Signature Component from Request Header
To generate a Signature in request header, merchant need to prepare these components:
Component Explanation
Client-id
Retrieved from the Request Header
Request-id
Retrieved from the Request Header
Request-Timestamp
Retrieved from the Request Header
Request-Target
The path of the endpoint that will be hitted e.g: /doku-virtual-account/v2/payment-code
. NOTE: For the HTTP Notification
from DOKU to merchant server, this will be the path of merchant Notification URL
. As for the Inquiry Request
, this will be the path of merchant Inquiry URL
Digest
Encoded (base64) value of hashed (SHA-256) JSON body. This component only applied for POST
Method.
Preparation
Before generating Signature
, merchant need to prepare all the component required.
Set Client-Id, Request-Id, Request-Timestamp.
Use the Client-Id, Request-Id, Request-Timestamp that is placed on the Request Header.
Set Request-Target
The Request-Target is depending on who is sending the request:
When merchant hits DOKU endpoints: The Request-Target is the path of the DOKU API that merchant hits. For instance, if merchant wants to hit DOKU VA API:
https://api.doku.com/doku-virtual-account/v2/payment-code
. Therefore, the Request-Target value is/doku-virtual-account/v2/payment-code
.When DOKU hits merchant endpoints (HTTP Notification / Inquiry Request): The Request-Target is the path of merchant
Notification URL
or theInquiry URL
. For instance, if merchant set theNotification URL
:https://yourdomain.com/payments/notifications
. Therefore, the Request-Target value is/payments/notifications
.
Generate Digest
Digest
is the hashed of the request body. To generate the Digest
:
Calculate SHA256 base64 hash from the JSON Body
Generating Signature
After all the Signature
component has been set, merchant can now generate it:
Arrange the signature components to one component and its value per line by adding escape character. Don't add at the end of the string. Sample of the raw format:
This is how merchant see it:
Calculate HMAC-SHA256 base64 from all the components above using the Secret Key from DOKU Back Office
Put encoded value and prepend
HMACSHA256=
to theSignature
. Sample:
Last updated