Signature Component from Request Header
To generate a Signature in request header, merchant need to prepare these components:
Component Explanation
| Name | |
|---|---|
C | Retrieved from the Request Header |
R | Retrieved from the Request Header |
| Retrieved from the Request Header |
| The path of the endpoint that will be hitted e.g: |
| Encoded (base64) value of hashed (SHA-256) JSON body. This component only applied for |
Preparation
Before generating Signature, merchant need to prepare all the component required.
Set Client-Id, Request-Id, Request-Timestamp.
Use the Client-Id, Request-Id, Request-Timestamp that is placed on the Request Header.
Set Request-Target
The Request-Target is depending on who is sending the request:
When merchant hits DOKU endpoints: The Request-Target is the path of the DOKU API that merchant hits. For instance, if merchant wants to hit DOKU VA API:
https://api.doku.com/doku-virtual-account/v2/payment-code. Therefore, the Request-Target value is/doku-virtual-account/v2/payment-code.When DOKU hits merchant endpoints (HTTP Notification / Inquiry Request): The Request-Target is the path of merchant
Notification URLor theInquiry URL. For instance, if merchant set theNotification URL:https://yourdomain.com/payments/notifications. Therefore, the Request-Target value is/payments/notifications.
Generate Digest
Digest is the hashed of the request body. To generate the Digest:
Calculate SHA256 base64 hash from the JSON Body
Generating Signature
After all the Signature component has been set, merchant can now generate it:
Arrange the signature components to one component and its value per line by adding escape character. Don't add at the end of the string. Sample of the raw format:
This is how merchant see it:
Calculate HMAC-SHA256 base64 from all the components above using the Secret Key from DOKU Back Office
Put encoded value and prepend
HMACSHA256=to theSignature. Sample:
Last updated