Symmetric Signature
Symmetric Signature
Preparation
Before generating Signature
, merchant need to prepare all the component required.
Component Explanation
clientSecret
Retrieved from the DOKU Dashboard.
Find this through Integration > API Keys > Secret Key
HTTPMethod
The HTTP method that client use to hit the API
endpointURL
The path of the endpoint that will be hitted e.g: /bi-snap-va/v1/transfer-va/create-va
NOTE: For the HTTP Notification
from DOKU to merchant server, this will be the path of merchant Notification URL
. As for the Inquiry Request
, this will be the path of merchant Inquiry URL
AccessToken
Result of get token B2B ( without Bearer )
Timestamp
Same with X-TIMESTAMP
stringToSign
HTTPMethod +”:“+ EndpointUrl +":"+ AccessToken +":“+ Lowercase(HexEncode(SHA256(minify(RequestBody))))+ ":“ + TimeStamp
How to generate stringToSign Component
Minify request Body
{
"partnerServiceId":" 088899",
"customerNo":"12345678901234567890",
"virtualAccountNo":" 08889912345678901234567890",
"virtualAccountName":"Jokul Doe",
"virtualAccountEmail":"[email protected]",
"virtualAccountPhone":"6281828384858",
"trxId":"abcdefgh1234",
"totalAmount":{
"value":"12345678.00",
"currency":"IDR"
}
}
{"partnerServiceId":" 088899","customerNo":"12345678901234567890","virtualAccountNo":" 08889912345678901234567890","virtualAccountName":"Jokul Doe","virtualAccountEmail":"[email protected]","virtualAccountPhone":"6281828384858","trxId":"abcdefgh1234","totalAmount":{"value":"12345678.00","currency":"IDR"}}
Calculate the result of {minify-request-body} using SHA-256
The result will be like this :
3274fab8dac896837b106a16da2a974e7e65142dcecb4b768ef0294102838977
Hexencode the result of {SHA-256(minify-request-body)}
The result will be like this :
3274fab8dac896837b106a16da2a974e7e65142dcecb4b768ef0294102838977
Set the result of hexencode{SHA-256(minify-request-body)} to Lowercase
Generating StringtoSign
This is the formula for generating the string to Sign :
HTTPMethod +”:“+ EndpointUrl +":"+ AccessToken +":“+ Lowercase(HexEncode(SHA256(minify(RequestBody))))+ ":“ + TimeStamp
This is the sample of stringToSign = __TEC2O1iVBszTBTkrZhCujPRwY1TUiMTVpx67lMaH3-COIKKIKvAFvZMvbKjH6fJhVKFFBJgVNtD-k4p_k4NQwQtHjy_gldtUNWJD9kRoLCloo32r6h2RAwi1JiwaBqPWsf7v9_ELfVA23vH8Ojn0jFzfNESeffOkJ8LjlH5zawuChHNZSq9eg6o0w_jrrdlLnhMKJRYl4x09da8GLR4_dKnR8pZiUB58GCDydPYEyt5CIlyYwBMF8VCUx4OPg-gFNh9nc0gGPLNLr7pjFXl-o16wDtRRFakMT_yc3fSo1oEZnulBGzFQOIQLP1k4dD2vDg:170acce306af96d970c7af8698a815939ee5ba5f0b1db4d6ce91fc625b86021e:2024-03-26T16:01:41+07:00
Generate Signature :
After all the stringToSign
component has been set, merchant can now generate the signature :
Calculate the result of
(clientSecret , stringToSign)
usingHMAC_512
Ex :
qd2m9ot+cfq48qJ68+8IYdfkNDMA2hhecM2XegsnZ1Z5Fur9zii8BVm6cI7g1gyhL5/+OFZqAO8Kp0XPMdipfg==
Put the value to each API in X-Signature component in Request Header
Last updated
Was this helpful?