Before you hit API on DOKU side, you need to understand how to generate a X-Signature. X- Signature is a security parameter that must be generated on the merchant's backend to verify the authenticity of the request.

Here is the case the X-Signature is used:

  1. When merchant hits DOKU endpoints

    1. Merchant generate X-Signature in Request Header : Merchant must generate the x-signature in request header and DOKU will verify the authenticity.

    2. For Register the virtual Account you have to use Symmetric Signature. Learn how to generate Symmetric Signature.

  2. When DOKU hits merchant endpoints (HTTP Notification / Inquiry Request). Merchant must also verify the X-Signature that DOKU sends on the request header when DOKU Notification hits merchant Merchant domain URL, to verify the notification request is coming from DOKU. Learn how to generate Symmetric Signature.

Signature Type

  1. Symmetric Signature

When to use ?

For transaction request such as Create VA, Account Binding, OTP Verification, Check Balance Inquiry, Payment, Refund, Account Unbinding

  1. Asymmetric Signature

When to use ?

For Get Token B2B and Get Token B2B2C

Last updated