Allobank

Integration Steps

Here is the overview of how to integrate with Allobank :


Account Binding

Merchant can binding Allobank account to customer id, each Allobank account can only binding to one customer on one merchant. Customer need to verify OTP and input PIN on Allobank page.

Here is the flow for Account Binding :

API Endpoint

Environment
Endpoint

HTTP Method

POST

API Production

Path

/direct-debit/merchant/allo/v1.0/registration-account-binding

Here is the sample request header, request body and response body for Account Binding - AlloBank

Register a merchant account for direct debit

post
Authorizations
Header parameters
X-TIMESTAMPstring · utc timestampRequired

Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format

Example: 2020-12-21T07:56:11.000Z
X-SIGNATUREstringRequired

Algorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)

Example: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-IDstringRequired

Unique ID for a partner (DOKU'S Client ID)

Example: 821508239190
X-EXTERNAL-IDstringRequired

Numeric String. Reference number that should be unique in the same day (request-id)

Example: 418075533589
X-DEVICE-IDstringRequired

Device identification on which the API services are currently being accessed by the end user (customer). Can’t contain symbols

Example: 95221
X-IP-ADDRESSstringOptional

conditional. IP address of the end user (customer) using IPv4 format

Example: 95221
AuthorizationstringRequired

Access Token obtained from Get B2B Token API

Example: 95221
Body
phoneNointegerRequired

Customer phone number | min length: 9 | max length: 16 format: 62xxxxx

Responses
200
Successful registration
application/json
post
POST /doku.com/direct-debit/merchant/allo/v1.0/registration-account-binding HTTP/1.1
Host: api
Authorization: 95221
X-TIMESTAMP: 2020-12-21T07:56:11.000Z
X-SIGNATURE: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-ID: 821508239190
X-EXTERNAL-ID: 418075533589
X-DEVICE-ID: 95221
Content-Type: application/json
Accept: */*
Content-Length: 316

{
  "phoneNo": 1,
  "additionalInfo": {
    "custIdMerchant": "text",
    "customerName": "text",
    "email": "[email protected]",
    "idCard": 1,
    "country": "text",
    "address": "text",
    "dateOfBirth": "text",
    "successRegistrationUrl": "https://example.com",
    "failedRegistrationUrl": "https://example.com",
    "deviceModel": "text",
    "osType": "text",
    "channel": "text"
  }
}
{
  "responseCode": "2000700",
  "responseMessage": "Successful",
  "referenceNo": "40cd084bdb184ea6ace7bab46ac19d14",
  "redirectUrl": "https://uatipg.allobank.com/#/pages/bind/bind?language=id&journeyId=11682983915316909426889519104&nonceCode=4de47057a30540f1a4399d3a73100ae1",
  "additionalInfo": {
    "custIdMerchant": "CUSTOMER_OVOxDOKU",
    "accountStatus": "PENDING",
    "authCode": "1234123412341234"
  }
}

Check Balance Inquiry

Once a customer has linked their account through the Allobank platform, merchants can initiate a Balance Inquiry via the this API to obtain accurate and up-to-date account balance information.

Here is the flow for Check Balance Inquiry :

API Endpoint

Environment
Endpoint

HTTP Method

POST

API Production

Path

...../direct-debit/merchant/allo/v1.0/balance-inquiry

Here is the sample request header, request body and response body for Check Balance Inquiry Allobank :

Check Balance API

post
Authorizations
Header parameters
X-TIMESTAMPstring · utc timestampRequired

Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format

Example: 2020-12-21T07:56:11.000Z
X-SIGNATUREstringRequired

Algorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)

Example: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-IDstringRequired

Unique ID for a partner (DOKU'S Client ID)

Example: 821508239190
X-EXTERNAL-IDstringRequired

Numeric String. Reference number that should be unique in the same day (request-id)

Example: 418075533589
X-DEVICE-IDstringRequired

Device identification on which the API services are currently being accessed by the end user (customer). Can’t contain symbols

Example: 95221
X-IP-ADDRESSstringOptional

conditional. IP address of the end user (customer) using IPv4 format

Example: 95221
Authorization-customerstringRequired

Access token obtained from B2B2C API

Example: Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a
AuthorizationstringRequired

Access Token obtained from Get B2B Token API

Example: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Body
anyOptional
Responses
200
Successful Balance Inquiry
application/json
post
POST /doku.com/direct-debit/merchant/allo/v1.0/balance-inquiry HTTP/1.1
Host: api
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
X-TIMESTAMP: 2020-12-21T07:56:11.000Z
X-SIGNATURE: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-ID: 821508239190
X-EXTERNAL-ID: 418075533589
X-DEVICE-ID: 95221
Authorization-customer: Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a
Content-Type: application/json
Accept: */*
Content-Length: 2

{}
{
  "value": {
    "responseCode": "2001100",
    "responseMessage": "Successful",
    "accountInfos": [
      {
        "balanceType": "balance",
        "amount": {
          "value": "1916427.00",
          "currency": "IDR"
        }
      }
    ]
  }
}

Payment

After merchant check the balance, merchant can hit this API to do payment. DOKU will deduct customer's balance.

Here is the flow for Payment Allobank :

API Endpoint

Environment
Endpoint

HTTP Method

POST

API Production

Path

...../direct-debit/merchant/allo/v1.0/payment/host-to-host

Payment API

post
Authorizations
Header parameters
X-TIMESTAMPstring · utc timestampRequired

Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format

Example: 2020-12-21T07:56:11.000Z
X-SIGNATUREstringRequired

Algorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)

Example: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-IDstringRequired

Unique ID for a partner (DOKU'S Client ID)

Example: 821508239190
X-EXTERNAL-IDstringRequired

Numeric String. Reference number that should be unique in the same day (request-id)

Example: 418075533589
X-DEVICE-IDstringRequired

Device identification on which the API services are currently being accessed by the end user (customer). Can’t contain symbols

Example: 95221
X-IP-ADDRESSstringOptional

conditional. IP address of the end user (customer) using IPv4 format

Example: 95221
Authorization-customerstringRequired

Access token obtained from B2B2C API

Example: Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a
AuthorizationstringRequired

Access Token obtained from Get B2B Token API

Example: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Body
partnerReferenceNostringRequired

Partner Reference Number | min length: 1 | max length: 64

Example: INV_20221221_0002
Responses
200
Successful Payment
application/json
post
POST /doku.com/direct-debit/merchant/allo/v1.0/payment-host-to-host HTTP/1.1
Host: api
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
X-TIMESTAMP: 2020-12-21T07:56:11.000Z
X-SIGNATURE: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-ID: 821508239190
X-EXTERNAL-ID: 418075533589
X-DEVICE-ID: 95221
Authorization-customer: Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a
Content-Type: application/json
Accept: */*
Content-Length: 457

{
  "partnerReferenceNo": "INV_20221221_0002",
  "amount": {
    "value": "12345678.00",
    "currency": "IDR"
  },
  "payOptionDetails": [
    {
      "payMethod": "BALANCE",
      "transAmount": {
        "value": "12345678.00",
        "currency": "IDR"
      }
    }
  ],
  "additionalInfo": {
    "lineItems": [
      {
        "name": "masker",
        "price": 50000,
        "quantity": 1
      }
    ],
    "successPaymentUrl": "https://dribbble.com/shots/14575431-Payment-method-success/attachments/6265573?mode=media",
    "failedPaymentUrl": "https://dribbble.com/shots/4756331-Failed-Transaction"
  }
}
{
  "responseCode": "20054000",
  "responseMessage": "Successful",
  "referenceNo": "40cd084bdb184ea6ace7bab46ac19d14",
  "webRedirectUrl": "https://uatipg.allobank.com/#/pages/bind/bind?language=id&journeyId=11682983915316909426889519104&nonceCode=4de47057a30540f1a4399d3a73100ae1"
}

Acknowledge Payment Notification

After the payment is being made by your customer, DOKU will send HTTP Notification to your defined Notification URL. Learn how to handle the notification from DOKU .

Additional Feature

Online Refund

Merchant can refund the transaction to DOKU. Hit this API to refund the transaction. Currently DOKU Support Full Refund.

Here is the Refund Flow :

API Endpoint

Environment
Endpoint

HTTP Method

POST

API Production

Path

...../direct-debit/merchant/allo/v1.0/debit/refund

Refund API

post
Header parameters
X-TIMESTAMPstring · utc timestampRequired

Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format

Example: 2020-12-21T07:56:11.000Z
X-SIGNATUREstringRequired

Algorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)

Example: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-IDstringRequired

Unique ID for a partner (DOKU'S Client ID)

Example: 821508239190
X-EXTERNAL-IDstringRequired

Numeric String. Reference number that should be unique in the same day (request-id)

Example: 418075533589
X-DEVICE-IDstringRequired

Device identification on which the API services are currently being accessed by the end user (customer). Can’t contain symbols

Example: 95221
X-IP-ADDRESSstringOptional

conditional. IP address of the end user (customer) using IPv4 format

Example: 95221
Authorization-customerstringRequired

Access token obtained from B2B2C API

Example: Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a
AuthorizationstringRequired

Access Token obtained from Get B2B Token API

Example: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Body
originalPartnerReferenceNostringRequired

Original Partner Reference Number | min length: 1 | max length: 64

Example: INV-592566712725
originalExternalIdstringRequired

Original External Id - External ID from payment process| min length: 1 | max length: 36

Example: 10052019
partnerRefundNostringRequired

Partner Refund Number| min length: 32 | max length: 64

Example: 239850918204981205970
reasonstringOptional

Reason of Refund | max length: 255

Example: Customer complain
Responses
200
Successful Refund
application/json
post
POST /doku.com/direct-debit/merchant/allo/v1.0/debit/refund HTTP/1.1
Host: api
X-TIMESTAMP: 2020-12-21T07:56:11.000Z
X-SIGNATURE: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-ID: 821508239190
X-EXTERNAL-ID: 418075533589
X-DEVICE-ID: 95221
Authorization-customer: Bearer fa8sjjEj813Y9JGoqwOeOPWbnt4CUpvIJbU1mMU4a11MNDZ7Sg5u9a
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE2OTgwNTA3NDMsImlzcyI6IkRPS1UiLCJjbGllbnRJZCI6IkJSTi0wMjExLTE2OTY5MTk2NTE5MTgifQ.x-D5VlK6TlVZbLPUSCr-Gbfgh4tnp0QDJmedYFHJGHFjg1c4x39pszU4sLvRhr0Jk0vKdMIzxUZeNhKoesWqDJitnG3kfrNZNsMb_WYUC0tJW91onXzYOKXiTgsHwRNFoWPQHlXIEtT3RQm-SRlCpk_E0gsavgkQn2-kbJEBnPhIs4eKg5IUY9GYi4hRr-_GHsudDl8sd2B5UBB_rHYq36BRmLXH7i7MQADHPsB1ktPVgk3ZWF0jebEjI-lJ88p-omL1vQNvRseXej2HKBa9chGLmPDvXYBQaRmmstHz-tv1boFrHfwsHJebcUec-i3WE1vMvP_3EPXdbqb45N4ciQ
Content-Type: application/json
Accept: */*
Content-Length: 205

{
  "originalPartnerReferenceNo": "INV-592566712725",
  "originalExternalId": "10052019",
  "partnerRefundNo": "239850918204981205970",
  "refundAmount": {
    "value": "10000.00",
    "currency": "IDR"
  },
  "reason": "Customer complain"
}
{
  "responseCode": "20058000",
  "responseMessage": "Successful",
  "originalPartnerReferenceNo": "40cd084bdb184ea6ace7bab46ac19d14",
  "originalReferenceNo": "40cd084bdb184ea6ace7bab46ac19d14",
  "refundNo": "40cd084bdb184ea6ace7bab46ac19d14",
  "partnerRefundNo": "40cd084bdb184ea6ace7bab46ac19d14",
  "refundAmount": {
    "value": 10000,
    "currency": "IDR"
  },
  "refundTime": "2020-12-21T10:21:41.000Z"
}

Account Unbinding

In case you need to remove the customer data on DOKU, hit this API to unbinding the customer data.

API Endpoint

Environment
Endpoint

HTTP Method

POST

API Production

Path

...../direct-debit/allo/v1.0/registration-account-unbinding

Unbinding process

post
Authorizations
Header parameters
X-TIMESTAMPstring · utc timestampRequired

Client's current local time in yyyy-MM- ddTHH:mm:ssTZD format

Example: 2020-12-21T07:56:11.000Z
X-SIGNATUREstringRequired

Algorithm symmetric signature HMAC_SHA512 (clientSecret, stringToSign)

Example: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-IDstringRequired

Unique ID for a partner (DOKU'S Client ID)

Example: 821508239190
X-EXTERNAL-IDstringRequired

Numeric String. Reference number that should be unique in the same day (request-id)

Example: 418075533589
X-DEVICE-IDstringRequired

Device identification on which the API services are currently being accessed by the end user (customer). Can’t contain symbols

Example: 95221
X-IP-ADDRESSstringOptional

conditional. IP address of the end user (customer) using IPv4 format

Example: 95221
AuthorizationstringRequired

Access Token obtained from Get B2B Token API

Example: 95221
Body
tokenIdstringRequired

DOKU Gateway token | Format : AN

Example: hdiwh3h832d832h382h3duh2
Responses
200
Successful Unbinding
application/json
post
POST /doku.com/direct-debit/allo/v1.0/registration-account-unbinding HTTP/1.1
Host: api
Authorization: 95221
X-TIMESTAMP: 2020-12-21T07:56:11.000Z
X-SIGNATURE: 85be817c55b2c135157c7e89f52499bf0c25ad6eeebe04a986e8c862561b19a5
X-PARTNER-ID: 821508239190
X-EXTERNAL-ID: 418075533589
X-DEVICE-ID: 95221
Content-Type: application/json
Accept: */*
Content-Length: 38

{
  "tokenId": "hdiwh3h832d832h382h3duh2"
}
{
  "responseCode": "2000900",
  "responseMessage": "Successful",
  "referenceNo": "40cd084bdb184ea6ace7bab46ac19d14",
  "additionalInfo": {
    "redirectUrl": "https://uatipg.allobank.com/#/pages/bind/bind?language=id&journeyId=11682983915316909426889519104&nonceCode=4de47057a30540f1a4399d3a73100ae1"
  }
}

Last updated

Was this helpful?