credit-card-api-charge-sale
After the customer is redirected to the 3DS success page, then your backend must trigger the API Charge to DOKU:
API Request
| Type | Value |
|---|---|
| HTTP Method | POST |
| API endpoint (Sandbox) | https://api-sandbox.doku.com/credit-card/charge |
| API endpoint (Production) | https://api.doku.com/credit-card/charge |
Here is the sample of request header to charge the transaction:
Client-Id: MCH-0001-10791114622547
Request-Id: b154c582-4501-436a-8012-0346f2a46b47
Request-Timestamp: 2021-08-24T08:46:42Z
Signature: HMACSHA256=9UPUFzOqJc47aJzD9ESOTcWg6TMsg3mqSP+DnUO8ENE=
Request Header Explanation
| Parameter | Description |
|---|---|
| Client-Id | Client ID retrieved from DOKU Back Office |
| Request-Id | Unique random string (max 128 characters) generated from merchant side to protect duplicate request |
| Request-Timestamp | Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z |
| Signature | Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature |
Here is the sample request body to charge the transaction:
{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000,
"line_items": [
{
"name": "T-Shirt Red",
"price": 30000,
"quantity": 2
},
{
"name": "Polo Navy",
"price": 30000,
"quantity": 1
}
]
},
"customer": {
"id": "CUST-0001",
"name": "Anton Budiman",
"email": "anton@example.com",
"phone": "6285694566147",
"address": "Menara Mulia Lantai 8",
"country": "ID"
},
"three_dsecure": {
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
},
"payment": {
"type": "SALE",
"tenor": "12",
"plan_id": "1232131"
},
"card": {
"token": "243591d7e49f45109961581718c3ef82",
"number": "5573381011111101",
"expiry": "1225",
"cvv": "123",
"save": true
}
}
Request Body Explanation
| Parameter | Type | Mandatory | Description |
|---|---|---|---|
order.amount | number | Mandatory | In IDR Currency and without decimal Allowed chars: numericMax length: 12 |
order.invoice_number | string | Mandatory | Generated by merchant to identify the order Allowed chars: alphabetic, numeric, special chars Max length: 64 |
order.line_items.name | string | Optional | Name of the product item Allowed chars: alphabetic, numeric, special charsMax Length: 255 |
order.line_items.price | number | Optional | Price of the product item. Total price and quantity must match with the order.amountAllowed chars: numericMax Length: 12 |
order.line_items.quantity | number | Optional | Quantity of the product item Allowed chars: numericMax Length: 4 |
customer.id | string | Conditional | Unique customer identifier generated by merchant. Mandatory if merchant wants to use tokenization feature. Allowed chars: alphabetic, numeric, special charsMax Length: 50 |
customer.name | string | Optional | Customer name Allowed chars: alphabeticMax Length: 255 |
customer.email | string | Optional | Customer email Allowed chars: alphabetic, numeric, special charsMax Length: 128 |
customer.phone | string | Optional | Customer phone number. Format: {calling_code}{phone_number}. Example: 6281122334455Allowed chars: numericMax Length: 16 |
customer.address | string | Optional | Customer address Allowed chars: alphabetic, numeric, special charsMax Length: 400 |
customer.country | string | Optional | 2 alphabetic country code ISO 3166-1 Allowed chars: alphabeticMin-max Length: 2 |
three_dsecure.authentication_id | string | Mandatory | After 3DS process success, customer will be redirected to this page |
payment.type | string | Mandatory | Payment type Possible value: SALE, MOTO, AUTHORIZE |
payment.tenor | string | Optional | Tenor for issuer that have installment feature with DOKU - For MOTO and SALE only |
payment.plan_id | string | Optional | Promotion ID from the bank for merchant |
card.token | string | Optional | Card token generated by DOKU, for 3ds transaction please bring three_dsecure.authentication_id only |
card.number | string | Mandatory | Card number, can be optional if you sent card.token |
card.expiry | string | Mandatory | Card expiry date, can be optional if you sent card.tokenFormat: MMYY |
card.cvv | string | Mandatory | Card CVV, Optional if payment.type is MOTO |
card.save | boolean | Optional | Set true if you want to force customer to save the card token for the next paymentPossible value: true, falseDefault value: false |
API Response
After hitting the above API request, DOKU will give the response.
| Type | Value |
|---|---|
| HTTP Status | 200 |
| Result | SUCCESS |
Here is the sample response header:
Client-Id: MCH-0001-10791114622547
Request-Id: b266c265-3d61-4708-9860-c0d5b9a98f8c
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
Response Header Explanation
| Parameter | Description |
|---|---|
| Client-Id | Same as the request |
| Request-Id | Same as the request |
| Response-Timestamp | Timestamp Response on UTC with format ISO8601 UTC+0 from DOKU |
| Signature | Signature generated by DOKU based on the response body |
Here is the sample of response body:
{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000
},
"customer": {
"id": "CUST-0001"
},
"payment": {
"type": "SALE",
"identifier": [
{
"name": "Acquirer",
"value": "Mandiri"
},
{
"name": "MID",
"value": "71003372992"
},
{
"name": "TID",
"value": "73120903"
}
],
"request_id": "20201026193843836",
"authorize_id": "",
"response_code": "01",
"response_message": "sukses transaksi",
"eci": "",
"status": "SUCCESS",
"approval_code": "123123"
},
"three_dsecure": {
"authentication_id": "eb7e72313b491cd73ea10c6354bc96900f08b3e50e66cf3df2fe29580d6ff84e"
},
"card": {
"masked": "557338*******101",
"type": "CREDIT",
"issuer": "Bank Mandiri",
"brand": "MASTER",
"token": "243591d7e49f45109961581718c3ef82"
}
}
Response Body Explanation
| Parameter | Type | Mandatory | Description |
|---|---|---|---|
order.invoice_number | string | Mandatory | Same as the request |
order.amount | number | Mandatory | Same as the request |
customer.id | string | Optional | Same as the request |
payment.type | string | Mandatory | Same as the request |
payment.identifier.name | string | Mandatory | Additional payment info name |
payment.identifier.value | string | Mandatory | Additional payment info value |
payment.request_id | string | Mandatory | Request ID sent on merchant's request header |
payment.authorize_id | string | Optional | Authorize ID for authorize transaction. Mandatory if payment.type is AUTHORIZE |
payment.response_code | string | Mandatory | Reponse code generated by DOKU / Acquirer |
payment.response_message | string | Mandatory | Response message generated by DOKU / Acquirer |
payment.status | string | Mandatory | Payment status Possible value: SUCCESS, FAILED, PENDING |
payment.eci | string | Mandatory | ECI for this transaction |
payment.approval_code | string | Optional | Approval code for success transaction generated by acquirer |
three_dsecure.authentication_id | string | Mandatory | Same as the request |
card.masked | string | Optional | Card masked number |
card.type | string | Mandatory | Card type Possible value: CREDIT, DEBIT |
card.issuer | string | Mandatory | Card issuer |
card.brand | string | Mandatory | Principal brandVISA, MASTER, JCB, AMEX |
card.token | string | Optional | Card token generated by DOKU if card.save is true |