3ds-authentication-section
To get 3DS authentication, you will need to hit this API through your backend:
API Request
| Type | Value |
|---|---|
| HTTP Method | POST |
| API endpoint (Sandbox) | https://api-sandbox.doku.com/credit-card/check-three-d-secure |
| API endpoint (Production) | https://api.doku.com/credit-card/check-three-d-secure |
Here is the sample of request header to get 3DS authentication:
Client-Id: MCH-0001-10791114622547
Request-Id: 6d0bffbd-9246-455e-a1f1-44c1f76ad589
Request-Timestamp: 2021-08-24T08:45:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
Request Header Explanation
| Parameter | Description |
|---|---|
| Client-Id | Client ID retrieved from DOKU Back Office |
| Request-Id | Unique random string (max 128 characters) generated from merchant side to protect duplicate request |
| Request-Timestamp | Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z |
| Signature | Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature |
Here is the sample request body to get 3DS authentication:
{
"order": {
"amount": 90000
},
"card": {
"token": "243591d7e49f45109961581718c3ef82",
"number": "5573381011111101",
"expiry": "1225"
},
"three_dsecure": {
"callback_url_success": "https://www.merchant.com/success",
"callback_url_failed": "https://www.merchant.com/failed"
}
}
Request Body Explanation
| Parameter | Type | Mandatory | Description |
|---|---|---|---|
order.amount | number | Mandatory | In IDR Currency and without decimal Allowed chars: numericMax length: 12 |
card.token | string | Optional | Card token generated by DOKU, can be used if you already activate tokenization |
card.number | string | Mandatory | Card number, can be optional if you sent card.token |
card.expiry | string | Mandatory | Card expiry date, can be optional if you sent card.tokenFormat: MMYY |
three_dsecure.callback_url_success | string | Mandatory | After 3DS process success, customer will be redirected to this page |
three_dsecure.callback_url_failed | string | Mandatory | After 3DS process success, customer will be redirected to this page |
API Response
After hitting the above API request, DOKU will give the response.
| Type | Value |
|---|---|
| HTTP Status | 200 |
| Result | SUCCESS |
Here is the sample response header:
Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
Response Header Explanation
| Parameter | Description |
|---|---|
| Client-Id | Same as the request |
| Request-Id | Same as the request |
| Response-Timestamp | Timestamp Response on UTC with format ISO8601 UTC+0 from DOKU |
| Signature | Signature generated by DOKU based on the response body |
Here is the sample of response body:
{
"order": {
"amount": 90000
},
"three_dsecure": {
"enrollment_status": true,
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e",
"authentication_url": "https://doku.3ds.com?authenticationId=eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
}
}
Response Body Explanation
| Parameter | Type | Mandatory | Description |
|---|---|---|---|
order.amount | number | Mandatory | Same as the request |
three_dsecure.enrollment_status | boolean | Mandatory | Card 3D Secure enrollment status Possible value: true, false |
three_dsecure.authentication_id | string | Mandatory | 3DS process ID to use on API Charge |
three_dsecure.authentication_url | string | Optional | 3DS page if the three_dsecure.enrollment_status is true |