# B2B2C ### API Endpoint To get access token, you need to hit this API endpoint :
TypeValue
Service Code74
HTTP MethodPOST
Path

/authorization/v1/access-token/b2b2c
### API Request Header to get Token ```json X-SIGNATURE: Pxlv2IIUVdlzdUnbSQqug8YeghmKXJ7Rw5P4xBOOB/tC457UsoZXkO4S1R3oszVcjZDSh38+== X-TIMESTAMP: 2022-10-07T14:18:39+07:00 X-CLIENT-KEY: MCH-0008-1296507211683 Content-Type: application/json ``` #### Request Header Explanation
ParameterData TypeTypeDescription
X-Signature

string
MandatoryNon-Repudiation & Integrity checking X-Signature : with asymmetric signature algorithm SHA256withRSA (Private_Key, stringToSign)

stringToSign = client_ID + “|” + X- TIMESTAMP
X-Timestamp

string
MandatoryTimestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7.

Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
X- Client-Key

string
Mandatory
  1. Client’s client_id (PJP Name) (given at completion registration process)
  2. Merchant to DOKU : client_id merchant

Acquirer to DOKU : client_key given by DOKU

DOKU to Acquirer : client_key given by acquirer.
content-type

string
Mandatoryapplication/json
### API Request Body Here is the sample of request body to Get Token : ```json { "grantType":"authorization_code", "authCode":"a6975f82-d00a-4ddc-9633-087fefb6275e", "refreshToken":"83a58570-6795-11ec-90d6-0242ac120003", "additionalInfo":{ } } ``` #### Request Body Explanation
ParameterData TypeTypeDescription

grantType
StringMandatory

There are 2 options for grantType

  1. authorization_code
  2. refresh_token

Use this for get token B2B2C

authCode
StringConditionalThe authorization code received after the User provides the consent. Mandatory if grantType = AUTHORIZATION_CODE

refreshToken
StringConditionalRefresh token to get a new accessToken where the User doesn't need to provide the consent again. Mandatory if grantType = REFRESH_TOKEN. Refresh Token should be less than access token validity and will be manage by the PJP’s application to generate a new access_token

additionalInfo
ObjectOptionalAdditional Information
### API Response Body #### API Response Header After hitting the above API Request, DOKU will give the response below | Type | Value | | ----------- | ------- | | HTTP Status | 200 | | Result | Success | ```json X-CLIENT-KEY: "MCH-0008-1296507211683", X-TIMESTAMP: "2022-10-07T14:26:50+07:00" ```
ParameterData TypeTypeDescription
X-TimestampStringMandatoryClient's current local time in YYYY-MM-DDTHH:mm:ssZ format
X-Client-KeyStringMandatory

Client’s client_id (PJP Name) (given at completion registration process)

Merchant to DOKU : client_id merchant.

DOKU to Acquirer : client_key given by acquirer.

Acquirer to DOKU : client_key given by DOKU
#### API Response Body ```json { "responseCode":"2007400", "responseMessage":"Successful", "accessToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIyMTFlZThiMi1hN2FlLTRhZGUtYmJlYS1mNzI3MDk3ZmQ0NmEiLCJjbGllbnRJZCI6IjZhZTk1N2M0LTI4NjMtNDcxMy1hY2NlLWJhMTJkZTYzNmNmYyIsIm5iZiI6MTYxMTQ2ODk3OCwiZXhwIjoxNjExNDY5ODc4LCJpYXQiOjE2MTE0Njg5Nzh9.KM7yz9GvuUaDR1bXwei4iO0h4e3g4o1Hct5Ie9VoBdo", "tokenType":"Bearer", "accessTokenExpiryTime":"2020-01-01T00:00:00+07:00", "refreshToken":"57d21fe3-ba9c-4f2d-9fde-eae669bbf80d", "refreshTokenExpiryTime":"2020-01-01T00:00:00+07:00", "additionalInfo":{ } } ```
ParameterData TypeTypeDescription

responseCode
String (6)Mandatory

Response Code : 

HTTP status code + service code + case code


responseMessage
StringMandatoryResponse Description

accessToken
String (2048)MandatoryA string representing an authorization issued to the client that used to access protected resources.

tokenType
StringMandatoryThe access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes).

Token Type Value: “Bearer”: includes the access token.

string in the request “Mac”: issuing a Message.

Authentication Code (MAC) key together with the access token that is used to sign certain components of the HTTP requests. Reference: OAuth2.0 RFC 6749 & 6750

accessTokenExpiryTime
StringMandatorySession expiry in seconds : 900 (15 minute )

refreshToken
StringMandatoryA random string that can be used by specific client to get a refreshed accessToken to prolong the access to the User's resources.

refreshTokenExpiryTime
StringMandatoryA random string that can be used by specific client to get a refreshed accessToken to prolong the access to the User's resources.

additionalInfo
StringOptionalAdditional Information
#### Error Response For several error cases, the response appear would be like below : {% tabs %} {% tab title="X-Timestamp format no valid" %} ```json "responseCode": "4017400", "responseMessage": "Unauthorized. Unknown Client" ``` {% endtab %} {% tab title="Signature not valid" %} ```json "responseCode": "4017400", "responseMessage": "Unauthorized. Signature" ``` {% endtab %} {% tab title="X-Client Key not authorized" %} ````json "responseCode": "4017400", "responseMessage": "Unauthorized. Unknown Client" ``` ```` {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://developers.doku.com/accept-payments/direct-api/snap/integration-guide/get-token-api/b2b2c.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.