Payment Page Integration
If you are non PCI DSS compliance, you can use this type of integration to ensure that the credit card data of the customer is securely process by DOKU.
Integration steps
Here is the overview of how to integrate with Credit Card channel:
- Generate payment URL (credit card payment page)
- Display payment URL (credit card payment page)
- Create test payment
- Acknowledge payment result
DOKU Direct - Credit Card Sequence Diagram
1. Generate payment URL (credit card payment page)
To generate payment URL, you will need to hit this API through your backend:
API Request
Type | Value |
---|---|
HTTP Method | POST |
API endpoint (Sandbox) | https://api-sandbox.doku.com/credit-card/v1/payment-page |
API endpoint (Production) | https://api.doku.com/credit-card/v1/payment-page |
Here is the sample of request header to generate payment URL:
Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Request-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
Request Header Explanation
Parameter | Description |
---|---|
Client-Id | Client ID retrieved from DOKU Back Office |
Request-Id | Unique random string (max 128 characters) generated from merchant side to protect duplicate request |
Request-Timestamp | Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z |
Signature | Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature |
Here is the sample request body to generate payment URL:
{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000,
"line_items": [
{
"name": "T-Shirt Red",
"price": 30000,
"quantity": 2
},
{
"name": "Polo Navy",
"price": 30000,
"quantity": 1
}
],
"callback_url": "https://merchant.com/success-url",
"failed_url": "https://merchant.com/failed-url",
"auto_redirect": false
},
"card": {
"token": "a55b8d8df709607d2a343778898f41d0",
"save": false
},
"customer": {
"id": "CUST-0001",
"name": "Anton Budiman",
"email": "anton@example.com",
"phone": "6285694566147",
"address": "Menara Mulia Lantai 8",
"country": "ID"
},
"payment": {
"type": "INSTALLMENT",
"acquirer":"BRI",
"tenor": 3
},
"override_configuration": {
"themes": {
"language": "EN",
"background_color": "F5F8FB",
"font_color": "1A1A1A",
"button_background_color": "E1251B",
"button_font_color": "FFFFFF"
},
"promo": [
{
"bin": "142498",
"discount_amount": 20000
},
{
"bin": "314498",
"discount_amount": 20000
},
{
"bin": "091234",
"discount_amount": 10000
},
{
"bin": "091234",
"discount_amount": 10000
}
],
"allow_bin": ["461700","410505","557338"],
"allow_tenor": [0,3,6]
},
"additional_info": {
"override_notification_url": "https://google.com",
"disclaimer" : {
"id" : "Testing",
"en" : "testing englis"
}
}
Request Body Explanation
Parameter | Type | Mandatory | Description |
---|---|---|---|
order.amount | number | Mandatory | In IDR Currency and without decimal Allowed chars: numeric Max length: 12 |
order.invoice_number | string | Mandatory | Generated by merchant to identify the order Allowed chars: alphabetic, numeric, special chars Max length: 64 |
order.callback_url | string | Conditional | Merchant URL that will redirected to after the order success. Mandatory if merchant set order.auto_redirect to true Allowed chars: alphabetic, numeric, special chars |
order.failed_url | string | Optional | Merchant URL that will redirected to after the order failed. If not set, then will redirect to callback_url Allowed chars: alphabetic, numeric, special chars |
order.auto_redirect | string | Mandatory | Redirection to defined callback_url after payment process completedPossible value: true, false Default value: false |
order.line_items.name | string | Optional | Name of the product item Allowed chars: alphabetic, numeric, special chars Max Length: 255 |
order.line_items.price | number | Optional | Price of the product item. Total price and quantity must match with the order.amount Allowed chars: numeric Max Length: 12 |
order.line_items.quantity | number | Optional | Quantity of the product item Allowed chars: numeric Max Length: 4 |
card.token | string | Optional | Card token generated by DOKU. If you sent this, then the customer credit card will be pre-filled. Allowed chars: alphabetic, numeric Max Length: 32 |
card.save | boolean | Optional | Set true if you want to force customer to save the card token for the next paymentPossible value: true, false Default value: false |
customer.id | string | Conditional | Unique customer identifier generated by merchant. Mandatory if merchant wants to use tokenization feature. Allowed chars: alphabetic, numeric, special chars Max Length: 50 |
customer.name | string | Optional | Customer name Allowed chars: alphabetic Max Length: 255 |
customer.email | string | Conditional | Customer email. Mandatory if customer phone value blank.Allowed chars: alphabetic, numeric, special chars Max Length: 128 |
customer.phone | string | Conditional | Customer phone number. Format: {calling_code}{phone_number} . Example: 6281122334455. Mandatory if customer email value blank.One of them must be filled in between customer email and customer phone Allowed chars: numeric Max Length: 16 |
customer.address | string | Optional | Customer address Allowed chars: alphabetic, numeric, special chars Max Length: 400 |
customer.country | string | Optional | 2 alphabetic country code ISO 3166-1 Allowed chars: alphabetic Min-max Length: 2 |
override_configuration.themes. language | string | Optional | Default language that will be displayed on the Payment Page Possible value: English EN , Indonesia ID Default: English EN |
override_configuration.themes. background_color | string | Optional | HEX color code for the payment page background color. Example: FFFFFF Default: Light gray F5F8FB |
override_configuration.themes. font_color | string | Optional | HEX color code for the payment page font color. Example: 000000 Default: Soft black 1A1A1A |
override_configuration.themes. button_background_color | string | Optional | HEX color code for the payment page button background color. Example: 000000 Default: Red E1251B |
override_configuration.themes. button_font_color | string | Optional | HEX color code for the payment page button font color. Example: FFFFFF Default: White FFFFFF |
override_configuration.promo[]. bin | string | Optional | BIN that will get the promo |
override_configuration.promo[]. discount_amount | number | Optional | Promo Discount if BIN input matched (final amount = order.amount - override_configuration.promo[].discount_amount ) |
override_configuration.allow_bin | number | Optional | Transaction only accept BIN listed here |
override_configuration.allow_tenor | number | Optional | Transaction only accept installment tenor listed here |
additionalinfo.override_notification_url | string | Optional | If you wish to use different notification url instead of the one configured in configuration page, bring this value |
additionalinfo.disclaimer | object | Optional | Bring this if you want to customer to opt-in payment disclaimer |
additionalinfo.disclaimer.id | object | Optional | disclaimer message in Indonesian |
additionalinfo.disclaimer.en | object | Optional | disclaimer message in English(default) |
payment.type | string | Conditional | Bring this if you have more than 1 type of credit card payment type to specify how you want this transaction to be processed (Possible Values : INSTALLMENT , AUTHORIZE , SALE ) |
payment.acquirer | string | Conditional | Becomes mandatory if transaction type is INSTALLMENT , to specify to which acquirer you want this transaction to be processed to (Possible Values: BNI , BRI , BANK_CIMB , BANK_MANDIRI , BCA ) |
payment.tenor | number | Conditional | Becomes mandatory if transaction type is INSTALLMENT , to specify which tenor you want this transaction to be processed with |
API Response
After hitting the above API request, DOKU will give the response.
Type | Value |
---|---|
HTTP Status | 200 |
Result | SUCCESS |
Here is the sample response header:
Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
Response Header Explanation
Parameter | Description |
---|---|
Client-Id | Same as the request |
Request-Id | Same as the request |
Response-Timestamp | Timestamp Response on UTC with format ISO8601 UTC+0 from DOKU |
Signature | Signature generated by DOKU based on the response body |
Here is the sample of response body:
{
"order": {
"invoice_number": "INV-20210118-0001",
"line_items": [
{
"name": "T-Shirt Red",
"price": 30000,
"quantity": 2
},
{
"name": "Polo Navy",
"price": 30000,
"quantity": 1
}
],
"session_id": "0000231223"
},
"credit_card_payment_page": {
"url": "https://sandbox.doku.com/wt-frontend-transaction/dynamic-payment-page?signature=OVVQVUZ6T3FKYzQ3YUp6RDlFU09UY1dnNlRNc2czbXFTUCtEblVPOEVORT0=&clientId=MCH-0001-10791114622547&invoiceNumber=INV-20210118-0001&requestId=8quQyK39l4aM5cCml0Yy"
}
}
Response Body Explanation
Parameter | Type | Mandatory | Description |
---|---|---|---|
order.invoice_number | string | Mandatory | Same as the request |
order.line_items.name | string | Optional | Same as the request |
order.line_items.price | number | Optional | Same as the request |
order.line_items.quantity | number | Optional | Same as the request |
order.session_id | number | Optional | Transaction session id |
credit_card_payment_page.url | string | Mandatory | Credit Card Payment Page URL generated by DOKU that merchant displays to the customer |
info
DOKU provide risk assesment for Credit Card transaction, your customer data sent to us will help manage your risk of every transaction.
2. Display payment URL (credit card payment page)
You can display payment URL as an iFrame or as a dedicated page to your customer by using credit_card_payment_page.url
that you retrieved from API Response. Here is the sample of Credit Card on the iFrame:
3. Creating Test Payment
You can try the payment with various credit card listed here:
4. Acknowledge payment result
After the payment is being made by your customer, DOKU will send HTTP Notification to your defined Notification URL
. Learn how to handle the notification from DOKU:
Additional features
We provide various additional features to suited your needs. Learn more here.
Authorize-Capture
After you get the payment.authorize_id
, then your backend must trigger the API Charge to DOKU:
API Request
Type | Value |
---|---|
HTTP Method | POST |
API endpoint (Sandbox) | https://api-sandbox.doku.com/credit-card/capture |
API endpoint (Production) | https://api.doku.com/credit-card/capture |
Here is the sample of request header to capture the transaction:
Client-Id: MCH-0001-10791114622547
Request-Id: 071a6a32-6785-4011-833d-d2c2049cf744
Request-Timestamp: 2021-08-24T08:46:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
Request Header Explanation
Parameter | Description |
---|---|
Client-Id | Client ID retrieved from DOKU Back Office |
Request-Id | Unique random string (max 128 characters) generated from merchant side to protect duplicate request |
Request-Timestamp | Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z |
Signature | Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature |
Here is the sample request body to capture the transaction:
{
"payment": {
"authorize_id": "12312391719112",
"capture_amount": 90000
}
}
Request Body Explanation
Parameter | Type | Mandatory | Description |
---|---|---|---|
payment.authorize_id | string | Mandatory | Authorize ID from the Charge API Response / HTTP Notification |
payment.capture_amount | string | Optional | The value of transactions which will be paid by the customer. If undefined, capture full transaction. |
API Response
After hitting the above API request, DOKU will give the response.
Type | Value |
---|---|
HTTP Status | 200 |
Result | SUCCESS |
Here is the sample response header:
Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
Response Header Explanation
Parameter | Description |
---|---|
Client-Id | Same as the request |
Request-Id | Same as the request |
Response-Timestamp | Timestamp Response on UTC with format ISO8601 UTC+0 from DOKU |
Signature | Signature generated by DOKU based on the response body |
Here is the sample of response body:
{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000
},
"customer": {
"id": "CUST-0001"
},
"payment": {
"type": "CAPTURE",
"identifier": [
{
"name": "Acquirer",
"value": "Mandiri"
},
{
"name": "MID",
"value": "71003372992"
},
{
"name": "TID",
"value": "73120903"
}
],
"request_id": "20201026193843836",
"authorize_id": "12312391719112",
"response_code": "01",
"response_message": "sukses transaksi",
"eci": "",
"status": "SUCCESS",
"approval_code": "123123"
},
"three_dsecure": {
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
},
"card": {
"masked": "557338*******101",
"type": "CREDIT",
"issuer": "Bank Mandiri",
"brand": "MASTER",
"token": "243591d7e49f45109961581718c3ef82"
}
}
Response Body Explanation
Parameter | Type | Mandatory | Description |
---|---|---|---|
`order.invoice_number | string | Mandatory | Same as the request |
order.amount | number | Mandatory | Same as the request |
customer.id | string | Optional | Same as the request |
payment.type | string | Mandatory | Same as the request |
payment.identifier.name | string | Mandatory | Additional payment info name |
payment.identifier.value | string | Mandatory | Additional payment info value |
payment.request_id | string | Mandatory | Request ID sent on merchant's request header |
payment.authorize_id | string | Mandatory | Authorize ID for authorize transaction. Mandatory if payment.type is AUTHORIZE |
payment.response_code | string | Mandatory | Reponse code generated by DOKU / Acquirer |
payment.response_message | string | Mandatory | Response message generated by DOKU / Acquirer |
payment.status | string | Mandatory | Payment status Possible value: SUCCESS, FAILED, PENDING |
payment.eci | string | Mandatory | ECI for this transaction |
payment.approval_code | string | Optional | Approval code for success transaction generated by acquirer |
three_dsecure.authentication_id | string | Mandatory | Same as the request |
card.masked | string | Optional | Card masked number |
card.type | string | Mandatory | Card type Possible value: CREDIT, DEBIT |
card.issuer | string | Mandatory | Card issuer |
card.brand | string | Mandatory | Principal brandVISA, MASTER, JCB, AMEX |
card.token | string | Optional | Card token generated by DOKU if card.save is true |
Online Refund
You can request void or refund using this API.
Requirements
- If you are using Credit Card Aggregator service, you can process Void or Refund.
- If you are using Credit Card Direct service, please consult with your acquiring bank to learn more whether your credential (MID) supports refund or not.
To request a refund, you will need to hit this API through your backend:
API Request
Type | Value |
---|---|
HTTP Method | POST |
API endpoint (Sandbox) | https://api-sandbox.doku.com/cancellation/credit-card/refund |
API endpoint (Production) | https://api.doku.com/cancellation/credit-card/refund |
Here is the sample of request header to generate payment URL:
Client-Id: MCH-0001-10791114622547
Request-Id: 6cc9f8b1-d83d-4c24-b853-a3223f43a744
Request-Timestamp: 2020-08-12T09:45:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
Request Header Explanation
Parameter | Description |
---|---|
Client-Id | Client ID retrieved from DOKU Back Office |
Request-Id | Unique random string (max 128 characters) generated from merchant side to protect duplicate request |
Request-Timestamp | Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z |
Signature | Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature |
Here is the sample request body to request a refund:
{
"order": {
"invoice_number": "INV-20210118-0001"
},
"payment": {
"original_request_id": "b266c265-3d61-4708-9860-c0d5b9a98f8c"
},
"refund": {
"amount": 90000
}
}
Request Body Explanation
Parameter | Type | Mandatory | Description |
---|---|---|---|
order.invoice_number | string | Mandatory | Invoice number of the transaction that being refunded |
payment.original_request_id | string | Mandatory | Request ID from payment initiation of the transaction that being refunded |
refund.amount | number | Mandatory | Transaction amount that wants to be refunded |
API Response
After hitting the above API request, DOKU will give the response.
Type | Value |
---|---|
HTTP Status | 200 |
Result | SUCCESS |
Here is the sample response header:
Client-Id: MCH-0001-10791114622547
Request-Id: 6cc9f8b1-d83d-4c24-b853-a3223f43a744
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
Response Header Explanation
Parameter | Description |
---|---|
Client-Id | Same as the request |
Request-Id | Same as the request |
Response-Timestamp | Timestamp Response on UTC with format ISO8601 UTC+0 from DOKU |
Signature | Signature generated by DOKU based on the response body |
Here is the sample of response body:
{
"order": {
"invoice_number": "INV-20210118-0001"
},
"payment": {
"original_request_id": "b266c265-3d61-4708-9860-c0d5b9a98f8c"
},
"refund": {
"amount": 90000,
"type": "FULL_REFUND",
"status": "SUCCESS",
"message": "Approved",
"approval_code": "12321"
}
}
Response Body Explanation
Parameter | Type | Mandatory | Description |
---|---|---|---|
order.invoice_number | string | Mandatory | Same as the request |
payment.original_request_id | string | Mandatory | Same as the request |
refund.amount | number | Mandatory | Same as the request |
refund.type | string | Mandatory | Refund type based on the transaction Possible value: VOID, PARTIAL_REFUND, FULL_REFUND |
refund.status | string | Mandatory | Refund status Possible value: SUCCESS, FAILED |
refund.message | string | Optional | Refund message description |
refund.approval_code | string | Optional | Acquiring approval code for the refund transaction if the refund.status = SUCCESS |
List Of Error Code
API | Error message | Error Code | HTTP Status Code | Explanation |
---|---|---|---|---|
Refund | Invalid Client-Id | invalid_client_id | 400 | Invalid Client ID |
Refund | Header Client-Id is required | invalid_header_request | 400 | empty client id |
Refund | Invalid Header Signature | invalid_signature | 400 | Payment charge with invalid signature |
Refund | No Original Transaction Available | TRANSACTION_NOT_FOUND | 400 | Invalid original request id, invoice number |
Refund | Void Transaction Must Be Full Amount | PAYMENT_FAILED | 400 | partial void |
Refund | Total Refund amount is Bigger than Original Transaction | PAYMENT_FAILED | 400 | refund bigger than original transaction |
Refund Type
- VOID: If the funds has not settled to your bank account. The
refund.amount
must equal toorder.amount
, otherwise will fail - PARTIAL_REFUND: If the funds has settled to your bank account, and the
refund.amount
is less thanorder.amount
- FULL_REFUND: If the funds has settled to your bank account, and the
refund.amount
is equal toorder.amount
Installment
Installment on us
BCA, Bank Mandiri, BNI only allows for on us installment. You must request MID installment from each respective acquirers.
If you have MID installment from BRI, you can also configure it here.
You can activate installment features on Credit Card Configuration Page to let your customers pay in terms, you will receive full payment ahead and issuer Bank will charge the customer each month depending on tenor and amount of the transaction.
There are minimal transactions amount for each installment (depending on the issuer) and you can see the details in the installment configuration page.
Testing Installment Payment
If you wish to try installment, make sure that you specific bank dummy credit card presented here and make sure that your transaction amount is equal to more than the minimum transaction required
Tokenization
Want to make your checkout experience faster? You can combine this integration with the Tokenization, so the next time your customer purchase, they don't need to input the credit card anymore.
Unbind Token
If you want to unbind the token, you can use the delete tokenization API below :
API Request
Type | Value |
---|---|
HTTP Method | POST |
API endpoint (Sandbox) | https://api-sandbox.doku.com/credit-card/delete-tokenization |
API endpoint (Production) | https://api.doku.com/credit-card/delete-tokenization |
Here is the sample of request header to capture the transaction:
Client-Id: MCH-0001-10791114622547
Request-Id: 071a6a32-6785-4011-833d-d2c2049cf744
Request-Timestamp: 2021-08-24T08:46:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
Request Header Explanation
Parameter | Description |
---|---|
Client-Id | Client ID retrieved from DOKU Back Office |
Request-Id | Unique random string (max 128 characters) generated from merchant side to protect duplicate request |
Request-Timestamp | Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z |
Signature | Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature |
Here is the sample request body to unbind the token:
{
"token_id": "0d97e7860952b5b99c63aaed06ca945620f4787d8b07a750a83dffb3413bf16a",
"customer_id": "000000001"
}
Request Body Explanation
Parameter | Type | Mandatory | Description |
---|---|---|---|
token_id | string | Mandatory | Token ID that want to unbind or delete |
customer_id | string | Optional | The value of Customer ID from API Tokenization |
API Response
After hitting the above API request, DOKU will give the response.
Type | Value |
---|---|
HTTP Status | 200 |
Result | SUCCESS |
Here is the sample response header:
Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
Response Header Explanation
Parameter | Description |
---|---|
Client-Id | Same as the request |
Request-Id | Same as the request |
Response-Timestamp | Timestamp Response on UTC with format ISO8601 UTC+0 from DOKU |
Signature | Signature generated by DOKU based on the response body |
Here is the sample of response body:
{
"status": "DELETE SUCCESS"
}
Response Body Explanation
Parameter | Type | Mandatory | Description |
---|---|---|---|
status | string | Mandatory | Delete Process Status Possible Value: DELETE SUCCESS or DELETE FAILED |
info
To make sure the token already unbinded, you can hit API Get token List.
Split Settlement
If you are a platform or a marketplace, you can use this feature to settle the funds to your sellers or partners programmatically, save many operational efforts.
What's next?
Make a test payment in the Sandbox environment using the dummy credit card that we have prepared to ensure that your application has been successfully integrated.