# Symmetric Signature ## Symmetric Signature ### **Preparation** Before generating `Signature`, merchant need to prepare all the component required. **Component Explanation** | Name | Description | | -------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `clientSecret` |

Retrieved from the DOKU Dashboard.
Find this through Integration > API Keys > Secret Key

| | `HTTPMethod` | The HTTP method that client use to hit the API | | | | | `endpointURL` |

The path of the endpoint that will be hitted e.g: /bi-snap-va/v1/transfer-va/create-va

NOTE: For the HTTP Notification from DOKU to merchant server, this will be the path of merchant Notification URL. As for the Inquiry Request, this will be the path of merchant Inquiry URL

| | `AccessToken` | Result of get token B2B ( without Bearer ) | | `Timestamp` | Same with `X-TIMESTAMP` | | `stringToSign` | `HTTPMethod +”:“+ EndpointUrl +":"+ AccessToken +":“+ Lowercase(HexEncode(SHA256(minify(RequestBody))))+ ":“ + TimeStamp` | **How to generate stringToSign Component** 1. Minify request Body
BeforeAfter

{
   "partnerServiceId":"  088899",
   "customerNo":"12345678901234567890",
   "virtualAccountNo":"  08889912345678901234567890",
   "virtualAccountName":"Jokul Doe",
   "virtualAccountEmail":"jokul@email.com",
   "virtualAccountPhone":"6281828384858",
   "trxId":"abcdefgh1234",
   "totalAmount":{
      "value":"12345678.00",
      "currency":"IDR"
   }
}


{"partnerServiceId":"  088899","customerNo":"12345678901234567890","virtualAccountNo":"  08889912345678901234567890","virtualAccountName":"Jokul Doe","virtualAccountEmail":"jokul@email.com","virtualAccountPhone":"6281828384858","trxId":"abcdefgh1234","totalAmount":{"value":"12345678.00","currency":"IDR"}}
2. Calculate the result of {minify-request-body} using SHA-256 The result will be like this : ```json 3274fab8dac896837b106a16da2a974e7e65142dcecb4b768ef0294102838977 ``` 3. Hexencode the result of {SHA-256(minify-request-body)} The result will be like this : 3274fab8dac896837b106a16da2a974e7e65142dcecb4b768ef0294102838977 4. Set the result of hexencode{SHA-256(minify-request-body)} to Lowercase [**​**](https://dashboard.doku.com/docs/docs/technical-references/generate-signature#set-client-id-request-id-request-timestamp) #### Generating StringtoSign This is the formula for generating the string to Sign : `HTTPMethod +”:“+ EndpointUrl +":"+ AccessToken +":“+ Lowercase(HexEncode(SHA256(minify(RequestBody))))+ ":“ + TimeStamp` This is the sample of stringToSign = `__TEC2O1iVBszTBTkrZhCujPRwY1TUiMTVpx67lMaH3-COIKKIKvAFvZMvbKjH6fJhVKFFBJgVNtD-k4p_k4NQwQtHjy_gldtUNWJD9kRoLCloo32r6h2RAwi1JiwaBqPWsf7v9_ELfVA23vH8Ojn0jFzfNESeffOkJ8LjlH5zawuChHNZSq9eg6o0w_jrrdlLnhMKJRYl4x09da8GLR4_dKnR8pZiUB58GCDydPYEyt5CIlyYwBMF8VCUx4OPg-gFNh9nc0gGPLNLr7pjFXl-o16wDtRRFakMT_yc3fSo1oEZnulBGzFQOIQLP1k4dD2vDg:170acce306af96d970c7af8698a815939ee5ba5f0b1db4d6ce91fc625b86021e:2024-03-26T16:01:41+07:00` {% hint style="info" %} What is `endpointURL` ? `endpointURL` means Request Target. The Request-Target is depending on who is sending the request: 1. **When merchant hits DOKU endpoints:** The Request-Target is the path of the DOKU API that merchant hits.\ For instance, if merchant wants to hit DOKU VA API: `https://api.doku.com/`bi-snap-va/v1/transfer-va/create-va. Therefore, the Request-Target value is /bi-snap-va/v1/transfer-va/create-va 2. **When DOKU hits merchant endpoints (HTTP Notification / Inquiry Request):** The Request-Target is the path of merchant `Notification URL` or the `Inquiry URL`.\ For instance, if merchant set the `Notification URL`: `https://yourdomain.com/payments/notifications`. Therefore, the Request-Target value is `/payments/notifications`. {% endhint %} ### Generate Signature : After all the `stringToSign` component has been set, merchant can now generate the signature : 1. Calculate the result of `(clientSecret , stringToSign)` using `HMAC_512` Ex : `qd2m9ot+cfq48qJ68+8IYdfkNDMA2hhecM2XegsnZ1Z5Fur9zii8BVm6cI7g1gyhL5/+OFZqAO8Kp0XPMdipfg==` 2. Put the value to each API in X-Signature component in Request Header --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://developers.doku.com/get-started-with-doku-api/signature-component/snap/symmetric-signature.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.