Signature Component from Request Header
To generate a Signature in request header, merchant need to prepare these components:
Client-Id:value
Request-Id:value
Request-Timestamp:value
Request-Target:value
Digest:value
Component Explanation
Client-id
Retrieved from the Request Header
Request-id
Retrieved from the Request Header
Request-Timestamp
Retrieved from the Request Header
Request-Target
The path of the endpoint that will be hitted e.g: /doku-virtual-account/v2/payment-code
. NOTE: For the HTTP Notification
from DOKU to merchant server, this will be the path of merchant Notification URL
. As for the Inquiry Request
, this will be the path of merchant Inquiry URL
Digest
Encoded (base64) value of hashed (SHA-256) JSON body. This component only applied for POST
Method.
Preparation
Before generating Signature
, merchant need to prepare all the component required.
Set Client-Id, Request-Id, Request-Timestamp.
Use the Client-Id, Request-Id, Request-Timestamp that is placed on the Request Header.
Set Request-Target
The Request-Target is depending on who is sending the request:
When merchant hits DOKU endpoints: The Request-Target is the path of the DOKU API that merchant hits. For instance, if merchant wants to hit DOKU VA API:
https://api.doku.com/doku-virtual-account/v2/payment-code
. Therefore, the Request-Target value is/doku-virtual-account/v2/payment-code
.When DOKU hits merchant endpoints (HTTP Notification / Inquiry Request): The Request-Target is the path of merchant
Notification URL
or theInquiry URL
. For instance, if merchant set theNotification URL
:https://yourdomain.com/payments/notifications
. Therefore, the Request-Target value is/payments/notifications
.
Generate Digest
Digest
is the hashed of the request body. To generate the Digest
:
Calculate SHA256 base64 hash from the JSON Body
Generating Signature
After all the Signature
component has been set, merchant can now generate it:
Arrange the signature components to one component and its value per line by adding escape character. Don't add at the end of the string. Sample of the raw format:
Client-Id:MCH-0001-10791114622547\nRequest-Id:cc682442-6c22-493e-8121-b9ef6b3fa728\nRequest-Timestamp:2020-08-11T08:45:42Z\nRequest-Target:/doku-virtual-account/v2/payment-code\nDigest:5WIYK2TJg6iiZ0d5v4IXSR0EkYEkYOezJIma3Ufli5s=
This is how merchant see it:
Client-Id:MCH-0001-10791114622547
Request-Id:cc682442-6c22-493e-8121-b9ef6b3fa728
Request-Timestamp:2020-08-11T08:45:42Z
Request-Target:/doku-virtual-account/v2/payment-code
Digest:5WIYK2TJg6iiZ0d5v4IXSR0EkYEkYOezJIma3Ufli5s=
Calculate HMAC-SHA256 base64 from all the components above using the Secret Key from DOKU Back Office
Put encoded value and prepend
HMACSHA256=
to theSignature
. Sample:
Signature: HMACSHA256=OvIRJs/jH8BIcGsktr4d8nnYtxY6E0Uzdm9d1GVgv5s=
Last updated
Was this helpful?