API Reference
DOKU DocsChangelogDOKU Github
  • Getting Started with DOKU API
    • User Registration
    • Idempotency Request
    • Notification
      • Setup Notification URL
      • HTTP Notification Sample for SNAP
      • HTTP Notification Sample - Non SNAP
      • Best Practice
      • Retry Notification
      • Override Notification URL
    • Signature Component
      • Non-SNAP
        • Signature Component from Request Header
        • Signature Componen from Response Header
        • Signature from API Get Method
        • Sample Code
      • SNAP
        • Symmetric Signature
        • Asymmetric Signature
    • Response Code
      • HTTP Status and Case Code
    • Check Status API
      • Non-SNAP
      • SNAP
    • Retrieve Payment Credential
  • Accept Payment
    • DOKU Checkout
      • Integration Guide
        • Backend Integration
        • Frontend Integration
        • Simulate payment and Notification
      • Supported Payment Methods
      • Status Order
      • Additional Feature
        • Tokenization
        • Promo on DOKU Checkout Page
        • Track Campaign Source on Google Analytics
      • Checkout Settings
    • Direct API
      • Non-SNAP
        • Cards
          • Payment Page Integration Guide
          • Host-To-Host Integration Guide
          • Mastercard Automatic Billing Updater (ABU) Integration Guide
            • Backend Integration
        • e-Wallet
          • Overview
          • DOKU e-Wallet
          • OVO Push Payment
          • ShopeePay
          • LinkAja
        • Paylater
          • Akulaku
          • Kredivo
          • Indodana
        • Digital Banking
          • Jenius Pay
        • Convenience Store
          • Alfa Group
          • Indomaret
      • SNAP
        • Integration Guide
          • Get Token API
            • B2B
            • B2B2C
          • Virtual Account
            • CIMB Virtual Account
            • BSI Virtual Account
            • BCA Virtual Account
            • BNC Virtual Account
            • BNI Virtual Account
            • Mandiri Virtual Account
            • BRI Virtual Account
            • BTN Virtual Account
            • Permata Virtual Account
            • Danamon Virtual Account
            • BSS Virtual Account
          • E-Wallet
            • DOKU Wallet
            • DANA
            • OVO
            • ShopeePay
          • Direct Debit
            • Allo Bank Direct Debit
            • BRI Direct Debit
            • CIMB Direct Debit
            • Mandiri Direct Debit
          • Kartu Kredit Indonesia Cepat Secure(KKI CPTS)
            • Host to Host Integration
          • QRIS
    • Finance and Settlement
      • Split Settlement
      • Custom Settlement Report
      • Hold and Release Settlement
      • Bulk Registration Bank
    • Test on DOKU Demo Site
    • DOKU Payment Simulator
  • Developer Kit
    • Postman Collection
    • Libraries and SDK
  • Wallet As A Service
    • Sub Account
  • Partnership
    • Partner API
      • Check Requirements API
      • Generate Token API
      • Upload File API
      • Business Registration API
      • Create Business Lite API
      • Get Business Data API
  • Payout
    • Kirim DOKU
  • FLEXIBILL
    • Account Billing
      • Batch Upload
    • DOKU Biller
      • Response Code
      • Samples
  • PAYCHAT API
    • Send WhatsApp Message
  • Archive
    • Non-SNAP
      • Tokenization V1
      • e-Wallet
        • OVO Recurring
        • OVO Open API
    • SNAP
      • Virtual Account
        • BCA v1.0
        • BRI v1.0
        • BNI v1.0
        • BNC v1.0
        • Mandiri v1.0
        • BTN v1.0
        • Permata v1.0
        • Danamon Virtual Account
      • e-Wallet
        • OVO Open API
        • DANA
        • ShopeePay
      • Direct Debit
        • CIMB Direct Debit
        • BRI Direct Debit
        • Allobank
Powered by GitBook

DOKU API

  • Legacy Documentation
On this page
  • Symmetric Signature
  • Preparation
  • Generate Signature :

Was this helpful?

  1. Getting Started with DOKU API
  2. Signature Component
  3. SNAP

Symmetric Signature

Symmetric Signature

Preparation

Before generating Signature, merchant need to prepare all the component required.

Component Explanation

Name
Description

clientSecret

HTTPMethod

The HTTP method that client use to hit the API

endpointURL

The path of the endpoint that will be hitted e.g: /bi-snap-va/v1/transfer-va/create-va NOTE: For the HTTP Notification from DOKU to merchant server, this will be the path of merchant Notification URL. As for the Inquiry Request, this will be the path of merchant Inquiry URL

AccessToken

Result of get token B2B ( without Bearer )

Timestamp

Same with X-TIMESTAMP

stringToSign

HTTPMethod +”:“+ EndpointUrl +":"+ AccessToken +":“+ Lowercase(HexEncode(SHA256(minify(RequestBody))))+ ":“ + TimeStamp

How to generate stringToSign Component

  1. Minify request Body

Before
After

  1. Calculate the result of {minify-request-body} using SHA-256

The result will be like this :

3274fab8dac896837b106a16da2a974e7e65142dcecb4b768ef0294102838977
  1. Hexencode the result of {SHA-256(minify-request-body)}

The result will be like this :

3274fab8dac896837b106a16da2a974e7e65142dcecb4b768ef0294102838977

Generating StringtoSign

This is the formula for generating the string to Sign :

HTTPMethod +”:“+ EndpointUrl +":"+ AccessToken +":“+ Lowercase(HexEncode(SHA256(minify(RequestBody))))+ ":“ + TimeStamp

This is the sample of stringToSign = __TEC2O1iVBszTBTkrZhCujPRwY1TUiMTVpx67lMaH3-COIKKIKvAFvZMvbKjH6fJhVKFFBJgVNtD-k4p_k4NQwQtHjy_gldtUNWJD9kRoLCloo32r6h2RAwi1JiwaBqPWsf7v9_ELfVA23vH8Ojn0jFzfNESeffOkJ8LjlH5zawuChHNZSq9eg6o0w_jrrdlLnhMKJRYl4x09da8GLR4_dKnR8pZiUB58GCDydPYEyt5CIlyYwBMF8VCUx4OPg-gFNh9nc0gGPLNLr7pjFXl-o16wDtRRFakMT_yc3fSo1oEZnulBGzFQOIQLP1k4dD2vDg:170acce306af96d970c7af8698a815939ee5ba5f0b1db4d6ce91fc625b86021e:2024-03-26T16:01:41+07:00

What is endpointURL ?

endpointURL means Request Target.

The Request-Target is depending on who is sending the request:

  1. When merchant hits DOKU endpoints: The Request-Target is the path of the DOKU API that merchant hits. For instance, if merchant wants to hit DOKU VA API: https://api.doku.com/bi-snap-va/v1/transfer-va/create-va. Therefore, the Request-Target value is /bi-snap-va/v1/transfer-va/create-va

  2. When DOKU hits merchant endpoints (HTTP Notification / Inquiry Request): The Request-Target is the path of merchant Notification URL or the Inquiry URL. For instance, if merchant set the Notification URL: https://yourdomain.com/payments/notifications. Therefore, the Request-Target value is /payments/notifications.

Generate Signature :

After all the stringToSign component has been set, merchant can now generate the signature :

  1. Calculate the result of (clientSecret , stringToSign) using HMAC_512

    Ex : qd2m9ot+cfq48qJ68+8IYdfkNDMA2hhecM2XegsnZ1Z5Fur9zii8BVm6cI7g1gyhL5/+OFZqAO8Kp0XPMdipfg==

  2. Put the value to each API in X-Signature component in Request Header

PreviousSNAPNextAsymmetric Signature

Last updated 1 year ago

Was this helpful?

Retrieved from the DOKU Dashboard. Find this through Integration > API Keys > Secret Key

Set the result of hexencode{SHA-256(minify-request-body)} to Lowercase

{
   "partnerServiceId":"  088899",
   "customerNo":"12345678901234567890",
   "virtualAccountNo":"  08889912345678901234567890",
   "virtualAccountName":"Jokul Doe",
   "virtualAccountEmail":"jokul@email.com",
   "virtualAccountPhone":"6281828384858",
   "trxId":"abcdefgh1234",
   "totalAmount":{
      "value":"12345678.00",
      "currency":"IDR"
   }
}
{"partnerServiceId":"  088899","customerNo":"12345678901234567890","virtualAccountNo":"  08889912345678901234567890","virtualAccountName":"Jokul Doe","virtualAccountEmail":"jokul@email.com","virtualAccountPhone":"6281828384858","trxId":"abcdefgh1234","totalAmount":{"value":"12345678.00","currency":"IDR"}}
​