OVO Open API
OVO Open API Integration Guidance
Last updated
Was this helpful?
OVO Open API Integration Guidance
Last updated
Was this helpful?
INFO
If you are personal seller, you can't use the OVO Open API due to the limitation from the OVO. Worry not! If you wish to receive payments from OVO, you can activate OVO Push Payment which enable you to receive payments from OVO.
Client ID / Secret Key from OVO
DOKU account. To access DOKU API, you need DOKU client id & DOKU client key that you can find in DOKU back office.
Here is the overview flow for OVO Open API :
Here is the sample of request header to implement every API list below :
Client-Id
Client ID retrieved from DOKU Back Office
Request-Id
Unique random string (max 128 characters) generated from merchant side to protect duplicate request
Request-Timestamp
Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
Signature
Merchant and DOKU must validate signature in API list, see how to generate signature. You can refer to the documentation here.
Merchant can binding OVO account to customer id, each OVO account can only binding to one customer on one merchant. Customer need to verify OTP and input PIN on OVO page.
API Request
HTTP Method
POST
API endpoint (Sandbox)
API endpoint (Production)
Here is the sample of request body to binding OVO account to customer id :
customer.id
string (50)
Mandatory
Merchant customer id
customer.name
string (70)
Optional
Customer name
customer.email
string (255)
Optional
Customer email
customer.phone
string (20)
Optional
Customer phone number
customer.additional_info
string (20)
Optional
Customer additional info
ovo_account.account_mobile_phone
string (20)
Mandatory
Register phone number on OVO
ovo_account.success_registration_url
string (2048)
Mandatory
URL for direct page after success register
ovo_account.failed_registration_url
string (2048)
Mandatory
URL for direct page after failed register
After hitting the above API request, DOKU will give the response.
HTTP Status
201
Result
SUCCESS
Here is the sample of response body:
customer.id
string (50)
Mandatory
Merchant customer id
customer.name
string (70)
Optional
Customer name
customer.email
string (255)
Optional
Customer email
customer.phone
string (20)
Optional
Customer phone number
customer.additional_info
string (20)
Optional
Customer additional info
ovo_account.account_mobile_phone
string (20)
Mandatory
Register phone number on OVO
ovo_account.registration_url
string (2048)
Mandatory
URL from DOKU for Customer to binding their account
ovo_account.status
string
Mandatory
Always PENDING for Successfull token request (waiting for OTP verification & PIN vervification)
After successful account linkage, merchant can get OVO token that can be used for that customer to payment using OVO. Token is created by DOKU, and valid for 1 year.
API Request
HTTP Method
POST
API endpoint (Sandbox)
API endpoint (Production)
Here is the sample of request body to get Token for OVO :
customer.id
string (50)
Mandatory
Customer id that already have active token
token_data.type
string
Optional
DIRECT_DEBIT / CREDIT_CARD / WALLET, if not specified get all payment channel token
After hitting the above API request, DOKU will give the response.
HTTP Method
POST
Result
SUCCESS
customer.id
string (50)
Mandatory
Merchant customer id
customer.name
string (70)
Optional
Customer name
token_data.type
string
Mandatory
Will filled "WALLET"
wallet.issuer
string (255)
Mandatory
Issuer for wallet binding
wallet.token_id
string (128)
Mandatory
Token generated by DOKU
wallet.masked_phone_number
string (8)
Mandatory
Phone number masked
This balance check API allows users to check their latest OVO balance. The user should be able to access their balance at any time so they can make accurate and up to date decision regarding their transactions.
API Request
HTTP Method
POST
API endpoint (Sandbox)
API endpoint (Production)
Here is the sample of request body to get balance for OVO :
customer.id
string (64)
Mandatory
Customer id that already have active token
ovo_account.token_id
string (128)
Mandatory
Token generated by DOKU
After hitting the above API request, DOKU will give the response.
HTTP Status
201
Result
SUCCESS
customer.id
string (50)
Mandatory
Merchant customer id
customer.name
string (70)
Optional
Customer name
customer.email
string (255)
Optional
Customer email
customer.phone
string (20)
Optional
Customer phone number
customer.additional_info
string (20)
Optional
Customer additional info
ovo_account.ovo_cash_balance
number (10)
Mandatory
OVO Cash Balance
ovo_account.ovo_point_balance
number (10)
Mandatory
OVO Point Balance
Payment using OVO token from OVO cash balance or/and OVO point balance. When OVO have program for payment using OVO point, customer can paying using OVO point balance on merchant. Payment using mixed OVO point and OVO cash, OVO point will be deducted first and the remaining will be deducted from OVO cash. Customer need to verify payment by input PIN on OVO page.
API Request
HTTP Method
POST
API endpoint (Sandbox)
API endpoint (Production)
Here is the sample of request body to payment using OVO Token
customer.id
string (50)
Mandatory
Merchant customer id
customer.name
string (70)
Optional
Customer name
customer.email
string (255)
Optional
Customer email
customer.phone
string (20)
Optional
Customer phone number
customer.additional_info
string (20)
Optional
Customer additional info
additional_info
Json
Optional
additional info
order.invoice_number
string (32)
Mandatory
Merchant transaction id unique per client id, only accept alphanumeric, _ and - Min length is 3, max length is 32
order.line_items.name
string
Optional
Privacy concern so optional, but if send will help our risk engine
order.line_items.price
number
Optional
Privacy concern so optional, but if send will help our risk engine
order.line_items.quantity
number
Mandatory
Privacy concern so optional, but if send will help our risk engine
order.amount
number (10)
Mandatory
Converted total amount.
ovo_account.token_id
string (128)
Mandatory
OVO E-Wallet Token
ovo_account.payment_use_ovo_point
string (5)
Optional
Default false, if True will use all OVO Point first before use OVO Cash
ovo_account.success_payment_url
string (2048)
Mandatory
URL for direct page after success payment
ovo_account.failed_payment_url
string (2048)
Mandatory
URL for direct page after failed payment
After hitting the above API request, DOKU will give the response.
HTTP Method
POST
Result
SUCCESS
customer.id
string (50)
Mandatory
Merchant customer id
customer.name
string (70)
Optional
Customer name
customer.email
string (255)
Optional
Customer email
customer.phone
string (20)
Optional
Customer phone number
customer.additional_info
string (20)
Optional
Customer additional info
additional_info
Json
Optional
additional info
order.invoice_number
string (32)
Mandatory
Merchant transaction id unique per client id, only accept alphanumeric, _ and - Min length is 3, max length is 32
order.line_items.name
string
Optional
Privacy concern so optional, but if send will help our risk engine
order.line_items.price
number
Optional
Privacy concern so optional, but if send will help our risk engine
order.line_items.quantity
number
Mandatory
Privacy concern so optional, but if send will help our risk engine
order.amount
number (10)
Mandatory
Converted total amount.
payment.ovo_payment_url
string (255)
Mandatory
url from DOKU for customer to input pin for transaction
ovo_account.payment_use_ovo_point
string (5)
Optional
Default false, if True will use all OVO Point first before use OVO Cash
payment.status
string
Mandatory
URL for direct page after success payment
ovo_account.failed_payment_url
string (2048)
Mandatory
PENDING for successful token request (waiting for OTP verification) / SUCCESS if not need OTP, TOKEN_EXPIRED (need to input PIN twice and still can proceed to transaction)
Refund OVO transaction. For payment using mixed OVO cash and OVO point, OVO point will be refunded first.
API Request
HTTP Method
POST
API endpoint (Sandbox)
API endpoint (Production)
Here is the sample of request body to do refund for OVO Transaction :
order.invoice_number
string (32)
Mandatory
Invoice number of the transaction that being refunded, same as the request payment
payment.original_request_id
string (128)
Mandatory
Request ID from Payment Initiation of the transaction that being refunded
refund.amount
number
Mandatory
Transaction amount that wants to be refunded
refund.reason
string (255)
Optional
Reason refund
After hitting the above API request, DOKU will give the response.
HTTP Method
POST
Result
SUCCESS
order.invoice_number
string (32)
Mandatory
Same as the request
payment.original_request_id
string (128)
Mandatory
Same as the request
refund.amount
number
Mandatory
Amount to be refunded
refund.reason
string (255)
Optional
Reason refund
refund.status
string
Mandatory
SUCCESS / FAILED
refund.message
string (10)
Optional
Reason if failed refund
Customer should always have option to unlink their OVO account from any merchant.
API Request
HTTP Method
POST
API endpoint (Sandbox)
API endpoint (Production)
Here is the sample of request body to unlink their OVO Account :
customer.id
string (50)
Mandatory
Merchant id
customer.name
string (50)
Mandatory
Merchant name
ovo_account.token_id
string (128)
Mandatory
Token created from register ovo account that owned by this customer id
After hitting the above API request, DOKU will give the response.
HTTP Method
POST
Result
SUCCESS
customer.id
string (50)
Mandatory
Merchant id
customer.name
string (50)
Mandatory
Merchant name
ovo_account.token_id
string (128)
Mandatory
Token created from register ovo account that owned by this customer id
ovo_account.status
string
Mandatory
DELETED Token
ovo_account.message
string
Optional
SUCCESS unbind token_id from customer
Guide how to handle payment notification can refer to Handling HTTP Notification.
Idempotency is a concept where a request can be sent multiple times with the same result as the first request, that means the system only performs one process for identical requests.
The examples below illustrate how idempotency is works.
Two Request, Connectivity Lost
Situation:
T0: Partner sends a payment request to DOKU T1: DOKU server receives this request and processes it successfully. With response http status 200 T2: Partner's server loses power prior to receiving the response in T1. T3: Partner's server power is restored and the same payment request is sent with all the same parameters (same request-ID and request details but updated requestTimestamp) to the DOKU server.
Outcome:
In this case the DOKU server reply with the same reply given at T1 since all the parameters, except for responseTimestamp, are the same. The user is only debited once, at T0. T3 has no monetary impact to the user.
PLEASE NOTE
DOKU reply http status 409 (CONFLICT) with same response if any potential loss for DOKU or Partner. For example, when process transaction if merchant can't handle properly idempotency response, and probably they will define as another success order.
FAILED
0021
200
Failed After check status to ovo, executed by system scheduler
Invalid Header Signature
invalid_signature
400
Invalid Signature
Idempotent Request
idempotent_request
400
Double request with same request id under 20 second
ovo account not available please register to ovo
account_error
400
OVO account not found
customer id must not be empty
invalid_parameter
400
Not input object customer id (applied to every mandatory parameter)
attribute customer id must not bigger than 50 character(s)
invalid_parameter
400
Object customer id > 50 character (applied to every parameter that more than data type max length)
email format must be valid
invalid_parameter
400
Invalid format in customer email
account mobile phone format must be 62xxxx
invalid_parameter
400
Invalid format in Account mobile phone number
invalid url for attribute success registration url
invalid_parameter
400
Invalid format in success registration url
invalid url for attribute failed registration url
invalid_parameter
400
Invalid format in failed registration url
attribute refund reason must not bigger than 255 character(s)
invalid_parameter
404
Object refund reasong > 255 character (applied to every parameter that more than data type max length)
invalid token_id
invalid_parameter
401
Invalid token id
Customer change phone number on OVO Platform
account_error
400
Customer change phone number on OVO Platform, please proceed to unbind linked account
charge payment failed
account_error
400
Charge payment failed
High risk transaction
re_error
400
High risk transaction
attribute account_mobile_phone must be 10-20 digits
invalid_parameter
400
account_mobile_phone not in valid range 10 - 20 digits
something wrong in OVO
account_error
400
Something wrong in OVO system please contact DOKU team
exceeds attempt limit, not allowed request otp for 30min
account_error
400
Exceeds OTP request limit for this account_mobile_phone
transaction not found
account_error
400
Refund can't be processed, transaction not yet done / not found
ovo account already registered
invalid_access
401
OVO is already registered to other customer
token not found
not_found
404
Token ID not found
Given customer token not match with saved customer token
not_found
404
Customer token not match with saved customer id merchant
Customer not found on Merchants Customer List
not_found
404
Customer not found
Original transaction not found
not_found
404
Original payment not found
refund amount is greater than paid amount
account_error
400
Refund amount greater than paid amount
merchant not found
not_found
404
Merchant not found
failed after 1 hour(s)
0001
404
Payment failed after 1 hour, assumption : Customer didnt continue payment on ovo, executed by system scheduler
customer id already used
invalid_access
401
customer id already used
OVO account blocked temporary
account_error
400
OVO account blocked temporary
transaction not found in OVO
account_error
400
transaction not found in OVO
invoice_number already exist
invalid_access
401
invoice_number already exist
customer id not found
not_found
404
customer id not found
Given invoice number not match with saved invoice number
invalid_access
401
Given invoice number not match with saved invoice number
Given invoice number to be refunded does not belong to the merchant
invalid_access
401
Given invoice number to be refunded does not belong to the merchant
Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to to generate the signature
