-1
Allowed chars: alphabetic
Min-max Length: 2
|
| `three_dsecure.authentication_id` | `string` | Conditional | Mandatory if 3DS transaction, Obtained from Check 3DS API |
| `authentication.threeDS.eci` | `string` | Optional | a code provided by a indicating the outcome of the authentication attempt, bring for MPI 3DS
Allowed chars: numeric
Min-max Length: 2
|
| `authentication.threeDS.xid` | `string` | Optional | a unique identifier associated with a specific transaction in the 3D Secure (3DS) authentication process, bring for MPI 3DS
Allowed chars: numeric
Min-max Length: 20
|
| `authentication.threeDS.cavv` | `string` | Optional | a cryptographic value that links the issuer's authentication, bring for MPI 3DS
Allowed chars: alphanumeric
Min-max Length: 1024
|
| `authentication.threeDS.status` | `string` | Optional | outcome of the 3D Secure (3DS) authentication process, Y/N
Allowed chars: alphabhetic
Min-max Length: 1
|
| `authentication.threeDS.dsTransactionId` | `string` | Optional | outcome of the 3D Secure (3DS) authentication process, Y/N
Allowed chars: alpabethic, numberic, symbols
Min-max Length: 128
|
| `payment.type` | `string` | Mandatory | Payment type
Possible value: SALE, MOTO, AUTHORIZE
|
| `payment.plan_id` | `string` | Optional | Promotion ID from the bank for merchant |
| `card.token` | `string` | Optional | Card token generated by DOKU, for 3ds transaction please bring `three_dsecure.authentication_id` only |
| `card.number` | `string` | Mandatory | Card number, can be optional if you sent `card.token` |
| `card.expiry` | `string` | Mandatory | Card expiry date, can be optional if you sent card.token
Format: MMYY
|
| `card.cvv` | `string` | Mandatory | Card CVV, Optional if `payment.type` is `MOTO` |
| `card.save` | `boolean` | Optional | Set true if you want to force customer to save the card token for the next payment
Possible value: true, false
Default value: false
|
**API Response**[****](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#api-response)
After hitting the above API request, DOKU will give the response.
| Type | Value |
| --------------- | ------- |
| **HTTP Status** | 200 |
| **Result** | SUCCESS |
Here is the sample response header:
```
Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
```
Response Header Explanation
| **Client-Id** | Same as the request |
| ---------------------- | ------------------------------------------------------------- |
| **Request-Id** | Same as the request |
| **Response-Timestamp** | Timestamp Response on UTC with format ISO8601 UTC+0 from DOKU |
| **Signature** | Signature generated by DOKU based on the response body |
Here is the sample of response body:
```json
{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000
},
"customer": {
"id": "CUST-0001"
},
"payment": {
"type": "AUTHORIZE",
"identifier": [
{
"name": "Acquirer",
"value": "Mandiri"
},
{
"name": "MID",
"value": "71003372992"
},
{
"name": "TID",
"value": "73120903"
}
],
"request_id": "20201026193843836",
"authorize_id": "12312391719112",
"response_code": "00",
"response_message": "Approved",
"eci": "02",
"status": "SUCCESS",
"approval_code": "123123"
},
"three_dsecure": {
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
},
"card": {
"masked": "557338*******101",
"type": "CREDIT",
"issuer": "Bank Mandiri",
"brand": "MASTER",
"token": "243591d7e49f45109961581718c3ef82"
}
}
```
Response Body Explanation
| Parameter | Type | Mandatory | Description |
| --------------------------------- | -------- | --------- | ---------------------------------------------------------------------------------- |
| `order.invoice_number` | `string` | Mandatory | Same as the request |
| `order.amount` | `number` | Mandatory | Same as the request |
| `customer.id` | `string` | Optional | Same as the request |
| `payment.type` | `string` | Mandatory | Same as the request |
| `payment.identifier.name` | `string` | Mandatory | Additional payment info name |
| `payment.identifier.value` | `string` | Mandatory | Additional payment info value |
| `payment.request_id` | `string` | Mandatory | Request ID sent on merchant's request header |
| `payment.authorize_id` | `string` | Mandatory | Authorize ID for authorize transaction. Mandatory if `payment.type` is `AUTHORIZE` |
| `payment.response_code` | `string` | Mandatory | Reponse code generated by DOKU / Acquirer |
| `payment.response_message` | `string` | Mandatory | Response message generated by DOKU / Acquirer |
| `payment.status` | `string` | Mandatory | Payment status
Possible value: SUCCESS, FAILED, PENDING
|
| `payment.eci` | `string` | Mandatory | ECI for this transaction |
| `payment.approval_code` | `string` | Optional | Approval code for success transaction generated by acquirer |
| `three_dsecure.authentication_id` | `string` | Mandatory | Same as the request |
| `card.masked` | `string` | Optional | Card masked number |
| `card.type` | `string` | Mandatory | Card type
Possible value: CREDIT, DEBIT
|
| `card.issuer` | `string` | Mandatory | Card issuer |
| `card.brand` | `string` | Mandatory | Principal brand
VISA, MASTER, JCB, AMEX
|
| `card.token` | `string` | Optional | Card token generated by DOKU if `card.save` is `true` |
DOKU will also send the HTTP Notification with the `payment.authorize_id` to your defined Notification URL.
***
#### 4. Hit API Capture[](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#4-hit-api-capture)
After you get the `payment.authorize_id`, then your backend must trigger the API Charge to DOKU:
**API Request**[****](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#api-request)
| Type | Value |
| ----------------------------- | -------------------------------------------------- |
| **HTTP Method** | POST |
| **API endpoint (Sandbox)** | `https://api-sandbox.doku.com/credit-card/capture` |
| **API endpoint (Production)** | `https://api.doku.com/credit-card/capture` |
Here is the sample of request header to capture the transaction:
```
Client-Id: MCH-0001-10791114622547
Request-Id: 071a6a32-6785-4011-833d-d2c2049cf744
Request-Timestamp: 2021-08-24T08:46:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
```
Request Header Explanation
| Parameter | Description |
| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Client-Id** | Client ID retrieved from DOKU Back Office |
| **Request-Id** | Unique random string (max 128 characters) generated from merchant side to protect duplicate request |
| **Request-Timestamp** | Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z |
| **Signature** | Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to [this section](https://dashboard.doku.com/docs/docs/technical-references/generate-signature) to generate the signature |
Here is the sample request body to capture the transaction:
```json
{
"payment": {
"authorize_id": "12312391719112",
"capture_amount": 90000
}
}
```
Request Body Explanation
| Parameter | Type | Mandatory | Description |
| ------------------------ | -------- | --------- | ----------------------------------------------------------------------------------------------------- |
| `payment.authorize_id` | `string` | Mandatory | Authorize ID from the Charge API Response / HTTP Notification |
| `payment.capture_amount` | `string` | Optional | The value of transactions which will be paid by the customer. If undefined, capture full transaction. |
**API Response**[****](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#api-response)
After hitting the above API request, DOKU will give the response.
| Type | Value |
| --------------- | ------- |
| **HTTP Status** | 200 |
| **Result** | SUCCESS |
Here is the sample response header:
```
Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
```
Response Header Explanation
| **Client-Id** | Same as the request |
| ---------------------- | ------------------------------------------------------------- |
| **Request-Id** | Same as the request |
| **Response-Timestamp** | Timestamp Response on UTC with format ISO8601 UTC+0 from DOKU |
| **Signature** | Signature generated by DOKU based on the response body |
Here is the sample of response body:
```json
{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000
},
"customer": {
"id": "CUST-0001"
},
"payment": {
"type": "CAPTURE",
"identifier": [
{
"name": "Acquirer",
"value": "Mandiri"
},
{
"name": "MID",
"value": "71003372992"
},
{
"name": "TID",
"value": "73120903"
}
],
"request_id": "20201026193843836",
"authorize_id": "12312391719112",
"response_code": "01",
"response_message": "Approved",
"eci": "",
"status": "SUCCESS",
"approval_code": "123123"
},
"three_dsecure": {
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
},
"card": {
"masked": "557338*******101",
"type": "CREDIT",
"issuer": "Bank Mandiri",
"brand": "MASTER",
"token": "243591d7e49f45109961581718c3ef82"
}
}
```
Response Body Explanation
| Parameter | Type | Mandatory | Description |
| --------------------------------- | -------- | --------- | ---------------------------------------------------------------------------------- |
| `order.invoice_number` | `string` | Mandatory | Same as the request |
| `order.amount` | `number` | Mandatory | Same as the request |
| `customer.id` | `string` | Optional | Same as the request |
| `payment.type` | `string` | Mandatory | Same as the request |
| `payment.identifier.name` | `string` | Mandatory | Additional payment info name |
| `payment.identifier.value` | `string` | Mandatory | Additional payment info value |
| `payment.request_id` | `string` | Mandatory | Request ID sent on merchant's request header |
| `payment.authorize_id` | `string` | Mandatory | Authorize ID for authorize transaction. Mandatory if `payment.type` is `AUTHORIZE` |
| `payment.response_code` | `string` | Mandatory | Reponse code generated by DOKU / Acquirer |
| `payment.response_message` | `string` | Mandatory | Response message generated by DOKU / Acquirer |
| `payment.status` | `string` | Mandatory | Payment status
Possible value: SUCCESS, FAILED, PENDING
|
| `payment.eci` | `string` | Mandatory | ECI for this transaction |
| `payment.approval_code` | `string` | Optional | Approval code for success transaction generated by acquirer |
| `three_dsecure.authentication_id` | `string` | Mandatory | Same as request, obtained from three |
| `card.masked` | `string` | Optional | Card masked number |
| `card.type` | `string` | Mandatory | Card type
Possible value: CREDIT, DEBIT
|
| `card.issuer` | `string` | Mandatory | Card issuer |
| `card.brand` | `string` | Mandatory | Principal brand
VISA, MASTER, JCB, AMEX
|
| `card.token` | `string` | Optional | Card token generated by DOKU if `card.save` is `true` |
#### 5. Acknowledge payment result[](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#5-acknowledge-payment-result)
After the payment is being made by your customer, DOKU will send **HTTP Notification** to your defined `Notification URL`. Learn how to handle the notification from DOKU:
* [Handling DOKU HTTP Notification](https://dashboard.doku.com/docs/docs/http-notification/overview)
### List of Error Code[](https://dashboard.doku.com/docs/docs/jokul-direct/credit-card/credit-card-host-to-host-guide#list-of-error-code)
If something happens, you can see the following error code to find out what error is happening :
| API | Error message | Error Code | HTTP Status Code | Explanation |
| -------------------- | -------------------------------------------------------------------------------- | -------------------------------------- | ---------------- | ------------------------------------------------------------ |
| Check-three-d-secure | Invalid Client-Id | `invalid_client_id` | 400 | Invalid Client ID |
| Check-three-d-secure | Header Client-Id is required | `invalid_header_request` | 400 | empty client id |
| Check-three-d-secure | Invalid Header Signature | `invalid_signature` | 400 | Payment charge with invalid signature |
| Check-three-d-secure | Invalid CC Number LENGTH | `INVALID_PARAMETER` | 400 | Invalid CC Number LENGTH |
| Check-three-d-secure | Luhn Validation | `INVALID_PARAMETER` | 400 | Card number not valid |
| Check-three-d-secure | Expiry Date Validation | `INVALID_PARAMETER` | 400 | Invalid expiry date 2525 |
| Check-three-d-secure | This field is required.,This merchant does not have three d secure configuration | `INVALID_PARAMETER` | 400 | invalid configuration / haven't 3ds mid |
| Check-three-d-secure | This card is not support three d secure | `THREE_D_SECURE_AUTHENTICATION_FAILED` | 400 | card not support 3ds / cannot connect to mpi |
| Charge | Invalid Client-Id | `invalid_client_id` | 400 | Invalid Client ID |
| Charge | empty client id | `invalid_header_request` | 400 | empty client id |
| Charge | size must be between 1 and 128 | `invalid_header_request` | 400 | Payment charge with client id length more than max |
| Charge | Invalid format Header Request-Timestamp | `invalid_header_request` | 400 | Payment charge with invalid format request timestamp |
| Charge | Header Request-Timestamp is not in +- 10 second of now | `invalid_header_request` | 400 | Payment charge with request timestamp < now |
| Charge | Header Request-Timestamp is not in +- 10 second of now | `invalid_header_request` | 400 | Payment charge with request timestamp > now |
| Charge | Invalid Header Signature | `invalid_signature` | 400 | Payment charge with invalid signature |
| Charge | Invalid Header Signature | `invalid_signature` | 400 | Payment charge using signature has been used |
| Charge | Invalid Format Email | `INVALID_PARAMETER` | 400 | Payment charge with invalid format email |
| Charge | Invalid amount | `INVALID_PARAMETER` | 400 | Payment charge with amount contain comma |
| Charge | Invalid amount | `INVALID_PARAMETER` | 400 | Payment charge with amount contain dot |
| Charge | Expiry Date Validation | `INVALID_PARAMETER` | 400 | Payment charge with format expiry is YYMM |
| Charge | Expiry Date Validation | `INVALID_PARAMETER` | 400 | Payment charge with expiry date is expired |
| Charge | Invalid AuthenticationId. | `INVALID_PARAMETER` | 400 | invalid authentication\_id |
| Charge | Country Is Not Exists | `INVALID_PARAMETER` | 400 | Payment charge with invalid country |
| Charge | Invalid CC Number LENGTH | `INVALID_PARAMETER` | 400 | Invalid CC Number LENGTH |
| Charge | Luhn Validation | `INVALID_PARAMETER` | 400 | Card number not valid |
| Charge | REQUEST ID IS NOT VALID | `INVALID_PARAMETER` | 400 | Payment charge with request id has been used for transaction |
| Charge | Unauthorized Transaction | `MID_TID_NOT_EXIST` | 400 | Payment charge sale using card rejected |
| Charge | Invalid Authentication Id | `INVALID_PARAMETER` | 400 | Invalid Authentication Id |
| Charge | Invalid Authentication Id | `INVALID_PARAMETER` | 400 | Different amount check 3ds & charge |
| Charge | Invalid Authentication Id | `INVALID_PARAMETER` | 400 | Three D Secure Process Not Yet Done (Not yet send OTP) |
| Charge | Line item 1 quantity must be not empty | `INVALID_PARAMETER` | 400 | Invalid line item (quantity is null) |
| Charge | Your transaction is detected to be concurrent, please create another transaction | `DOUBLE_REQUEST_DETECTED` | 400 | Concurent Request |
| Charge | Conflict | `INVALID_PARAMETER` | 409 | duplicate request with same request body |
| Charge | Precondition failed | `INVALID_PARAMETER` | 412 | duplicate request with different request body |
| Capture | Invalid Client-Id | `invalid_client_id` | 400 | Invalid Client ID |
| Capture | Header Client-Id is required | `invalid_header_request` | 400 | empty client id |
| Capture | Invalid Header Signature | `invalid_signature` | 400 | Payment charge with invalid signature |
| Capture | Authorize Id Must Not Be Blank | `INVALID_PARAMETER` | 400 | authorize\_id is null |
| Capture | Failed Get Transaction | `TRANSACTION_NOT_FOUND` | 400 | Invalid authorize\_id |
| Capture | Conflict | `INVALID_PARAMETER` | 409 | duplicate request with same request body |
| Capture | Precondition failed | `INVALID_PARAMETER` | 412 | duplicate request with different request body |