Skip to main content

Host to Host Integration Guide

If you are PCI DSS compliance, you can use this type of integration to receive card payments.


Payment types

There are 3 payment types available depends on your needs:

  1. SALE
  2. MOTO
  3. AUTHORIZE CAPTURE

(SALE) Integration steps

Here is the overview of how to integrate SALE payment:

  1. Prepare credit card form input / Get token list
  2. Get 3DS authentication ID and 3DS URL
  3. Hit API Charge
  4. Acknowledge payment result
DOKU Direct - Credit Card H2H SALE Sequence Diagram
DOKU Direct Credit Card H2H SALE Merchant Flow

1. Prepare credit card form input / Get token list

You can create credit card form input on your end, so that your customer can input their credit card number, expiry date, and CVV.

If you save the card token from DOKU side, you can use Tokenization to show the saved card of your customers.


2. Get 3DS authentication ID and 3DS URL

To get 3DS authentication, you will need to hit this API through your backend:

API Request

TypeValue
HTTP MethodPOST
API endpoint (Sandbox)https://api-sandbox.doku.com/credit-card/check-three-d-secure
API endpoint (Production)https://api.doku.com/credit-card/check-three-d-secure

Here is the sample of request header to get 3DS authentication:

Client-Id: MCH-0001-10791114622547
Request-Id: 6d0bffbd-9246-455e-a1f1-44c1f76ad589
Request-Timestamp: 2021-08-24T08:45:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
Request Header Explanation
ParameterDescription
Client-IdClient ID retrieved from DOKU Back Office
Request-IdUnique random string (max 128 characters) generated from merchant side to protect duplicate request
Request-TimestampTimestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
SignatureSecurity parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature

Here is the sample request body to get 3DS authentication:

{
"order": {
"amount": 90000
},
"card": {
"token": "243591d7e49f45109961581718c3ef82",
"number": "5573381011111101",
"expiry": "1225"
},
"three_dsecure": {
"callback_url_success": "https://www.merchant.com/success",
"callback_url_failed": "https://www.merchant.com/failed"
}
}
Request Body Explanation
ParameterTypeMandatoryDescription
order.amountnumberMandatoryIn IDR Currency and without decimal
Allowed chars: numeric
Max length: 12
card.tokenstringOptionalCard token generated by DOKU, can be used if you already activate tokenization
card.numberstringMandatoryCard number, can be optional if you sent card.token
card.expirystringMandatoryCard expiry date, can be optional if you sent card.token
Format: MMYY
three_dsecure.callback_url_successstringMandatoryAfter 3DS process success, customer will be redirected to this page
three_dsecure.callback_url_failedstringMandatoryAfter 3DS process success, customer will be redirected to this page

API Response

After hitting the above API request, DOKU will give the response.

TypeValue
HTTP Status200
ResultSUCCESS

Here is the sample response header:

Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
Response Header Explanation
ParameterDescription
Client-IdSame as the request
Request-IdSame as the request
Response-TimestampTimestamp Response on UTC with format ISO8601 UTC+0 from DOKU
SignatureSignature generated by DOKU based on the response body

Here is the sample of response body:

{
"order": {
"amount": 90000
},
"three_dsecure": {
"enrollment_status": true,
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e",
"authentication_url": "https://doku.3ds.com?authenticationId=eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
}
}
Response Body Explanation
ParameterTypeMandatoryDescription
order.amountnumberMandatorySame as the request
three_dsecure.enrollment_statusbooleanMandatoryCard 3D Secure enrollment status
Possible value: true, false
three_dsecure.authentication_idstringMandatory3DS process ID to use on API Charge
three_dsecure.authentication_urlstringOptional3DS page if the three_dsecure.enrollment_status is true

3. Hit API Charge

After the customer is redirected to the 3DS success page, then your backend must trigger the API Charge to DOKU:

API Request

TypeValue
HTTP MethodPOST
API endpoint (Sandbox)https://api-sandbox.doku.com/credit-card/charge
API endpoint (Production)https://api.doku.com/credit-card/charge

Here is the sample of request header to charge the transaction:

Client-Id: MCH-0001-10791114622547
Request-Id: b154c582-4501-436a-8012-0346f2a46b47
Request-Timestamp: 2021-08-24T08:46:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
Request Header Explanation
ParameterDescription
Client-IdClient ID retrieved from DOKU Back Office
Request-IdUnique random string (max 128 characters) generated from merchant side to protect duplicate request
Request-TimestampTimestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
SignatureSecurity parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature

Here is the sample request body to charge the transaction:

{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000,
"line_items": [
{
"name": "T-Shirt Red",
"price": 30000,
"quantity": 2
},
{
"name": "Polo Navy",
"price": 30000,
"quantity": 1
}
]
},
"customer": {
"id": "CUST-0001",
"name": "Anton Budiman",
"email": "anton@example.com",
"phone": "6285694566147",
"address": "Menara Mulia Lantai 8",
"country": "ID"
},
"three_dsecure": {
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
},
"payment": {
"type": "SALE",
"tenor": "12",
"plan_id": "1232131"
},
"card": {
"token": "243591d7e49f45109961581718c3ef82",
"number": "5573381011111101",
"expiry": "1225",
"cvv": "123",
"save": true
}
}
Request Body Explanation
ParameterTypeMandatoryDescription
order.amountnumberMandatoryIn IDR Currency and without decimal
Allowed chars: numeric
Max length: 12
order.invoice_numberstringMandatoryGenerated by merchant to identify the order
Allowed chars: alphabetic, numeric, special chars
Max length: 64
order.line_items.namestringOptionalName of the product item
Allowed chars: alphabetic, numeric, special chars
Max Length: 255
order.line_items.pricenumberOptionalPrice of the product item. Total price and quantity must match with the order.amount
Allowed chars: numeric
Max Length: 12
order.line_items.quantitynumberOptionalQuantity of the product item
Allowed chars: numeric
Max Length: 4
customer.idstringConditionalUnique customer identifier generated by merchant. Mandatory if merchant wants to use tokenization feature.
Allowed chars: alphabetic, numeric, special chars
Max Length: 50
customer.namestringOptionalCustomer name
Allowed chars: alphabetic
Max Length: 255
customer.emailstringOptionalCustomer email
Allowed chars: alphabetic, numeric, special chars
Max Length: 128
customer.phonestringOptionalCustomer phone number. Format: {calling_code}{phone_number}. Example: 6281122334455
Allowed chars: numeric
Max Length: 16
customer.addressstringOptionalCustomer address
Allowed chars: alphabetic, numeric, special chars
Max Length: 400
customer.countrystringOptional2 alphabetic country code ISO 3166-1
Allowed chars: alphabetic
Min-max Length: 2
three_dsecure.authentication_idstringMandatoryAfter 3DS process success, customer will be redirected to this page
payment.typestringMandatoryPayment type
Possible value: SALE, MOTO, AUTHORIZE
payment.tenorstringOptionalTenor for issuer that have installment feature with DOKU - For MOTO and SALE only
payment.plan_idstringOptionalPromotion ID from the bank for merchant
card.tokenstringOptionalCard token generated by DOKU, for 3ds transaction please bring three_dsecure.authentication_id only
card.numberstringMandatoryCard number, can be optional if you sent card.token
card.expirystringMandatoryCard expiry date, can be optional if you sent card.token
Format: MMYY
card.cvvstringMandatoryCard CVV, Optional if payment.type is MOTO
card.savebooleanOptionalSet true if you want to force customer to save the card token for the next payment
Possible value: true, false
Default value: false

API Response

After hitting the above API request, DOKU will give the response.

TypeValue
HTTP Status200
ResultSUCCESS

Here is the sample response header:

Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
Response Header Explanation
ParameterDescription
Client-IdSame as the request
Request-IdSame as the request
Response-TimestampTimestamp Response on UTC with format ISO8601 UTC+0 from DOKU
SignatureSignature generated by DOKU based on the response body

Here is the sample of response body:

{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000
},
"customer": {
"id": "CUST-0001"
},
"payment": {
"type": "SALE",
"identifier": [
{
"name": "Acquirer",
"value": "Mandiri"
},
{
"name": "MID",
"value": "71003372992"
},
{
"name": "TID",
"value": "73120903"
}
],
"request_id": "20201026193843836",
"authorize_id": "",
"response_code": "01",
"response_message": "sukses transaksi",
"eci": "",
"status": "SUCCESS",
"approval_code": "123123"
},
"three_dsecure": {
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
},
"card": {
"masked": "557338*******101",
"type": "CREDIT",
"issuer": "Bank Mandiri",
"brand": "MASTER",
"token": "243591d7e49f45109961581718c3ef82"
}
}
Response Body Explanation
ParameterTypeMandatoryDescription
order.invoice_numberstringMandatorySame as the request
order.amountnumberMandatorySame as the request
customer.idstringOptionalSame as the request
payment.typestringMandatorySame as the request
payment.identifier.namestringMandatoryAdditional payment info name
payment.identifier.valuestringMandatoryAdditional payment info value
payment.request_idstringMandatoryRequest ID sent on merchant's request header
payment.authorize_idstringOptionalAuthorize ID for authorize transaction. Mandatory if payment.type is AUTHORIZE
payment.response_codestringMandatoryReponse code generated by DOKU / Acquirer
payment.response_messagestringMandatoryResponse message generated by DOKU / Acquirer
payment.statusstringMandatoryPayment status
Possible value: SUCCESS, FAILED, PENDING
payment.ecistringMandatoryECI for this transaction
payment.approval_codestringOptionalApproval code for success transaction generated by acquirer
three_dsecure.authentication_idstringMandatorySame as the request
card.maskedstringOptionalCard masked number
card.typestringMandatoryCard type
Possible value: CREDIT, DEBIT
card.issuerstringMandatoryCard issuer
card.brandstringMandatoryPrincipal brand
VISA, MASTER, JCB, AMEX
card.tokenstringOptionalCard token generated by DOKU if card.save is true

4. Acknowledge payment result

After the payment is being made by your customer, DOKU will send HTTP Notification to your defined Notification URL. Learn how to handle the notification from DOKU:


(MOTO) Integration steps

Here is the overview of how to integrate MOTO payment:

  1. Prepare credit card form input / Get token list
  2. Hit API Charge
  3. Acknowledge payment result
Jokul Direct - Credit Card H2H MOTO Sequence Diagram
Jokul Direct Credit Card H2H MOTO Merchant Flow

1. Prepare credit card form input / Get token list

You can create credit card form input on your end, so that your customer can input their credit card number, expiry date, and CVV.

If you save the card token from DOKU side, you can use Tokenization to show the saved card of your customers.


2. Hit API Charge

After the customer input the credit card, then your backend must trigger the API Charge to DOKU:

API Request

TypeValue
HTTP MethodPOST
API endpoint (Sandbox)https://api-sandbox.doku.com/credit-card/charge
API endpoint (Production)https://api.doku.com/credit-card/charge

Here is the sample of request header to charge the transaction:

Client-Id: MCH-0001-10791114622547
Request-Id: b154c582-4501-436a-8012-0346f2a46b47
Request-Timestamp: 2021-08-24T08:46:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
Request Header Explanation
ParameterDescription
Client-IdClient ID retrieved from DOKU Back Office
Request-IdUnique random string (max 128 characters) generated from merchant side to protect duplicate request
Request-TimestampTimestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
SignatureSecurity parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature

Here is the sample request body to charge the transaction:

{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000,
"line_items": [
{
"name": "T-Shirt Red",
"price": 30000,
"quantity": 2
},
{
"name": "Polo Navy",
"price": 30000,
"quantity": 1
}
]
},
"customer": {
"id": "CUST-0001",
"name": "Anton Budiman",
"email": "anton@example.com",
"phone": "6285694566147",
"address": "Menara Mulia Lantai 8",
"country": "ID"
},
"payment": {
"type": "MOTO",
"tenor": "12",
"plan_id": "1232131"
},
"card": {
"token": "243591d7e49f45109961581718c3ef82",
"number": "5573381011111101",
"expiry": "1225",
"save": true
}
}
Request Body Explanation
ParameterTypeMandatoryDescription
order.amountnumberMandatoryIn IDR Currency and without decimal
Allowed chars: numeric
Max length: 12
order.invoice_numberstringMandatoryGenerated by merchant to identify the order
Allowed chars: alphabetic, numeric, special chars
Max length: 64
order.line_items.namestringOptionalName of the product item
Allowed chars: alphabetic, numeric, special chars
Max Length: 255
order.line_items.pricenumberOptionalPrice of the product item. Total price and quantity must match with the order.amount
Allowed chars: numeric
Max Length: 12
order.line_items.quantitynumberOptionalQuantity of the product item
Allowed chars: numeric
Max Length: 4
customer.idstringConditionalUnique customer identifier generated by merchant. Mandatory if merchant wants to use tokenization feature.
Allowed chars: alphabetic, numeric, special chars
Max Length: 50
customer.namestringOptionalCustomer name
Allowed chars: alphabetic
Max Length: 255
customer.emailstringOptionalCustomer email
Allowed chars: alphabetic, numeric, special chars
Max Length: 128
customer.phonestringOptionalCustomer phone number. Format: {calling_code}{phone_number}. Example: 6281122334455
Allowed chars: numeric
Max Length: 16
customer.addressstringOptionalCustomer address
Allowed chars: alphabetic, numeric, special chars
Max Length: 400
customer.countrystringOptional2 alphabetic country code ISO 3166-1
Allowed chars: alphabetic
Min-max Length: 2
three_dsecure.authentication_idstringMandatoryAfter 3DS process success, customer will be redirected to this page
payment.typestringMandatoryPayment type
Possible value: SALE, MOTO, AUTHORIZE
payment.tenorstringOptionalTenor for issuer that have installment feature with DOKU - For MOTO and SALE only
payment.plan_idstringOptionalPromotion ID from the bank for merchant
card.tokenstringOptionalCard token generated by DOKU, for 3ds transaction please bring three_dsecure.authentication_id only
card.numberstringMandatoryCard number, can be optional if you sent card.token
card.expirystringMandatoryCard expiry date, can be optional if you sent card.token
Format: MMYY
card.savebooleanOptionalSet true if you want to force customer to save the card token for the next payment
Possible value: true, false
Default value: false

API Response

After hitting the above API request, DOKU will give the response.

TypeValue
HTTP Status200
ResultSUCCESS

Here is the sample response header:

Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
Response Header Explanation
ParameterDescription
Client-IdSame as the request
Request-IdSame as the request
Response-TimestampTimestamp Response on UTC with format ISO8601 UTC+0 from DOKU
SignatureSignature generated by DOKU based on the response body

Here is the sample of response body:

{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000
},
"customer": {
"id": "CUST-0001"
},
"payment": {
"type": "MOTO",
"identifier": [
{
"name": "Acquirer",
"value": "Mandiri"
},
{
"name": "MID",
"value": "71003372992"
},
{
"name": "TID",
"value": "73120903"
}
],
"request_id": "20201026193843836",
"authorize_id": "",
"response_code": "01",
"response_message": "sukses transaksi",
"eci": "",
"status": "SUCCESS",
"approval_code": "123123"
},
"card": {
"masked": "557338*******101",
"type": "CREDIT",
"issuer": "Bank Mandiri",
"brand": "MASTER",
"token": "243591d7e49f45109961581718c3ef82"
}
}
Response Body Explanation
ParameterTypeMandatoryDescription
order.invoice_numberstringMandatorySame as the request
order.amountnumberMandatorySame as the request
customer.idstringOptionalSame as the request
payment.typestringMandatorySame as the request
payment.identifier.namestringMandatoryAdditional payment info name
payment.identifier.valuestringMandatoryAdditional payment info value
payment.request_idstringMandatoryRequest ID sent on merchant's request header
payment.authorize_idstringOptionalAuthorize ID for authorize transaction. Mandatory if payment.type is AUTHORIZE
payment.response_codestringMandatoryReponse code generated by DOKU / Acquirer
payment.response_messagestringMandatoryResponse message generated by DOKU / Acquirer
payment.statusstringMandatoryPayment status
Possible value: SUCCESS, FAILED, PENDING
payment.ecistringMandatoryECI for this transaction
payment.approval_codestringOptionalApproval code for success transaction generated by acquirer
card.maskedstringOptionalCard masked number
card.typestringMandatoryCard type
Possible value: CREDIT, DEBIT
card.issuerstringMandatoryCard issuer
card.brandstringMandatoryPrincipal brand
VISA, MASTER, JCB, AMEX
card.tokenstringOptionalCard token generated by DOKU if card.save is true

3. Acknowledge payment result

After the payment is being made by your customer, DOKU will send HTTP Notification to your defined Notification URL. Learn how to handle the notification from DOKU:


(AUTHORIZE CAPTURE) Integration steps

Here is the overview of how to integrate AUTHORIZE CAPTURE payment:

  1. Prepare credit card form input / Get token list
  2. Get 3DS authentication ID and 3DS URL
  3. Hit API Charge
  4. Hit API Capture
  5. Acknowledge payment result
Jokul Direct - Credit Card H2H AUTH CAP Sequence Diagram
Jokul Direct Credit Card H2H AUTH CAP Merchant Flow

1. Prepare credit card form input / Get token list

You can create credit card form input on your end, so that your customer can input their credit card number, expiry date, and CVV.

If you save the card token from DOKU side, you can use Tokenization to show the saved card of your customers.


2. Get 3DS authentication ID and 3DS URL

To get 3DS authentication, you will need to hit this API through your backend:

API Request

TypeValue
HTTP MethodPOST
API endpoint (Sandbox)https://api-sandbox.doku.com/credit-card/check-three-d-secure
API endpoint (Production)https://api.doku.com/credit-card/check-three-d-secure

Here is the sample of request header to get 3DS authentication:

Client-Id: MCH-0001-10791114622547
Request-Id: 6d0bffbd-9246-455e-a1f1-44c1f76ad589
Request-Timestamp: 2021-08-24T08:45:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
Request Header Explanation
ParameterDescription
Client-IdClient ID retrieved from DOKU Back Office
Request-IdUnique random string (max 128 characters) generated from merchant side to protect duplicate request
Request-TimestampTimestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
SignatureSecurity parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature

Here is the sample request body to get 3DS authentication:

{
"order": {
"amount": 90000
},
"card": {
"token": "243591d7e49f45109961581718c3ef82",
"number": "5573381011111101",
"expiry": "1225"
},
"three_dsecure": {
"callback_url_success": "https://www.merchant.com/success",
"callback_url_failed": "https://www.merchant.com/failed"
}
}
Request Body Explanation
ParameterTypeMandatoryDescription
order.amountnumberMandatoryIn IDR Currency and without decimal
Allowed chars: numeric
Max length: 12
card.tokenstringOptionalCard token generated by DOKU, can be used if you already activate tokenization
card.numberstringMandatoryCard number, can be optional if you sent card.token
card.expirystringMandatoryCard expiry date, can be optional if you sent card.token
Format: MMYY
three_dsecure.callback_url_successstringMandatoryAfter 3DS process success, customer will be redirected to this page
three_dsecure.callback_url_failedstringMandatoryAfter 3DS process success, customer will be redirected to this page

API Response

After hitting the above API request, DOKU will give the response.

TypeValue
HTTP Status200
ResultSUCCESS

Here is the sample response header:

Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
Response Header Explanation
ParameterDescription
Client-IdSame as the request
Request-IdSame as the request
Response-TimestampTimestamp Response on UTC with format ISO8601 UTC+0 from DOKU
SignatureSignature generated by DOKU based on the response body

Here is the sample of response body:

{
"order": {
"amount": 90000
},
"three_dsecure": {
"enrollment_status": true,
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e",
"authentication_url": "https://doku.3ds.com?authenticationId=eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
}
}
Response Body Explanation
ParameterTypeMandatoryDescription
order.amountnumberMandatorySame as the request
three_dsecure.enrollment_statusbooleanMandatoryCard 3D Secure enrollment status
Possible value: true, false
three_dsecure.authentication_idstringMandatory3DS process ID to use on API Charge
three_dsecure.authentication_urlstringOptional3DS page if the three_dsecure.enrollment_status is true

3. Hit API Charge

After the customer is redirected to the 3DS success page, then your backend must trigger the API Charge to DOKU:

API Request

TypeValue
HTTP MethodPOST
API endpoint (Sandbox)https://api-sandbox.doku.com/credit-card/charge
API endpoint (Production)https://api.doku.com/credit-card/charge

Here is the sample of request header to charge the transaction:

Client-Id: MCH-0001-10791114622547
Request-Id: b154c582-4501-436a-8012-0346f2a46b47
Request-Timestamp: 2021-08-24T08:46:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
Request Header Explanation
ParameterDescription
Client-IdClient ID retrieved from DOKU Back Office
Request-IdUnique random string (max 128 characters) generated from merchant side to protect duplicate request
Request-TimestampTimestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
SignatureSecurity parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature

Here is the sample request body to charge the transaction:

{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000,
"line_items": [
{
"name": "T-Shirt Red",
"price": 30000,
"quantity": 2
},
{
"name": "Polo Navy",
"price": 30000,
"quantity": 1
}
]
},
"customer": {
"id": "CUST-0001",
"name": "Anton Budiman",
"email": "anton@example.com",
"phone": "6285694566147",
"address": "Menara Mulia Lantai 8",
"country": "ID"
},
"three_dsecure": {
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
},
"payment": {
"type": "AUTHORIZE",
"plan_id": "1232131"
},
"card": {
"token": "243591d7e49f45109961581718c3ef82",
"number": "5573381011111101",
"expiry": "1225",
"cvv": "123",
"save": true
}
}
Request Body Explanation
ParameterTypeMandatoryDescription
order.amountnumberMandatoryIn IDR Currency and without decimal
Allowed chars: numeric
Max length: 12
order.invoice_numberstringMandatoryGenerated by merchant to identify the order
Allowed chars: alphabetic, numeric, special chars
Max length: 64
order.line_items.namestringOptionalName of the product item
Allowed chars: alphabetic, numeric, special chars
Max Length: 255
order.line_items.pricenumberOptionalPrice of the product item. Total price and quantity must match with the order.amount
Allowed chars: numeric
Max Length: 12
order.line_items.quantitynumberOptionalQuantity of the product item
Allowed chars: numeric
Max Length: 4
customer.idstringConditionalUnique customer identifier generated by merchant. Mandatory if merchant wants to use tokenization feature.
Allowed chars: alphabetic, numeric, special chars
Max Length: 50
customer.namestringOptionalCustomer name
Allowed chars: alphabetic
Max Length: 255
customer.emailstringOptionalCustomer email
Allowed chars: alphabetic, numeric, special chars
Max Length: 128
customer.phonestringOptionalCustomer phone number. Format: {calling_code}{phone_number}. Example: 6281122334455
Allowed chars: numeric
Max Length: 16
customer.addressstringOptionalCustomer address
Allowed chars: alphabetic, numeric, special chars
Max Length: 400
customer.countrystringOptional2 alphabetic country code ISO 3166-1
Allowed chars: alphabetic
Min-max Length: 2
three_dsecure.authentication_idstringMandatoryAfter 3DS process success, customer will be redirected to this page
payment.typestringMandatoryPayment type
Possible value: SALE, MOTO, AUTHORIZE
payment.plan_idstringOptionalPromotion ID from the bank for merchant
card.tokenstringOptionalCard token generated by DOKU, for 3ds transaction please bring three_dsecure.authentication_id only
card.numberstringMandatoryCard number, can be optional if you sent card.token
card.expirystringMandatoryCard expiry date, can be optional if you sent card.token
Format: MMYY
card.cvvstringMandatoryCard CVV, Optional if payment.type is MOTO
card.savebooleanOptionalSet true if you want to force customer to save the card token for the next payment
Possible value: true, false
Default value: false

API Response

After hitting the above API request, DOKU will give the response.

TypeValue
HTTP Status200
ResultSUCCESS

Here is the sample response header:

Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
Response Header Explanation
ParameterDescription
Client-IdSame as the request
Request-IdSame as the request
Response-TimestampTimestamp Response on UTC with format ISO8601 UTC+0 from DOKU
SignatureSignature generated by DOKU based on the response body

Here is the sample of response body:

{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000
},
"customer": {
"id": "CUST-0001"
},
"payment": {
"type": "AUTHORIZE",
"identifier": [
{
"name": "Acquirer",
"value": "Mandiri"
},
{
"name": "MID",
"value": "71003372992"
},
{
"name": "TID",
"value": "73120903"
}
],
"request_id": "20201026193843836",
"authorize_id": "12312391719112",
"response_code": "01",
"response_message": "sukses transaksi",
"eci": "",
"status": "SUCCESS",
"approval_code": "123123"
},
"three_dsecure": {
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
},
"card": {
"masked": "557338*******101",
"type": "CREDIT",
"issuer": "Bank Mandiri",
"brand": "MASTER",
"token": "243591d7e49f45109961581718c3ef82"
}
}
Response Body Explanation
ParameterTypeMandatoryDescription
order.invoice_numberstringMandatorySame as the request
order.amountnumberMandatorySame as the request
customer.idstringOptionalSame as the request
payment.typestringMandatorySame as the request
payment.identifier.namestringMandatoryAdditional payment info name
payment.identifier.valuestringMandatoryAdditional payment info value
payment.request_idstringMandatoryRequest ID sent on merchant's request header
payment.authorize_idstringMandatoryAuthorize ID for authorize transaction. Mandatory if payment.type is AUTHORIZE
payment.response_codestringMandatoryReponse code generated by DOKU / Acquirer
payment.response_messagestringMandatoryResponse message generated by DOKU / Acquirer
payment.statusstringMandatoryPayment status
Possible value: SUCCESS, FAILED, PENDING
payment.ecistringMandatoryECI for this transaction
payment.approval_codestringOptionalApproval code for success transaction generated by acquirer
three_dsecure.authentication_idstringMandatorySame as the request
card.maskedstringOptionalCard masked number
card.typestringMandatoryCard type
Possible value: CREDIT, DEBIT
card.issuerstringMandatoryCard issuer
card.brandstringMandatoryPrincipal brand
VISA, MASTER, JCB, AMEX
card.tokenstringOptionalCard token generated by DOKU if card.save is true

DOKU will also send the HTTP Notification with the payment.authorize_id to your defined Notification URL.


4. Hit API Capture

After you get the payment.authorize_id, then your backend must trigger the API Charge to DOKU:

API Request

TypeValue
HTTP MethodPOST
API endpoint (Sandbox)https://api-sandbox.doku.com/credit-card/capture
API endpoint (Production)https://api.doku.com/credit-card/capture

Here is the sample of request header to capture the transaction:

Client-Id: MCH-0001-10791114622547
Request-Id: 071a6a32-6785-4011-833d-d2c2049cf744
Request-Timestamp: 2021-08-24T08:46:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
Request Header Explanation
ParameterDescription
Client-IdClient ID retrieved from DOKU Back Office
Request-IdUnique random string (max 128 characters) generated from merchant side to protect duplicate request
Request-TimestampTimestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z
SignatureSecurity parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature

Here is the sample request body to capture the transaction:

{
"payment": {
"authorize_id": "12312391719112",
"capture_amount": 90000
}
}
Request Body Explanation
ParameterTypeMandatoryDescription
payment.authorize_idstringMandatoryAuthorize ID from the Charge API Response / HTTP Notification
payment.capture_amountstringOptionalThe value of transactions which will be paid by the customer. If undefined, capture full transaction.

API Response

After hitting the above API request, DOKU will give the response.

TypeValue
HTTP Status200
ResultSUCCESS

Here is the sample response header:

Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
Response Header Explanation
ParameterDescription
Client-IdSame as the request
Request-IdSame as the request
Response-TimestampTimestamp Response on UTC with format ISO8601 UTC+0 from DOKU
SignatureSignature generated by DOKU based on the response body

Here is the sample of response body:

{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000
},
"customer": {
"id": "CUST-0001"
},
"payment": {
"type": "CAPTURE",
"identifier": [
{
"name": "Acquirer",
"value": "Mandiri"
},
{
"name": "MID",
"value": "71003372992"
},
{
"name": "TID",
"value": "73120903"
}
],
"request_id": "20201026193843836",
"authorize_id": "12312391719112",
"response_code": "01",
"response_message": "sukses transaksi",
"eci": "",
"status": "SUCCESS",
"approval_code": "123123"
},
"three_dsecure": {
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
},
"card": {
"masked": "557338*******101",
"type": "CREDIT",
"issuer": "Bank Mandiri",
"brand": "MASTER",
"token": "243591d7e49f45109961581718c3ef82"
}
}
Response Body Explanation
ParameterTypeMandatoryDescription
`order.invoice_numberstringMandatorySame as the request
order.amountnumberMandatorySame as the request
customer.idstringOptionalSame as the request
payment.typestringMandatorySame as the request
payment.identifier.namestringMandatoryAdditional payment info name
payment.identifier.valuestringMandatoryAdditional payment info value
payment.request_idstringMandatoryRequest ID sent on merchant's request header
payment.authorize_idstringMandatoryAuthorize ID for authorize transaction. Mandatory if payment.type is AUTHORIZE
payment.response_codestringMandatoryReponse code generated by DOKU / Acquirer
payment.response_messagestringMandatoryResponse message generated by DOKU / Acquirer
payment.statusstringMandatoryPayment status
Possible value: SUCCESS, FAILED, PENDING
payment.ecistringMandatoryECI for this transaction
payment.approval_codestringOptionalApproval code for success transaction generated by acquirer
three_dsecure.authentication_idstringMandatorySame as the request
card.maskedstringOptionalCard masked number
card.typestringMandatoryCard type
Possible value: CREDIT, DEBIT
card.issuerstringMandatoryCard issuer
card.brandstringMandatoryPrincipal brand
VISA, MASTER, JCB, AMEX
card.tokenstringOptionalCard token generated by DOKU if card.save is true

5. Acknowledge payment result

After the payment is being made by your customer, DOKU will send HTTP Notification to your defined Notification URL. Learn how to handle the notification from DOKU:

List of Error Code

If something happens, you can see the following error code to find out what error is happening :

APIError messageError CodeHTTP Status CodeExplanation
Check-three-d-secureInvalid Client-Idinvalid_client_id400Invalid Client ID
Check-three-d-secureHeader Client-Id is requiredinvalid_header_request400empty client id
Check-three-d-secureInvalid Header Signatureinvalid_signature400Payment charge with invalid signature
Check-three-d-secureInvalid CC Number LENGTHINVALID_PARAMETER400Invalid CC Number LENGTH
Check-three-d-secureLuhn ValidationINVALID_PARAMETER400Card number not valid
Check-three-d-secureExpiry Date ValidationINVALID_PARAMETER 400Invalid expiry date 2525
Check-three-d-secureThis field is required.,This merchant does not have three d secure configurationINVALID_PARAMETER400invalid configuration / haven't 3ds mid
Check-three-d-secureThis card is not support three d secureTHREE_D_SECURE_AUTHENTICATION_FAILED400card not support 3ds / cannot connect to mpi
ChargeInvalid Client-Idinvalid_client_id400Invalid Client ID
Chargeempty client idinvalid_header_request400empty client id
Chargesize must be between 1 and 128invalid_header_request400Payment charge with client id length more than max
ChargeInvalid format Header Request-Timestampinvalid_header_request400Payment charge with invalid format request timestamp
ChargeHeader Request-Timestamp is not in +- 10 second of nowinvalid_header_request400Payment charge with request timestamp < now
ChargeHeader Request-Timestamp is not in +- 10 second of nowinvalid_header_request400Payment charge with request timestamp > now
ChargeInvalid Header Signatureinvalid_signature400Payment charge with invalid signature
ChargeInvalid Header Signatureinvalid_signature400Payment charge using signature has been used
ChargeInvalid Format EmailINVALID_PARAMETER400Payment charge with invalid format email
ChargeInvalid amountINVALID_PARAMETER400Payment charge with amount contain comma
ChargeInvalid amountINVALID_PARAMETER400Payment charge with amount contain dot
ChargeExpiry Date ValidationINVALID_PARAMETER400Payment charge with format expiry is YYMM
ChargeExpiry Date ValidationINVALID_PARAMETER400Payment charge with expiry date is expired
ChargeInvalid AuthenticationId.INVALID_PARAMETER400invalid authentication_id
ChargeCountry Is Not ExistsINVALID_PARAMETER400Payment charge with invalid country
ChargeInvalid CC Number LENGTHINVALID_PARAMETER400Invalid CC Number LENGTH
ChargeLuhn ValidationINVALID_PARAMETER400Card number not valid
ChargeREQUEST ID IS NOT VALIDINVALID_PARAMETER400Payment charge with request id has been used for transaction
ChargeUnauthorized TransactionMID_TID_NOT_EXIST 400Payment charge sale using card rejected
ChargeInvalid Authentication IdINVALID_PARAMETER400Invalid Authentication Id
ChargeInvalid Authentication IdINVALID_PARAMETER400Different amount check 3ds & charge
ChargeInvalid Authentication IdINVALID_PARAMETER400Three D Secure Process Not Yet Done (Not yet send OTP)
ChargeLine item 1 quantity must be not emptyINVALID_PARAMETER400Invalid line item (quantity is null)
ChargeYour transaction is detected to be concurrent, please create another transactionDOUBLE_REQUEST_DETECTED400Concurent Request
ChargeConflictINVALID_PARAMETER409duplicate request with same request body
ChargePrecondition failedINVALID_PARAMETER412duplicate request with different request body
CaptureInvalid Client-Idinvalid_client_id400Invalid Client ID
CaptureHeader Client-Id is requiredinvalid_header_request400empty client id
CaptureInvalid Header Signatureinvalid_signature 400Payment charge with invalid signature
CaptureAuthorize Id Must Not Be BlankINVALID_PARAMETER400authorize_id is null
CaptureFailed Get TransactionTRANSACTION_NOT_FOUND400Invalid authorize_id
CaptureConflictINVALID_PARAMETER409duplicate request with same request body
CapturePrecondition failedINVALID_PARAMETER412duplicate request with different request body