search
DOKU DocsChangelogDOKU Github

B2B

How to generate token B2B

hashtag
API Endpoint

To get access token, you need to hit this API endpoint :

Type
Value

Service Code

73

HTTP Method

POST

Path

hashtag
API Request Header to get Token

X-SIGNATURE: Pxlv2IIUVdlzdUnbSQqug8YeghmKXJ7Rw5P4xBOOB/tC457UsoZXkO4S1R3oszVcjZDSh38+==
X-TIMESTAMP: 2022-10-07T14:18:39+07:00
X-CLIENT-KEY: MCH-0008-1296507211683
Content-Type: application/json

hashtag
Request Header Explanation

Parameter
Data Type
Type
Description

X-Signature

Mandatory

Non-Repudiation & Integrity checking X-Signature : with asymmetric signature algorithm SHA256withRSA (Private_Key, stringToSign) stringToSign = client_ID + “|” + X- TIMESTAMP

X-Timestamp

Mandatory

Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z

X- Client-Key

Mandatory

  1. Client’s client_id (PJP Name) (given at completion registration process)

  2. Merchant to DOKU : client_id merchant

content-type

Mandatory

String represents indicate the media type of the resource (e.g. application/json, application/pdf)

hashtag
API Request Body

Here is the sample of request body to Get Token :

hashtag
Request Body Explanation

Parameter
Data Type
Type
Description

String

Mandatort

“client_credentials” : The client can request an access token using only its client credentials (or other supported means of authentication) when the client is requesting access to the protected resources under its control (OAuth 2.0: RFC 6749 & 6750)

hashtag
API Response Body

hashtag
API Response Header

After hitting the above API Request, DOKU will give the response below

Type
Value

HTTP Status

200

Result

Success

Parameter
Data Type
Type
Description

X-Timestamp

String

Mandatory

Client's current local time in YYYY-MM-DDTHH:mm:ssZ format

X-Client-Key

String

Mandatory

Client’s client_id (PJP Name) (given at completion registration process)

hashtag
API Response Body

Parameter
Data Type
Type
Description

String (6)

Mandatory

Response Code :

String

Mandatory

Response Description

String (2048)

Mandatory

A string representing an authorization issued to the client that used to access protected resources.

String

Mandatory

The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). Token Type Value: “Bearer”: includes the access token. string in the request “Mac”: issuing a Message. Authentication Code (MAC) key together with the access token that is used to sign certain components of the HTTP requests. Reference: OAuth2.0 RFC 6749 & 6750

String

Mandatory

Session expiry in seconds : 900 (15 minute )

String

Optional

Additional Information

hashtag
Error Response

For several error cases, the response appear would be like below :

PreviousGet Token APINextB2B2C

Last updated