bri-direct-debit-validate-create-payment-sample
Maximum Retry OTP is 5 times
The customer only have 5 times maximum for retrying the OTP if the OTP they input is invalid. After that, the card will temporary blocked by the BRI for 24 hours.
Now the payment is created but the status is PENDING. BRI will send the OTP to the customers and you will need to provide the form to let the customer input the OTP.
To validate the OTP, you will need to hit this API through your Backend:
API Request
| Type | Value |
|---|---|
| HTTP Method | POST |
| API endpoint (Sandbox) | https://api-sandbox.doku.com/direct-debit/v1/payment/validate |
| API endpoint (Production) | https://api.doku.com/direct-debit/v1/payment/validate |
Here is the sample of request header to validate the OTP:
Client-Id: MCH-0001-10791114622547
Request-Id: bce963fc-bb93-4ef2-948a-7838044b537e
Request-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=vl9DBTX5KhEiXmnpOD0TSm8PYQknuHPdyHSTSc3W6Ps=
Request Header Explanation
| Parameter | Description |
|---|---|
| Client-Id | Client ID retrieved from DOKU Back Office |
| Request-Id | Unique random string (max 128 characters) generated from merchant side to protect duplicate request |
| Request-Timestamp | Timestamp request on UTC time in ISO8601 UTC+0 format. It means to proceed transaction on UTC+7 (WIB), merchant need to subtract time with 7. Ex: to proceed transaction on September 22th 2020 at 08:51:00 WIB, the timestamp should be 2020-09-22T01:51:00Z |
| Signature | Security parameter that needs to be generated on merchant Backend and placed to the header request to ensure that the request is coming from valid merchant. Please refer to this section to generate the signature |
Here is the sample of request body to validate the OTP:
{
"payment":{
"token": "kSooS93xUk6kJu9VuH33ec5QjlYxoNDEc+AfnoZYaB0=",
"otp": "999999"
}
}
Request Body Explanation
| Parameter | Type | Mandatory | Description |
|---|---|---|---|
debit_card.token | string | Mandatory | The token that generated by DOKU for the transaction Max length: 128 |
debit_card.otp | string | Mandatory | The Payment OTP that sent by the BRI to the customer Max length: 6 |
API Response
After hitting the above API request, DOKU will give the response.
| Type | Value |
|---|---|
| HTTP Status | 200 |
| Result | SUCCESS |
Here is the sample response header:
Client-Id: MCH-0001-10791114622547
Request-Id: bce963fc-bb93-4ef2-948a-7838044b537e
Response-Timestamp: 2020-08-11T08:45:42Z
Signature: HMACSHA256=1jap2tpgvWt83tG4J7IhEwUrwmMt71OaIk0oL0e6sPM=
Response Header Explanation
| Parameter | Description |
|---|---|
| Client-Id | Same as the request |
| Request-Id | Same as the request |
| Response-Timestamp | Timestamp Response on UTC with format ISO8601 UTC+0 from DOKU |
| Signature | Signature generated by DOKU based on the response body |
Here is the sample of response body:
{
"order": {
"invoice_number": "INV-20210118-0001",
"amount": 90000,
"line_items": [
{
"name": "T-Shirt Red",
"price": 30000,
"quantity": 2
},
{
"name": "Polo Navy",
"price": 30000,
"quantity": 1
}
]
},
"payment": {
"token": "kSooS93xUk6kJu9VuH33ec5QjlYxoNDEc+AfnoZYaB0=",
"status": "SUCCESS"
},
"customer": {
"id": "CUST-0001",
"name": "Anton Budiman",
"email": "anton@example.com",
"phone": "6285694566147",
"address": "Menara Mulia Lantai 8",
"country": "ID",
"id_card": "182918299187776",
"date_of_birth": "15-12-1996"
}
}
Response Body Explanation
| Parameter | Type | Mandatory | Description |
|---|---|---|---|
customer.id | string | Mandatory | Same as the request |
customer.name | string | Optional | Same as the request |
customer.email | string | Optional | Same as the request |
customer.phone | string | Optional | Same as the request |
customer.address | string | Optional | Same as the request |
customer.country | string | Optional | Same as the request |
customer.id_card | string | Optional | Same as the request |
customer.date_of_birth | string | Optional | Same as the request |
order.amount | number | Mandatory | Same as the request |
order.invoice_number | string | Mandatory | Same as the request |
order.line_items.name | string | Optional | Same as the request |
order.line_items.price | number | Optional | Same as the request |
order.line_items.quantity | number | Optional | Same as the request |
payment.token | string | Mandatory | Same as the request |
payment.status | string | Mandatory | Payment status. In this state, it should be SUCCESS or FAILED |